1. Cross-site scripting (reflected)
4. Cross-domain script include
Severity: | High |
Confidence: | Certain |
Host: | http://www.dailyfinance |
Path: | /quotes/linear-technology |
GET /quotes/linear-technology Host: www.dailyfinance.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Tue, 16 Nov 2010 16:46:52 GMT Server: Apache Pragma: no-cache Cache-Control: no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:52 GMT; Path=/ Content-Language: en Content-Length: 60046 Keep-Alive: timeout=5, max=899 Connection: Keep-Alive Content-Type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> <title>Quote, News & Summar ...[SNIP]... <input value="LLTCA39F1"><SCRIPT>ALERT(1)< ...[SNIP]... |
Severity: | High |
Confidence: | Firm |
Host: | http://www.dailyfinance |
Path: | /quotes/linear-technology |
GET /quotes/linear-technology Host: www.dailyfinance.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Tue, 16 Nov 2010 16:46:53 GMT Server: Apache Pragma: no-cache Cache-Control: no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:53 GMT; Path=/ Content-Language: en Content-Length: 59904 Keep-Alive: timeout=5, max=992 Connection: Keep-Alive Content-Type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> <title>Quote, News & Summar ...[SNIP]... <!-- var relegenceTopics='LLTC39F79';E55CA221AD'; var RTN_SNIPPET_SIZE = '300'; var RTN_HOVER_TIMEOUT = '16000'; // --> ...[SNIP]... |
Severity: | Low |
Confidence: | Tentative |
Host: | http://www.dailyfinance |
Path: | /quotes/linear-technology |
GET /quotes/linear-technology Host: www.dailyfinance.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Tue, 16 Nov 2010 16:46:41 GMT Server: Apache Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:41 GMT; Path=/ Pragma: no-cache Cache-Control: no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:41 GMT; Path=/ Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:41 GMT; Path=/ Content-Language: en Content-Length: 176464 Keep-Alive: timeout=5, max=991 Connection: Keep-Alive Content-Type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> <title>LLTC: LINEAR TECHNOL ...[SNIP]... <!-- <% String clientid=f.r("sl.client String channelid=f.r("sl.channel String squery=Utils.sponsor %> --> ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.dailyfinance |
Path: | /quotes/linear-technology |
GET /quotes/linear-technology Host: www.dailyfinance.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Tue, 16 Nov 2010 16:46:41 GMT Server: Apache Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:41 GMT; Path=/ Pragma: no-cache Cache-Control: no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:41 GMT; Path=/ Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:41 GMT; Path=/ Content-Language: en Content-Length: 176464 Keep-Alive: timeout=5, max=991 Connection: Keep-Alive Content-Type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> <title>LLTC: LINEAR TECHNOL ...[SNIP]... <ul id="GH_dualsearchbox" class="GH_hat_UL"><form action="http://search.aol <input type="text" onblur="javascript:if ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.dailyfinance |
Path: | /quotes/linear-technology |
GET /quotes/linear-technology Host: www.dailyfinance.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Tue, 16 Nov 2010 16:46:41 GMT Server: Apache Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:41 GMT; Path=/ Pragma: no-cache Cache-Control: no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:41 GMT; Path=/ Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:41 GMT; Path=/ Content-Language: en Content-Length: 176464 Keep-Alive: timeout=5, max=991 Connection: Keep-Alive Content-Type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> <title>LLTC: LINEAR TECHNOL ...[SNIP]... <link rel="canonical" href="/quotes/linear <script language="javascript1.1" src="http://o.aolcdn.com ...[SNIP]... <body class="module" id="quotetest.page" > <script type="text/javascript" src="http://o.aolcdn.com <script type="text/javascript" src="http://cta.aol.com <script src="http://o.aolcdn.com ...[SNIP]... </style> <script type="text/javascript" src="http://o.aolcdn.com <script type="text/javascript" src="http://o.aolcdn.com ...[SNIP]... </script> <script language="JavaScript" src="http://js.adsonar ...[SNIP]... </script> <script language="JavaScript" src="http://js.adsonar ...[SNIP]... </div> <script language="Javascript1.1" SRC="http://o.aolcdn.com ...[SNIP]... |
Severity: | Information |
Confidence: | Certain |
Host: | http://www.dailyfinance |
Path: | /quotes/linear-technology |
GET /quotes/linear-technology Host: www.dailyfinance.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close |
HTTP/1.1 200 OK Date: Tue, 16 Nov 2010 16:46:41 GMT Server: Apache Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:41 GMT; Path=/ Pragma: no-cache Cache-Control: no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:41 GMT; Path=/ Set-Cookie: IPHONE_MESSAGE=2; Expires=Mon, 14-Feb-2011 16:46:41 GMT; Path=/ Content-Language: en Content-Length: 176464 Keep-Alive: timeout=5, max=991 Connection: Keep-Alive Content-Type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR <html xmlns="http://www.w3.org <head> <title>LLTC: LINEAR TECHNOL ...[SNIP]... <a href="mailto:MoneyComments@aol.com"> ...[SNIP]... |